27 replies to this topic

[paulo34]

I've tried running RGSA.exe 3 times and I get the message 'unable to access the file'

Ive tried it as administrator too.

I ran mbam a few weeks ago and it came up with windows7.exe as a trojan.

Then I followed someone else's instructions about the same topic on this forum to clean the computer,

using JRT, adwcleaner and another programme Ive forgotten. This improved things for a while but Im back to a slow computer again now.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/08/2016
Scan Time: 11:37
Logfile: mbam results.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.08.10.05
Rootkit Database: v2016.08.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Bob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316263
Time Elapsed: 1 hr, 40 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update neurowise, , [cda060e9a2f840f694236b749d668b75],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util neurowise, , [df8eb3969dfd95a12d8a1bc4dd26cb35],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Agent, C:\ProgramData\juyymlje\juyymlje.exe, , [adc0c089544648ee58fe6cf48c757e82],
Trojan.Agent.BCM, C:\ProgramData\Windows 7\Windows 7.exe, , [91dcda6f4c4e4beb2626c7d2f60a35cb],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

[paulo34]

I forgot to say that I kept getting messages to say the computer was low on memory.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2016 01
Ran by Bob (administrator) on BOB-PC (10-08-2016 14:52:12)
Running from C:\Users\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob & DefaultAppPool)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-08-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1806728 2010-08-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-08] ()
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-12]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{47155BE4-9D85-43AA-A9B7-11F6EA08323E}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{A0CD25A4-30D7-44A4-B927-27B7737CD03B}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1072221561-3256289497-2671497516-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137
FF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Flash and Video Download - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-07-29]
FF Extension: Instagram for Firefox - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\Extensions\jid0-BumCY9dUzYckeJaH3JEeimjBpxM@jetpack.xpi [2016-07-23]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-05-05]
FF Extension: Adblock Plus - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADUServiceNSRT; C:\Program Files\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe [82568 2015-01-27] () [File not signed]
R2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [102400 2012-10-21] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [100744 2010-08-31] (ELAN Microelectronics Corp.)
S3 ManyCam; C:\windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R1 NNSALPC; C:\windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\windows\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\windows\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\windows\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\windows\System32\DRIVERS\NNSNAHSL.sys [50992 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\windows\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\windows\System32\DRIVERS\NNSPihsw.sys [65272 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\windows\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\windows\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\windows\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\windows\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\windows\System32\DRIVERS\PSINAflt.sys [140024 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\windows\System32\DRIVERS\PSINFile.sys [105208 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\windows\System32\DRIVERS\psinknc.sys [168696 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\windows\System32\DRIVERS\PSINProc.sys [113912 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\windows\System32\DRIVERS\PSINProt.sys [124664 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\windows\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
R3 PSKMAD; C:\windows\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 Ser2plx86; C:\windows\System32\DRIVERS\ser2pl.sys [134144 2013-02-22] (Prolific Technology Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-26] ()
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 clwvd7; system32\DRIVERS\clwvd7.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-10 14:52 - 2016-08-10 14:55 - 00014655 _____ C:\Users\Bob\Desktop\FRST.txt
2016-08-10 14:51 - 2016-08-10 14:52 - 00000000 ____D C:\FRST
2016-08-10 13:19 - 2016-08-10 13:19 - 00001467 _____ C:\Users\Bob\Desktop\mbam results.txt
2016-08-10 12:18 - 2016-08-10 12:18 - 00898560 _____ C:\Users\Bob\Desktop\RGSA.exe
2016-08-10 12:18 - 2016-08-10 12:18 - 00060058 _____ C:\Users\Bob\Downloads\Instructions for posting requested logs - Frequently Asked Questions - SpywareInfo Forum.htm
2016-08-10 12:18 - 2016-08-10 12:18 - 00000000 ____D C:\Users\Bob\Downloads\Instructions for posting requested logs - Frequently Asked Questions - SpywareInfo Forum_files
2016-08-10 12:16 - 2016-08-10 12:16 - 01743872 _____ (Farbar) C:\Users\Bob\Desktop\FRST.exe
2016-08-06 10:39 - 2016-08-06 10:39 - 00068965 _____ C:\Users\Bob\Documents\Special Tips For Restoration of Plastic Dolls.htm
2016-08-06 10:39 - 2016-08-06 10:39 - 00000000 ____D C:\Users\Bob\Documents\Special Tips For Restoration of Plastic Dolls_files
2016-08-03 12:31 - 2016-08-03 12:31 - 00000617 _____ C:\Users\Bob\Documents\to maria.txt
2016-08-02 11:39 - 2016-08-02 13:22 - 00002905 _____ C:\Users\Bob\Documents\marias email.txt
2016-07-29 12:16 - 2016-08-09 14:33 - 00000000 ____D C:\Users\Bob\AppData\Local\CrashDumps
2016-07-26 18:18 - 2016-07-26 18:31 - 00000000 ____D C:\AdwCleaner
2016-07-26 16:24 - 2016-07-26 16:24 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-07-26 16:23 - 2016-07-26 16:23 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-26 12:23 - 2016-07-26 12:23 - 01610560 _____ (Malwarebytes) C:\Users\Bob\Desktop\JRT.exe
2016-07-26 12:20 - 2016-07-26 12:21 - 03712064 _____ C:\Users\Bob\Desktop\02 adwcleaner_5.201.exe
2016-07-25 15:30 - 2016-07-25 15:30 - 00001082 _____ C:\Users\Bob\Desktop\Malwarebytes.lnk
2016-07-23 22:25 - 2016-07-23 22:25 - 00000000 ____D C:\Mixxx
2016-07-23 22:24 - 2016-07-23 22:53 - 00000000 ____D C:\Users\Bob\AppData\Local\Mixxx
2016-07-23 11:05 - 2016-07-23 11:05 - 00001779 _____ C:\Users\Public\Desktop\Mixxx.lnk
2016-07-23 11:05 - 2016-07-23 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixxx
2016-07-23 10:45 - 2016-07-23 10:45 - 00000000 ____D C:\Program Files\Gramblr
2016-07-23 10:44 - 2016-07-27 11:43 - 00000000 ____D C:\ProgramData\Gramblr
2016-07-19 15:15 - 2016-07-19 15:15 - 00000468 _____ C:\Users\Bob\Documents\yt.rar
2016-07-17 12:39 - 2016-07-17 12:39 - 00000000 ____D C:\Users\Bob\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2016-07-17 12:37 - 2016-07-17 12:37 - 00000000 ____D C:\ProgramData\Virtualized Applications
2016-07-15 13:12 - 2016-07-17 12:39 - 00000000 ____D C:\Users\Bob\AppData\Local\SoftGrid Client

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-10 14:50 - 2016-04-23 20:55 - 00000000 ____D C:\Users\Bob\AppData\Roaming\vlc
2016-08-10 14:47 - 2016-04-26 21:49 - 00000000 ____D C:\Users\Bob\Documents\New folder
2016-08-10 14:34 - 2009-07-26 22:06 - 00006798 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-10 14:28 - 2015-06-12 13:29 - 00000000 ____D C:\Users\Bob\AppData\Roaming\MPC-HC
2016-08-10 14:13 - 2015-07-30 12:21 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-10 14:06 - 2014-01-18 11:39 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-08-10 13:56 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-10 13:56 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-10 13:47 - 2015-07-30 12:21 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-10 13:46 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-10 13:46 - 2009-07-14 04:37 - 00000000 ____D C:\windows\schemas
2016-08-10 13:19 - 2016-02-22 15:03 - 00000000 __SHD C:\ProgramData\juyymlje
2016-08-10 11:36 - 2014-07-15 10:39 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-03 21:35 - 2016-04-25 21:51 - 00000000 ____D C:\Users\Bob\Documents\Jorge
2016-07-29 12:15 - 2016-04-25 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-07-28 14:08 - 2014-01-10 08:34 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-07-28 14:08 - 2014-01-10 08:34 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-28 14:08 - 2010-09-09 10:43 - 00000000 ____D C:\windows\system32\Macromed
2016-07-25 08:31 - 2013-12-16 15:04 - 00000000 ____D C:\Progs
2016-07-24 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\windows\inf
2016-07-23 11:04 - 2013-06-24 10:34 - 00000000 ____D C:\Program Files\Mixxx
2016-07-23 10:59 - 2015-11-15 11:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-22 14:25 - 2016-05-09 14:34 - 00000000 ____D C:\Users\Bob\AppData\Roaming\uTorrent
2016-07-22 13:08 - 2016-07-01 19:08 - 00000000 ____D C:\Users\Bob\Documents\Docs
2016-07-22 07:25 - 2011-07-13 11:58 - 00000000 ____D C:\Users\Bob\AppData\Roaming\SoftGrid Client
2016-07-21 15:34 - 2016-07-07 11:40 - 00000607 _____ C:\Users\Bob\Documents\pw2016.txt
2016-07-19 15:15 - 2016-04-27 17:24 - 00000000 ____D C:\Users\Bob\Documents\Travel
2016-07-17 22:00 - 2016-04-24 17:10 - 00000000 ____D C:\Users\Bob\My Music
2016-07-15 14:10 - 2015-11-15 21:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 23:02 - 2016-05-05 11:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-11 23:02 - 2015-07-20 12:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2013-11-29 10:34 - 2013-12-19 18:51 - 0000100 _____ () C:\Users\Bob\AppData\Roaming\Camdata.ini
2013-11-29 10:34 - 2013-12-19 18:51 - 0000408 _____ () C:\Users\Bob\AppData\Roaming\CamLayout.ini
2013-11-29 10:34 - 2013-12-19 18:51 - 0000408 _____ () C:\Users\Bob\AppData\Roaming\CamShapes.ini
2013-11-29 10:34 - 2013-12-19 18:51 - 0004546 _____ () C:\Users\Bob\AppData\Roaming\CamStudio.cfg
2013-11-29 10:25 - 2013-11-29 10:25 - 0000096 _____ () C:\Users\Bob\AppData\Roaming\version2.xml
2010-09-09 11:07 - 2010-01-16 00:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-19 22:40

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-08-2016 01
Ran by Bob (2016-08-10 14:56:41)
Running from C:\Users\Bob\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) (2011-05-10 12:45:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1072221561-3256289497-2671497516-500 - Administrator - Disabled)
Bob (S-1-5-21-1072221561-3256289497-2671497516-1000 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-1072221561-3256289497-2671497516-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}) (Version: 4.4.1 - Samsung)
Easy Resolution Manager (HKLM\...\{18AA278D-E0B9-4F99-ACCC-070978A38453}) (Version: 1.0.9 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)
Emergency Download Driver (HKLM\...\{05DBF996-83D0-4C40-8D3A-A6850800BC88}) (Version: 1.1.7.1439 - Nokia)
ETDWare PS/2-X86 8.0.7.1_WHQL (HKLM\...\Elantech) (Version: 8.0.7.1 - ELAN Microelectronic Corp.)
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
Flash Update Installer (Version: 5.0.5 - Microsoft) Hidden
Fuse Installer (Version: 5.0.5 - Nokia) Hidden
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (Version: 12.0.1.881 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Lumia Software Recovery Tool 5.0.5 (HKLM\...\{ce03cb40-6574-439c-8076-b5e52ba82287}) (Version: 5.0.5 - Microsoft)
Lumia Software Recovery Tool 5.0.5 (Version: 5.0.5 - Microsoft) Hidden
Lumia UEFI Blue Driver (HKLM\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mixxx 2.0.0 (HKLM\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MPC-HC 1.7.6 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultimediaPOP (HKLM\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Nokia Connectivity Cable Driver (HKLM\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Product API Installer (Version: 5.0.5 - Microsoft) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.18 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SoulSeek 157 NS 13e (HKLM\...\Soulseek2) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.7900 - SRS Labs, Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinFF 1.5.4 (Codename EMMA) (HKLM\...\WinFF_is1) (Version:  - WinFF.org)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinUsb CoInstallers (HKLM\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)
WinUSB Drivers ext (HKLM\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04FDAF7B-F741-4936-97DB-A7F4FD2C9F19} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {24F789E2-C2F3-4277-95CF-4A297070BBA9} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {2C6CA064-8971-4FE5-A092-D84DA88C1C4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {31A6029B-BF85-4FDB-B945-AEA38661FD7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {38166208-45CD-4916-A6CF-9C877CA2CA43} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {38D8722B-A2B4-4200-9EF3-9EDE0483F037} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-20] (Samsung Electronics Co., Ltd.)
Task: {5C7A3663-386A-491A-BCAC-D800818D8E6B} - System32\Tasks\{A79EC9EA-361C-4080-B38C-8DFD232327A3} => pcalua.exe -a C:\Users\Bob\AppData\Local\Temp\{EFD1913A-F0E2-46B2-B5A2-8AD5CEEBCB1C}\setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {5D6D672C-8D0D-4EE5-8D10-C5D2795D739D} - System32\Tasks\{5499BFD8-2B21-4F5D-8802-EED593DDADCA} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.109/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {67B294D4-2D59-4E9C-9329-E63AF106D134} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {77628A57-99CF-44E2-A9C0-64902A34226D} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {85AED73C-A60A-4A82-881E-9F72F2106133} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-28] (Adobe Systems Incorporated)
Task: {909ED5C8-FF87-4CF0-ADBB-EBE8697E3668} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {AE3869B6-E4C5-4EE8-9CA1-30E30497CA1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {BF37C64D-67C3-4487-821E-B511D78F5C56} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {E175C84E-7613-4BBF-9E64-4D55373A2B57} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-07-30] (SAMSUNG Electronics)
Task: {E2F37638-787A-4F61-94EE-9E205945DAEC} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {F29875AA-EDB7-4F84-A942-C5AEF8837513} - System32\Tasks\IdlePowerSave => C:\windows\Idle\DetectIdleTask.exe [2010-07-31] (TODO: <회사 이름>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-09-09 10:43 - 2008-06-05 01:53 - 00026624 _____ () C:\windows\System32\spd__l.dll
2015-01-27 14:03 - 2015-01-27 14:03 - 00082568 _____ () C:\Program Files\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2010-09-09 11:14 - 2010-07-05 12:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2010-09-09 10:57 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2010-09-09 10:44 - 2010-06-08 05:15 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2010-09-09 10:50 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-06-15 14:06 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bob.lnk => C:\windows\pss\Bob.lnk.Startup
MSCONFIG\startupreg: ACSW17EN => "C:\Program Files\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PHEW06EN => "C:\Program Files\ACD Systems\ACDSee Photo Editor 6\acdIDInTouch2.exe"
MSCONFIG\startupreg: PrintDisp => C:\windows\system32\PrintDisp.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: uTorrent => "C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{027369EB-A556-4066-9E79-3FDFAEB60647}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{5CEFC653-C50E-450E-ADCA-C053F73FE6E4}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{ABCE9F9D-4140-43C9-B022-C89D29C4E16C}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{D70BD676-D76C-4BE6-A19F-9515EBA787FD}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{6506253D-067A-4A09-8413-DB0A5F375884}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{CBE75769-CCFF-4427-880C-497CA2DBD978}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{E429B8FA-153C-41BF-AA0D-82F8E19104E2}] => (Allow) svchost.exe
FirewallRules: [{49188A07-AE9A-4425-B4E9-F30DD4A07057}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{8489E8C5-755D-40C1-8987-3D5AD67C8B5D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0EF0A3E4-54A9-4F56-8172-DCFE8CBF4A9F}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{11FC7E43-5203-4BB9-B78B-3C9F37CC9431}C:\program files\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [UDP Query User{C56A1439-99F7-44DE-890C-750B225957C2}C:\program files\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [{0530E45F-9B82-4639-ACE5-FCBAE7445240}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{80FE7FB1-6EE5-4170-8C21-642FCA2AAFE8}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{74F7E2FD-2E5B-459E-93B2-F670F6AA9825}C:\program files\orbitdownloader\orbitnet.exe] => (Allow) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{F2CB8FB3-0C82-4813-B21D-9DD68EA4C06C}C:\program files\orbitdownloader\orbitnet.exe] => (Allow) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{091C034A-7A7B-44FF-9FEE-3E1160F1306F}C:\program files\soulseekns\slsk.exe] => (Allow) C:\program files\soulseekns\slsk.exe
FirewallRules: [UDP Query User{19A63384-6508-42B9-9689-F5752E62F122}C:\program files\soulseekns\slsk.exe] => (Allow) C:\program files\soulseekns\slsk.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5ADC7167-FE7E-4CD4-BF5C-502864AF2F33}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6D361C5F-BBE8-4B6E-AB5F-BD9B4B6FAC1E}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD3B2736-5A43-4632-9237-17388A8AB244}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{35AA657E-0AB9-4114-8556-DE97E8B0A7D7}] => (Allow) LPort=2869
FirewallRules: [{D136B09A-A6D3-4EDF-BB31-6D909A21E489}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{4069D0E4-1BCE-4963-AA5C-D7083A830B0D}C:\program files\aurora\aurora.exe] => (Allow) C:\program files\aurora\aurora.exe
FirewallRules: [UDP Query User{59B1C316-BC55-43B1-A4DC-BBA3CEC00719}C:\program files\aurora\aurora.exe] => (Allow) C:\program files\aurora\aurora.exe
FirewallRules: [{2DEB2C7F-71BA-43B2-9581-1B851CEEE6CE}] => (Block) C:\program files\aurora\aurora.exe
FirewallRules: [{CAFE49E6-B8BE-45BF-9771-BDFE2609E3B9}] => (Block) C:\program files\aurora\aurora.exe
FirewallRules: [TCP Query User{45529CAD-7A9E-4360-B398-4E9AA55ED07A}C:\program files\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files\common files\nokia\fuse\fuseservice.exe
FirewallRules: [UDP Query User{D25D15FC-CADC-4293-8167-2A52710F393F}C:\program files\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files\common files\nokia\fuse\fuseservice.exe
FirewallRules: [TCP Query User{3F5CCABC-E35A-4CFD-B98C-6905B7731C49}C:\program files\microsoft care suite\lumia software recovery tool\lumiasoftwarerecoverytool.exe] => (Allow) C:\program files\microsoft care suite\lumia software recovery tool\lumiasoftwarerecoverytool.exe
FirewallRules: [UDP Query User{1792E28F-7092-425D-86CE-4F7E3F42EAB9}C:\program files\microsoft care suite\lumia software recovery tool\lumiasoftwarerecoverytool.exe] => (Allow) C:\program files\microsoft care suite\lumia software recovery tool\lumiasoftwarerecoverytool.exe
FirewallRules: [{AC46C4CE-C580-48F6-A9BC-DD59705E7A6D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{484BBADB-C375-4555-837A-628E6978E0FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A0B6B296-9488-4617-96F7-DE8FE8E37370}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F57939A6-D107-48FD-B75D-5DC1E6D24A60}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3EF77F20-BD2F-401B-8920-D293D71D8B6A}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F0BE0ACB-78F1-4CAD-B0B9-4143E1F9D98F}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F05D285-25F0-4771-8CB4-6D1D6CF8A4A5}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{66BDC486-7AAC-4E5C-8CBB-AFB86205A3A4}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{548709FC-78A1-477D-AC31-62F2023DCAF3}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8B6CFC4-9DF7-43C6-87A1-F6A0E39729C3}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

16-07-2016 15:24:18 Removed Microsoft Office 2010
23-07-2016 10:55:50 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
26-07-2016 19:59:10 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2016 02:34:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/10/2016 02:34:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/10/2016 01:57:28 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (08/10/2016 01:53:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/10/2016 01:53:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/10/2016 01:47:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/10/2016 01:47:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/10/2016 01:47:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/10/2016 01:47:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/10/2016 01:47:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/10/2016 01:47:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/10/2016 01:47:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (08/10/2016 01:47:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/10/2016 01:46:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/10/2016 01:46:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/10/2016 01:46:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/10/2016 09:25:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/10/2016 09:24:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/10/2016 09:24:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/10/2016 09:16:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.


==================== Memory info ===========================

Processor: Intel® Atom™ CPU N455 @ 1.66GHz
Percentage of memory in use: 78%
Total physical RAM: 1013.3 MB
Available physical RAM: 218.22 MB
Total Virtual: 2037.3 MB
Available Virtual: 885.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.55 GB) (Free:27.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 631E0F7A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.4 GB) - (Type=27)

==================== End of Addition.txt ============================

[SWI Support Robot]

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]

[TheJoker]

Hi paulo34, and welcome back.

 

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.
 

I see that you have a P2P (Peer-to-Peer) file sharing program installed (uTorrent). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system.
In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

 

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:

GroupPolicyScripts: Restriction <======= ATTENTION
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 clwvd7; system32\DRIVERS\clwvd7.sys [X]
2016-08-10 13:19 - 2016-02-22 15:03 - 00000000 __SHD C:\ProgramData\juyymlje
Task: {5C7A3663-386A-491A-BCAC-D800818D8E6B} - System32\Tasks\{A79EC9EA-361C-4080-B38C-8DFD232327A3} => pcalua.exe -a C:\Users\Bob\AppData\Local\Temp\{EFD1913A-F0E2-46B2-B5A2-8AD5CEEBCB1C}\setup.exe -d "C:\Program Files\Mozilla Firefox"
end

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

 

Please scan your system with ESET Online Scanner

Ensure that you have the flash drive plugged in when you run the scan.

• Click the "Run ESET Online Scanner" button.
  • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
  • Click on esetsmartinstaller_enu.exe
  • Save it to your desktop, and double-click to run it.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under scan settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.
• Note: if nothing is detected, ESET Online Scan will not create a log.

 

Re-run MBAM

• If MBAM fails to open, refer to the MBAM FAQ for alternate ways to start the program.
• Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
• Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
• If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
• The scan may take some time to finish,so please be patient.
• If potential threats are detected, click the Quarantine All button.
• While still on the Scan tab, click the Export Log button, select Text file (*.txt), and save the log to your Desktop.
• The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

 

Your Java version is outdated and vulnerable.
Please go to Start > Control Panel > Programs and Features, and uninstall the following:
Java 8 Update 73
 
Next, because Java has had so many vulnerabilities, if you don't have a program that requires Java, or a web site you visit that requires it, I recommend leaving it uninstalled. Your system will be more secure. If you decide to reinstall, or find that a program or website requires it, you can download the latest version from here:
http://java.com/en/download/manual.jsp
If you reinstall it because a program requires Java, you can increase your security by going to the Java Control Panel (Start > Control Panel > Java), selecting the Security tab, and Unchecking "Enable Java content in the browser".

 

Please post the log from FRST (Fixlog.txt), the log from ESET (if anything was detected), the new log from MBAM, and note any errors encountered.

[paulo34]

I dont have a lot of time online so i will run eset tomorrow.

maybe worth mentioning, i have had 2 emails lately telling me that my details and passwords for various sites have been posted online.

also, i know utorrent is risky but i very rarely use it. in fact, i know that this latest problem started

after kickass went down, so i used the newest replacement kickass site and it was full of malware/exe files.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-08-2016 01
Ran by Bob (16-08-2016 12:25:05) Run:1
Running from C:\Users\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:

GroupPolicyScripts: Restriction <======= ATTENTION
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File]
R2 WinDefend; C:\Program Files\Windows
Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 clwvd7; system32\DRIVERS\clwvd7.sys [X]
2016-08-10 13:19 - 2016-02-22 15:03 - 00000000 __SHD C:\ProgramData\juyymlje
Task: {5C7A3663-386A-491A-BCAC-D800818D8E6B} - System32\Tasks\{A79EC9EA-361C-4080-B38C-8DFD232327A3} => pcalua.exe -a C:\Users\Bob\AppData\Local\Temp\{EFD1913A-F0E2-46B2-B5A2-8AD5CEEBCB1C}\setup.exe -d "C:\Program Files\Mozilla Firefox"
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6" => key removed successfully.
WinDefend => Unable to stop service.
WinDefend => service removed successfully.
Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) => Error: No automatic fix found for this entry.
InstallerService => service removed successfully.
CLMirrorDriver => service removed successfully.
clwvd7 => service removed successfully.
C:\ProgramData\juyymlje => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C7A3663-386A-491A-BCAC-D800818D8E6B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C7A3663-386A-491A-BCAC-D800818D8E6B}" => key removed successfully.
C:\Windows\System32\Tasks\{A79EC9EA-361C-4080-B38C-8DFD232327A3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A79EC9EA-361C-4080-B38C-8DFD232327A3}" => key removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17820996 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 12973255 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 2140674 B
LocalService => 0 B
NetworkService => 0 B
Bob => 2736581 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 42 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:29:12 ====

[TheJoker]

maybe worth mentioning, i have had 2 emails lately telling me that my details and passwords for various sites have been posted online.

 

If you get an e-mail like that, best way to handle it if you don't know the source of the e-mail and can confirm it would be to not even open it, just simply delete it.

It could be time to change all your passwords just as a good practice.
 

also, i know utorrent is risky but i very rarely use it. in fact, i know that this latest problem started

after kickass went down, so i used the newest replacement kickass site and it was full of malware/exe files.

 

Yes, those sites will be riddled with malware. Just browsing to some sites like that can infect you before you even download anything. Using pirated software is the fastest way to an infected system. Do you ever order anything with a credit card online or do online banking? It's not just your computer system that could be at risk, but your banking information also. That's the sort of risk that you put yourself in using that type of site.

 

I'll be looking for the new MBAM and ESET Online Scan results when you have a chance to run them and post the results.

[paulo34]

I had to stop the eset scanner because it was taking so long. im in an internet cafe and i cant sit here all day waiting for that to finish.

it found two problems with Panda Security in programme files.

a variant of Win32/Toolbar.Visicom

I will run mbam back at home and post that asap.

[TheJoker]

Is an Internet cafe your only access?

[paulo34]

I ran mbam and it came up with windows 7.exe again and i deleted it this time.

Last week I ran mbam and it quarantined a thing called juyymlje.exe.

This still appears in my 'startup' box in msconfig.

Can I safely empty the quarantine folder?Also in the startup box is a thing called

PHEW06EN

this is related to ACDSEE, which was a programme I downloaded last year, which was infected.

 

Unrelated question, but do you know where I can get a download for cyberlink youcam.exe?

I uninstalled it last year and now the webcam doesnt work.

I've tried to download from their site but the latest version is incompatable.

 

And yes, I only have internet cafe access for the moment.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/08/2016
Scan Time: 21:14
Logfile: mbam result.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.17.07
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Bob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311973
Time Elapsed: 1 hr, 4 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent.BCM, C:\ProgramData\Windows 7\Windows 7.exe, , [5ad161eb772333031933475243bdac54],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

[TheJoker]

Let's try Kaspersky Virus Removal Tool. Once it's downloaded and updated, and you have started the scan, you should be able to finish running the scan once you have disconnected from the Internet connection.

 

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Save the file to your Desktop.

Disconnect from the Internet and run the scan from home.

While disconnected from the Internet, disable Panda Antivirus.

 

Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

So you will need to check that information before you leave the Internet cafe.

Do NOT disable your Panda Antivirus while connected through the Internet Cafe.

Double-click the Removal Tool.
Click the gear in the upper right corner:

 

Double-click the Removal Tool.
Click the gear in the upper right corner:

Select all the areas and drives for scanning.
Once done please select the Automatic Scan tab and press Start Scan.

Allow Kaspersky Virus Removal Tool to delete all infections found.
Once it has finished select the Report tab.
Select the Detected threats report from the left and press the Save button.
Save it to your Desktop and post the contents in your next reply.

Reboot your system.

 

Please download Junkware Removal Tool to your Desktop.

• Disconnect from the Internet (unplug your connection to your router or modem).
• Please close your security software to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Restart your security software and reconnect to the Internet.
• Please post the contents of JRT.txt into your reply.

 

Now let's remove the entry in MSCONFIG for PHEW06EN

• Click Start>> Programs>>Accessories: click Notepad
• Copy and Paste the following text inside the box below (starting with REGEDIT4) to Notepad.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHEW06EN]

• Make sure there are no blank spaces before REGEDIT4 and there should be one blank line at the end.
• Click File at the top and then choose Save As.
• Change Save As Type to All Files.
• Name it fix.reg and save it on your Desktop.
• Double click fix.reg. It will ask you if you want to merge it to the Registry, click Yes.

 

Reboot your System.

 

Re-enable Panda Antivirus.

 

Unrelated question, but do you know where I can get a download for cyberlink youcam.exe?

I uninstalled it last year and now the webcam doesnt work.

 

Was that included with your computer's installed software,or did you previously download that separately?

Since your computer appears to be a Samsung:

from http://support-us.sa...NP305E7A-A03US

 

• Cyberlink YouCam only comes pre-installed on PC's with Windows 7 out-of-the-box.

• If you have deleted this software, click here to go to Cyberlink's site.

 

When you go to that site, you would need to pay for the program, it's not a free software.

There may be a driver for the website available on your computer manufacturer's site.

What is the make and model of your computer?

 

Please post the scan from Kaspersky Removal Tool, the log from JRT, answer the question above on the make/model of your computer, and note any errors encountered.

[paulo34]

Reboot was much faster this time but firefox took ages to load and the wifi took a long time to connect too.

I ran kaspersky which didnt find anything, ran JRT and did the reg edit thing.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Starter x86
Ran by Bob (Administrator) on 21/08/2016 at 10:38:41.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\Invalidprefs.js (File)
Successfully deleted: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RILHSDA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OW00RWV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF61FPT3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBYCK332 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RILHSDA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OW00RWV (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF61FPT3 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBYCK332 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/08/2016 at 10:43:41.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

The cyberlink youcam was preinstalled. I uninstalled it last year as I was

clearing everything off this laptop, ready to do a system recovery, then didnt do it after all.

It's a samsung NF110, which I bought new, in 2011.

I think I need youcam5 and i can only get youcam7 from their site.

[TheJoker]

t's a samsung NF110

 

From this page:

http://www.samsung.c.../NP-NF110-A01UK

 

This utility may be able to selectively re-install original software or drivers, so you may be able to select to reinstall either the Cyberlink software, or a driver for the webcam.

http://orcaservice.s...m/SWUpdate.aspx

 

Are you still having issues with the trojan that MBAM was repeatedly finding?

[paulo34]

The computer is running slowly, but it always has.

Almost every time I click anything I get the 'not responding' message and have to wait a minute or 3 for it to clear.

Also getting a lot of messages, i think they come up on yahoo pages saying, 'unresponsive script;

chrome://browser/content/browser addons js449

...something like that.

 

I tried looking at the samsung page and downloaded the updater but there is no mention

of cyberlink or youcam or even a webcam driver in there.

Dont have time today to do any more than that.

Thanks for your help so far anyway.

[TheJoker]

I see from your previous FRST scan that in addition to your resident Panda Antivirus, you also have Kaspersky Security Scan installed. I would recommend uninstalling Kaspersky Security Scan. Also, you seem to be running quite a few utilities that are not essential. That could be slowing you down.

I would download and run StartUpLite. This will display all unnecessary startup entries - so actually, everything it displays there is not necessary to start up with Windows.
The choice is up to you whether you need some to start up with Windows (in that case, select "No action" for them) - but you can always start them manually via start > all programs. (Do not choose the "Remove" checkboxes, because this will delete it from the Registry).

Did that help improve the system speed?
 

Lets see if you still have problems running Security Analysis.

Delete any copy you may have previously downloaded.

Please download Security Analysis by Rocket Grannie from here

• Save it to your Desktop.
• Close your security software to avoid potential conflicts.
• Double click RGSA.exe
• Click OK on the copyright-disclaimer
• It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
• Please copy and paste the contents of that log in your topic.

Were you able to run Security Analysis? Please post the log if you were able to run it.

After using StartUpLite and disabling unneeded programs from running at system startup, did that help to improve speed?

[paulo34]

Startup lite didnt find anything to change. Which utilities do you think I could stop?

I'm always checking my startup and removing or stopping programmes I dont use.

 

I tried RGSA again and got an alert from Avira, (which I hadnt worked out how to disable)

saying; RGSA.exe contains a pattern of HEUR/APC (Cloud)

[TheJoker]

I tried RGSA again and got an alert from Avira, (which I hadnt worked out how to disable)

 

Your previous logs showed that you were using Panda Free Antivirus and Panda Firewall. They didn't show Avira. Have you installed that since you ran the previous FRST logs?

If you are running both Panda Free Antivirus and Avira Antivirus, you should uninstall one of them completely. Having two antivirus programs installed at the same time can cause problems, and you actually can end up with less protection, not more. It could also cause the system to be slow, something you have already mentioned. If both are installed, you should decide which you want to keep and completely uninstall the other.

 

After you have done that:

 

Please delete your current copy of Farbar Recovery Scan Tool (FRST).

Download a new copy of FRST and save it to your Desktop:

http://www.bleepingc...can-tool/dl/81/

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Place a checkmark in the block for Addition.txt (by default it only produces an Addition.txt log the first time it's run - after that you have to specify that you want the additional log)
• Press the Scan button.

Please post both new logs (FRST.txt and Addition.txt)  in your next reply and note any errors encountered.

[paulo34]

I uninstalled panda before installing avira.

One other question; When the trojan started stealling all my memory, I adjusted the settings but I dont know what they are supposed to be now??

Also, you didnt reply when I asked which utilities I could stop.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2016 01
Ran by Bob (administrator) on BOB-PC (25-08-2016 11:37:19)
Running from C:\Users\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob & DefaultAppPool)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
() C:\Program Files\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-08-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1806728 2010-08-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-08] ()
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67864 2016-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [831064 2016-07-18] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-12]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{47155BE4-9D85-43AA-A9B7-11F6EA08323E}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{A0CD25A4-30D7-44A4-B927-27B7737CD03B}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1072221561-3256289497-2671497516-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137
FF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Flash and Video Download - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-08-17]
FF Extension: Instagram for Firefox - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\Extensions\jid0-BumCY9dUzYckeJaH3JEeimjBpxM@jetpack.xpi [2016-07-23]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-05-05]
FF Extension: Adblock Plus - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-05]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADUServiceNSRT; C:\Program Files\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe [82568 2015-01-27] () [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [989696 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [472112 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [472112 2016-07-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1453696 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [320672 2016-08-04] (Avira Operations GmbH & Co. KG)
R2 Printer Control; C:\windows\system32\PrintCtrl.exe [102400 2012-10-21] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3289448 2016-05-11] (Samsung Electronics Co., Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [115600 2016-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [140272 2016-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [60088 2016-07-18] (Avira Operations GmbH & Co. KG)
S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [100744 2010-08-31] (ELAN Microelectronics Corp.)
S3 ManyCam; C:\windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
S3 Ser2plx86; C:\windows\System32\DRIVERS\ser2pl.sys [134144 2013-02-22] (Prolific Technology Inc.)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [31848 2016-07-18] (Avira Operations GmbH & Co. KG)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-26] ()
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 11:38 - 2016-08-25 11:38 - 00000000 _____ C:\Users\Bob\Downloads\Celebrity Big Brother UK 2016 II Episode-31.mp4
2016-08-25 11:37 - 2016-08-25 11:40 - 00012667 _____ C:\Users\Bob\Desktop\FRST.txt
2016-08-25 11:37 - 2016-08-25 11:38 - 135557756 _____ C:\Users\Bob\Downloads\Celebrity Big Brother UK 2016 II Episode-31.mp4.part
2016-08-25 11:27 - 2016-08-25 11:34 - 216550594 _____ C:\Users\Bob\Downloads\Celebrity Big Brother UK 2016 II Episode-30.mp4
2016-08-25 11:20 - 2016-08-25 11:20 - 01746432 _____ (Farbar) C:\Users\Bob\Desktop\FRST.exe
2016-08-24 09:04 - 2016-08-24 09:04 - 00204496 _____ (Malwarebytes) C:\Users\Bob\Downloads\startuplite-setup-1.07.exe
2016-08-23 10:04 - 2016-08-24 18:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-08-22 10:38 - 2016-08-22 10:38 - 00000000 ____D C:\Users\Bob\AppData\Local\Samsung
2016-08-22 10:32 - 2016-08-22 10:43 - 00001864 _____ C:\Users\Public\Desktop\Samsung Update.lnk
2016-08-22 10:14 - 2016-08-22 10:22 - 25266124 _____ C:\Users\Bob\Downloads\SWUpdate_2.2.7.24.ZIP
2016-08-21 22:15 - 2016-06-09 12:46 - 00000083 _____ C:\Users\Bob\Documents\angelas numbers.txt
2016-08-21 10:14 - 2016-08-21 10:24 - 101352792 _____ (Kaspersky Lab ZAO) C:\Users\Bob\Desktop\KVRT.exe
2016-08-20 18:50 - 2016-08-20 18:52 - 00000000 ____D C:\KVRT_Data
2016-08-20 18:43 - 2016-08-21 09:07 - 00002200 _____ C:\Users\Bob\Documents\swi.txt
2016-08-19 22:58 - 2016-08-19 22:58 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Avira
2016-08-18 10:58 - 2016-07-18 16:23 - 00140272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2016-08-18 10:58 - 2016-07-18 16:23 - 00115600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2016-08-18 10:58 - 2016-07-18 16:23 - 00060088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2016-08-18 10:58 - 2016-07-18 16:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2016-08-18 10:58 - 2016-07-18 16:23 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\ssmdrv.sys
2016-08-18 10:30 - 2016-08-18 10:30 - 00001168 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-08-18 10:29 - 2016-08-18 11:19 - 00000000 ____D C:\Program Files\Avira
2016-08-18 10:29 - 2016-08-18 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-08-18 10:29 - 2016-08-18 10:57 - 00000000 ____D C:\ProgramData\Avira
2016-08-17 12:43 - 2016-08-17 12:43 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-17 11:51 - 2016-08-17 11:51 - 00000000 ____D C:\Users\Bob\AppData\Local\ESET
2016-08-17 11:49 - 2016-08-17 11:50 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Bob\Desktop\esetonlinescanner_enu.exe
2016-08-16 06:04 - 2016-08-16 06:04 - 00000000 ____D C:\Users\Bob\AppData\Local\Apple
2016-08-10 14:51 - 2016-08-25 11:37 - 00000000 ____D C:\FRST
2016-07-29 12:16 - 2016-08-09 14:33 - 00000000 ____D C:\Users\Bob\AppData\Local\CrashDumps
2016-07-26 18:18 - 2016-07-26 18:31 - 00000000 ____D C:\AdwCleaner
2016-07-26 16:24 - 2016-07-26 16:24 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-07-26 16:23 - 2016-07-26 16:23 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-26 12:23 - 2016-07-26 12:23 - 01610560 _____ (Malwarebytes) C:\Users\Bob\Desktop\JRT.exe
2016-07-26 12:20 - 2016-07-26 12:21 - 03712064 _____ C:\Users\Bob\Desktop\02 adwcleaner_5.201.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 11:22 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-25 11:22 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-25 11:19 - 2009-07-14 04:37 - 00000000 ____D C:\windows\inf
2016-08-25 11:15 - 2015-07-30 12:21 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-25 11:15 - 2014-01-18 11:39 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-08-25 10:04 - 2016-04-26 21:49 - 00000000 ____D C:\Users\Bob\Documents\New folder
2016-08-25 07:16 - 2016-04-23 20:55 - 00000000 ____D C:\Users\Bob\AppData\Roaming\vlc
2016-08-24 19:04 - 2009-07-26 22:06 - 00006798 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-24 18:57 - 2015-07-30 12:21 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-24 18:57 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-24 18:56 - 2015-07-20 12:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-08-22 10:32 - 2010-09-09 10:57 - 00000000 ____D C:\ProgramData\SAMSUNG
2016-08-22 10:32 - 2010-09-09 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-08-22 10:32 - 2010-09-09 10:43 - 00000000 ____D C:\Program Files\Samsung
2016-08-22 09:51 - 2014-01-10 08:34 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-08-22 09:51 - 2014-01-10 08:34 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-08-21 22:32 - 2015-06-12 13:29 - 00000000 ____D C:\Users\Bob\AppData\Roaming\MPC-HC
2016-08-18 10:30 - 2016-03-20 10:08 - 00058544 _____ C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-18 10:29 - 2015-11-15 11:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-18 10:28 - 2013-12-16 15:04 - 00000000 ____D C:\Progs
2016-08-17 22:29 - 2014-07-15 10:39 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-17 22:25 - 2009-07-26 22:57 - 00000000 ____D C:\windows\Sec
2016-08-17 22:23 - 2016-02-22 15:26 - 00000000 __SHD C:\ProgramData\Windows 7
2016-08-17 15:42 - 2016-04-25 21:51 - 00000000 ____D C:\Users\Bob\Documents\Jorge
2016-08-17 15:41 - 2016-04-27 17:17 - 00000000 ____D C:\Users\Bob\Documents\Soubes
2016-08-17 15:21 - 2016-04-24 17:10 - 00000000 ____D C:\Users\Bob\My Music
2016-08-17 13:46 - 2009-07-14 06:33 - 00269136 _____ C:\windows\system32\FNTCACHE.DAT
2016-08-17 12:43 - 2014-07-15 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-17 12:43 - 2014-07-15 10:37 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-08-16 12:27 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\GroupPolicy
2016-08-12 13:19 - 2015-11-15 21:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-10 13:46 - 2009-07-14 04:37 - 00000000 ____D C:\windows\schemas
2016-07-29 12:15 - 2016-04-25 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-07-28 14:08 - 2010-09-09 10:43 - 00000000 ____D C:\windows\system32\Macromed

==================== Files in the root of some directories =======

2013-11-29 10:34 - 2013-12-19 18:51 - 0000100 _____ () C:\Users\Bob\AppData\Roaming\Camdata.ini
2013-11-29 10:34 - 2013-12-19 18:51 - 0000408 _____ () C:\Users\Bob\AppData\Roaming\CamLayout.ini
2013-11-29 10:34 - 2013-12-19 18:51 - 0000408 _____ () C:\Users\Bob\AppData\Roaming\CamShapes.ini
2013-11-29 10:34 - 2013-12-19 18:51 - 0004546 _____ () C:\Users\Bob\AppData\Roaming\CamStudio.cfg
2013-11-29 10:25 - 2013-11-29 10:25 - 0000096 _____ () C:\Users\Bob\AppData\Roaming\version2.xml
2010-09-09 11:07 - 2010-01-16 00:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\Bob\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-24 13:12

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-08-2016 01
Ran by Bob (25-08-2016 11:43:34)
Running from C:\Users\Bob\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) (2011-05-10 12:45:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1072221561-3256289497-2671497516-500 - Administrator - Disabled)
Bob (S-1-5-21-1072221561-3256289497-2671497516-1000 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-1072221561-3256289497-2671497516-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM\...\{6052a753-acc6-4c02-b5a8-70962ff8e0a4}) (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Hidden
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}) (Version: 4.4.1 - Samsung)
Easy Resolution Manager (HKLM\...\{18AA278D-E0B9-4F99-ACCC-070978A38453}) (Version: 1.0.9 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)
Emergency Download Driver (HKLM\...\{05DBF996-83D0-4C40-8D3A-A6850800BC88}) (Version: 1.1.7.1439 - Nokia)
ETDWare PS/2-X86 8.0.7.1_WHQL (HKLM\...\Elantech) (Version: 8.0.7.1 - ELAN Microelectronic Corp.)
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
Flash Update Installer (Version: 5.0.5 - Microsoft) Hidden
Fuse Installer (Version: 5.0.5 - Nokia) Hidden
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Lumia Software Recovery Tool 5.0.5 (HKLM\...\{ce03cb40-6574-439c-8076-b5e52ba82287}) (Version: 5.0.5 - Microsoft)
Lumia Software Recovery Tool 5.0.5 (Version: 5.0.5 - Microsoft) Hidden
Lumia UEFI Blue Driver (HKLM\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mixxx 2.0.0 (HKLM\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MPC-HC 1.7.6 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultimediaPOP (HKLM\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Nokia Connectivity Cable Driver (HKLM\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Product API Installer (Version: 5.0.5 - Microsoft) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.18 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM\...\{0BC4AC38-E7C5-4394-A6BD-32CDCE2C8B9D}) (Version: 2.2.36 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SoulSeek 157 NS 13e (HKLM\...\Soulseek2) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.7900 - SRS Labs, Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinFF 1.5.4 (Codename EMMA) (HKLM\...\WinFF_is1) (Version:  - WinFF.org)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinUsb CoInstallers (HKLM\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)
WinUSB Drivers ext (HKLM\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04FDAF7B-F741-4936-97DB-A7F4FD2C9F19} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {24F789E2-C2F3-4277-95CF-4A297070BBA9} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {2C6CA064-8971-4FE5-A092-D84DA88C1C4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {31A6029B-BF85-4FDB-B945-AEA38661FD7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {38166208-45CD-4916-A6CF-9C877CA2CA43} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {38D8722B-A2B4-4200-9EF3-9EDE0483F037} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-20] (Samsung Electronics Co., Ltd.)
Task: {5D6D672C-8D0D-4EE5-8D10-C5D2795D739D} - System32\Tasks\{5499BFD8-2B21-4F5D-8802-EED593DDADCA} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.109/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {67B294D4-2D59-4E9C-9329-E63AF106D134} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {6D1EC9DC-49F8-4D6D-9D1D-7E9D27F35489} - System32\Tasks\{04D668F1-F30C-4FDA-A92F-709E66AD1194} => pcalua.exe -a C:\Users\Bob\Downloads\startuplite-setup-1.07.exe -d C:\Users\Bob\Downloads
Task: {77628A57-99CF-44E2-A9C0-64902A34226D} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {85AED73C-A60A-4A82-881E-9F72F2106133} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-22] (Adobe Systems Incorporated)
Task: {909ED5C8-FF87-4CF0-ADBB-EBE8697E3668} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {AE3869B6-E4C5-4EE8-9CA1-30E30497CA1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {BF37C64D-67C3-4487-821E-B511D78F5C56} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {C7BF47D6-C23A-42B3-AA9A-B59EC57F0500} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {E175C84E-7613-4BBF-9E64-4D55373A2B57} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-07-30] (SAMSUNG Electronics)
Task: {E2F37638-787A-4F61-94EE-9E205945DAEC} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {F29875AA-EDB7-4F84-A942-C5AEF8837513} - System32\Tasks\IdlePowerSave => C:\windows\Idle\DetectIdleTask.exe [2010-07-31] (TODO: <회사 이름>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-09-09 10:43 - 2008-06-05 01:53 - 00026624 _____ () C:\windows\System32\spd__l.dll
2015-01-27 14:03 - 2015-01-27 14:03 - 00082568 _____ () C:\Program Files\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
2010-09-09 11:14 - 2010-07-05 12:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2016-04-25 09:32 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-09-09 10:44 - 2010-06-08 05:15 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2010-09-09 10:57 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2010-09-09 10:50 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-06-15 14:06 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1072221561-3256289497-2671497516-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bob.lnk => C:\windows\pss\Bob.lnk.Startup
MSCONFIG\startupreg: ACSW17EN => "C:\Program Files\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PrintDisp => C:\windows\system32\PrintDisp.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: uTorrent => "C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{027369EB-A556-4066-9E79-3FDFAEB60647}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{5CEFC653-C50E-450E-ADCA-C053F73FE6E4}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{ABCE9F9D-4140-43C9-B022-C89D29C4E16C}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{D70BD676-D76C-4BE6-A19F-9515EBA787FD}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{6506253D-067A-4A09-8413-DB0A5F375884}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{CBE75769-CCFF-4427-880C-497CA2DBD978}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{E429B8FA-153C-41BF-AA0D-82F8E19104E2}] => (Allow) svchost.exe
FirewallRules: [{49188A07-AE9A-4425-B4E9-F30DD4A07057}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{8489E8C5-755D-40C1-8987-3D5AD67C8B5D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0EF0A3E4-54A9-4F56-8172-DCFE8CBF4A9F}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{11FC7E43-5203-4BB9-B78B-3C9F37CC9431}C:\program files\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [UDP Query User{C56A1439-99F7-44DE-890C-750B225957C2}C:\program files\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [{0530E45F-9B82-4639-ACE5-FCBAE7445240}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{80FE7FB1-6EE5-4170-8C21-642FCA2AAFE8}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{74F7E2FD-2E5B-459E-93B2-F670F6AA9825}C:\program files\orbitdownloader\orbitnet.exe] => (Allow) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{F2CB8FB3-0C82-4813-B21D-9DD68EA4C06C}C:\program files\orbitdownloader\orbitnet.exe] => (Allow) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{091C034A-7A7B-44FF-9FEE-3E1160F1306F}C:\program files\soulseekns\slsk.exe] => (Allow) C:\program files\soulseekns\slsk.exe
FirewallRules: [UDP Query User{19A63384-6508-42B9-9689-F5752E62F122}C:\program files\soulseekns\slsk.exe] => (Allow) C:\program files\soulseekns\slsk.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5ADC7167-FE7E-4CD4-BF5C-502864AF2F33}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6D361C5F-BBE8-4B6E-AB5F-BD9B4B6FAC1E}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD3B2736-5A43-4632-9237-17388A8AB244}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{35AA657E-0AB9-4114-8556-DE97E8B0A7D7}] => (Allow) LPort=2869
FirewallRules: [{D136B09A-A6D3-4EDF-BB31-6D909A21E489}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{4069D0E4-1BCE-4963-AA5C-D7083A830B0D}C:\program files\aurora\aurora.exe] => (Allow) C:\program files\aurora\aurora.exe
FirewallRules: [UDP Query User{59B1C316-BC55-43B1-A4DC-BBA3CEC00719}C:\program files\aurora\aurora.exe] => (Allow) C:\program files\aurora\aurora.exe
FirewallRules: [{2DEB2C7F-71BA-43B2-9581-1B851CEEE6CE}] => (Block) C:\program files\aurora\aurora.exe
FirewallRules: [{CAFE49E6-B8BE-45BF-9771-BDFE2609E3B9}] => (Block) C:\program files\aurora\aurora.exe
FirewallRules: [TCP Query User{45529CAD-7A9E-4360-B398-4E9AA55ED07A}C:\program files\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files\common files\nokia\fuse\fuseservice.exe
FirewallRules: [UDP Query User{D25D15FC-CADC-4293-8167-2A52710F393F}C:\program files\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files\common files\nokia\fuse\fuseservice.exe
FirewallRules: [TCP Query User{3F5CCABC-E35A-4CFD-B98C-6905B7731C49}C:\program files\microsoft care suite\lumia software recovery tool\lumiasoftwarerecoverytool.exe] => (Allow) C:\program files\microsoft care suite\lumia software recovery tool\lumiasoftwarerecoverytool.exe
FirewallRules: [UDP Query User{1792E28F-7092-425D-86CE-4F7E3F42EAB9}C:\program files\microsoft care suite\lumia software recovery tool\lumiasoftwarerecoverytool.exe] => (Allow) C:\program files\microsoft care suite\lumia software recovery tool\lumiasoftwarerecoverytool.exe
FirewallRules: [{AC46C4CE-C580-48F6-A9BC-DD59705E7A6D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{484BBADB-C375-4555-837A-628E6978E0FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A0B6B296-9488-4617-96F7-DE8FE8E37370}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F57939A6-D107-48FD-B75D-5DC1E6D24A60}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3EF77F20-BD2F-401B-8920-D293D71D8B6A}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F0BE0ACB-78F1-4CAD-B0B9-4143E1F9D98F}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F05D285-25F0-4771-8CB4-6D1D6CF8A4A5}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{66BDC486-7AAC-4E5C-8CBB-AFB86205A3A4}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{548709FC-78A1-477D-AC31-62F2023DCAF3}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8B6CFC4-9DF7-43C6-87A1-F6A0E39729C3}] => (Allow) C:\Users\Bob\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

16-08-2016 12:25:23 Restore Point Created by FRST
16-08-2016 12:45:15 Removed Java 8 Update 73
21-08-2016 10:38:48 JRT Pre-Junkware Removal
22-08-2016 10:30:12 Installed Samsung Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2016 07:07:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (08/24/2016 07:04:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/24/2016 07:04:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/24/2016 01:20:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/24/2016 01:20:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/23/2016 10:47:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/23/2016 10:47:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/23/2016 02:39:47 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (08/22/2016 07:53:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/22/2016 07:53:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (08/24/2016 07:01:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/24/2016 06:57:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/24/2016 06:57:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/24/2016 11:35:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (08/23/2016 07:27:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (08/23/2016 02:39:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (08/23/2016 09:38:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (08/22/2016 07:02:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (08/22/2016 10:32:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SW Update Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/21/2016 11:02:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Support Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Atom™ CPU N455 @ 1.66GHz
Percentage of memory in use: 86%
Total physical RAM: 1013.3 MB
Available physical RAM: 136.81 MB
Total Virtual: 2053.3 MB
Available Virtual: 351.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.55 GB) (Free:45.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 631E0F7A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.4 GB) - (Type=27)

==================== End of Addition.txt ============================

[TheJoker]

One other question; When the trojan started stealling all my memory, I adjusted the settings but I dont know what they are supposed to be now??

I can't answer that unless I know what settings you changed.

Also, you didnt reply when I asked which utilities I could stop.

I needed to check that you weren't running two antivirus programs at the same time first.

Are you running the Windows Firewall? As you no longer have Panda Firewall installed and running, you need to turn on Windows Firewall.

You can follow the directions here to see if your Windows Firewall is turned on:

http://www.sevenforu...l-turn-off.html

It's especially important for you to be sure you have the Windows Firewall turned on as you are connecting through an Internet cafe.

 

You are running CCleaner at system strartup. There's no reason to have that on all the time. You could disable that and only run the program when you chose to.

See this page - You are running Adobe Gamma Loader, and you may not need to run that.

- http://www.bleepingc...er.exe-174.html

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
end

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

Now lets see if you can get Security Analysis to run.

 

Check this info on how to disable Avira, and print the instructions as you will need to do this while you are DISCONNECTED from the Internet.

 

Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

So you will need to check that information before you leave the Internet cafe.

 

Disconnect from the Internet

Follow the instructions to disable Avira,

 

Please re-run Security Analysis by Rocket Grannie

• Save it to your Desktop.
• Close your security software to avoid potential conflicts.
• Double click RGSA.exe
• Click OK on the copyright-disclaimer
• It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
• Please copy and paste the contents of that log in your topic.

Restart Avira - It's VERY important to do this before you reconnect to the Internet.

 

If you were unable to run Security Analysis that way, you could try rebooting to Safe Mode and then run Security Analysis.

Only do that while you are DISCONNECTED form the Internet.

http://www.sevenforu...-safe-mode.html

Please post the log from FRST (Fixlog.txt), the log from Security Analysis, and note any errors encountered.

[paulo34]

Ok, firewall is on. ccleaner is turned off at startup, i use photoshop a lot so I will leave the gamma loader on. Couldnt find it in the start up list anyway.

 

Other issues; The laptop is very slow to connect to the wifi here. Then when it does, it disconnects every couple of minutes, then reconnects. I asked 4 other people in here if they were having the same problem and they said no.

Yesterday I noticed that an hour after closing the lid, the power light was still on. This was draining the battery all day. This has never happened before. I went into power options/system setings and all the choices were greyed out, with the message 'access denied'

 

 

Going to try and run security analysis at home later becaue Im out of time here.

I ran the script you gave me.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-08-2016 01
Ran by Bob (26-08-2016 11:52:09) Run:2
Running from C:\Users\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7256052 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 13755957 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
LocalService => 0 B
NetworkService => 0 B
Bob => 2448376 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 30.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:53:43 ====

 

the wifi connection problem was still there after the reboot by the way.

 

I made a change to my virtual memory a couple of weeks ago, without knowing the right settings.

At the moment it says;

reccomended; 1519mb

currently allocated; 1024mb

space available 48,126mb

[paulo34]

The computer took a full 13 minutes to boot, open firefox and get online today.

Never known it that slow before.

Still getting (Not responding) on every folder and web page i try to open too.

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 5th August 2016
Running from:C:\Users\Bob\Desktop (13:04:13 - 08/26/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Starter X86 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
***-----------------Anti-Virus - Firewall-------------------***
Avira Antivirus (Disabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 22.0.0.209)
Java is not installed
CCleaner -- An older version than (5.20) is installed.
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5)
Mozilla Firefox -- An older version than (48) is installed.
Windows Live Essentials -- An older version than (16.4) is installed.
CCleaner (version 5.11) is *out of Date*
Mozilla Firefox 47.0.1 (x86 en-US) (version 47.0.1) is *out of Date*
Windows Live Essentials (version 15.4.3502.0922) is *out of Date*
Windows Live Essentials (version 15.4.3502.0922) is *out of Date*

***----------------Analysis Complete-------------------------***

[TheJoker]

For the laptop not shutting off, there may have been a running program that was interfering with turning off. Be sure to close all running programs before shutting down, and see if that helps.

See if this helps on the power settings issue.
http://support-us.sa...1!1300977063531

If not, I would request assistance here:
http://www.samsung.c...windows-laptops

Your version of Firefox is outdated.
While running Firefox and connected to the Internet, click Help > About Firefox.
In the window that opens, click Check for Updates.
When the programs downloads, you will be updated when you close and restart Firefox.
 

 

Download Zeok tool from here

When the download appears, save to the Desktop.

DISCONNECT from the Internet

Close any open browsers.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:

createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b

Now...
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

 

Reconnect to the Internet.
Please post the zoek-results.log in your reply and note any errors encountered.

[paulo34]

Zoek appeared to hang up while scanning firefox extensions. I waited two and a half hours until my battery died and

I had to shut the laptop down.

The computer is running better now though.

 

Yesterday I ran ccleaner and it emptied out all the zoek files in appdata/local/temp

 

I copied this from the zoek box before closing it. Not sure if this is what you need to see;

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Bob on 29/08/2016 at 19:53:40.04.
Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Bob\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 19:55:44.58 =====

--- Create Environment Variables 19:55:48.12
--- Create System Restore Point 19:56:08.40
--- Checking Input 19:57:02.97
--- AU AppData Check 19:57:50.41
--- Remove From Windows Installer 19:57:57.52
--- Empty Folders Check 20:00:21.17
--- Registry HKLM Software Check 20:00:21.26
--- Quick Launch Shortcut Check 20:04:01.03
--- IE Startpage Check 20:04:12.62
--- Program Files DB Check 20:05:01.26
--- C:\Users\Bob\AppData\Roaming DB Check 20:07:20.59
--- C:\Users\Default\AppData\Roaming DB Check 20:07:20.59
--- C:\Users\Default User\AppData\Roaming DB Check 20:07:20.59
--- C:\Users\DefaultAppPool\AppData\Roaming DB Check 20:07:20.59
--- C:\windows\system32\config\systemprofile\AppData\Roaming DB Check 20:07:20.59
--- C:\windows\serviceprofiles\networkservice\AppData\Roaming DB Check 20:07:20.59
--- C:\windows\serviceprofiles\Localservice\AppData\Roaming DB Check 20:07:20.59
--- C:\Users\Bob DB Check 20:13:50.18
--- C:\PROGRA~2 DB Check 20:15:22.22
--- C:\Users\Bob\AppData\Local DB Check 20:15:36.62
--- C:\Users\Default\AppData\Local DB Check 20:15:36.62
--- C:\Users\Default User\AppData\Local DB Check 20:15:36.62
--- C:\Users\DefaultAppPool\AppData\Local DB Check 20:15:36.62
--- C:\Users\Public\AppData\Local DB Check 20:15:36.62
--- C:\windows\system32\config\systemprofile\AppData\Local DB Check 20:15:36.62
--- C:\windows\serviceprofiles\networkservice\AppData\Local DB Check 20:15:36.62
--- C:\windows\serviceprofiles\Localservice\AppData\Local DB Check 20:15:36.62
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 20:20:41.59
--- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 20:21:10.29
--- Tasks DB Check 20:21:29.15
--- Downloads DB Check 20:21:40.41
--- C:\Users\Bob\AppData\LocalLow DB Check 20:21:53.24
--- C:\Users\DefaultAppPool\AppData\LocalLow DB Check 20:21:53.24
--- C:\windows\system32\config\systemprofile\AppData\LocalLow DB Check 20:21:53.24
--- C:\windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 20:21:53.24
--- C:\windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 20:21:53.24
--- Tasks2 DB Check 20:24:15.29
--- Documents DB Check 20:25:40.42
--- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137 DB Check 20:26:01.84
--- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\42lUtyI5.default DB Check 20:26:01.84
--- C:\Users\Public\Desktop DB Check 20:26:17.33
--- C:\Users\Bob\Desktop DB Check 20:26:38.47
--- Services DB Check 20:27:22.87
--- FF prefs.js DB Check 20:29:12.15
--- Emptyclsid 20:35:03.96
--- Del by CLSID 20:35:13.43
--- Delete Services 20:41:43.92
--- Firefox Fix 20:41:53.23
--- Batch Commands 20:42:01.09
--- Delete files\folders 20:42:02.17
--- Create Backups 20:42:02.55
--- Firefox Extensions 20:42:29.85

[TheJoker]

It's good to hear that the system is running batter.

 

Since Zoek stopped before it finished, let's run it one more time, only in Safe Mode.

Only do that while you are DISCONNECTED from the Internet.

http://www.sevenforu...-safe-mode.html

If needed, print the instructions from that page on how to reboot to Safe Mode.

 

This will be a bit different, as you won't be connected to the Internet, and you will have rebooted to Safe Mode so you won't have this window open.

Print this reply so you have it available for reference.

 

Delete the previously saved copy of zoek-results.log.
The log is found on the systemdrive, normally C:\

Next, copy the entire script inside the code box below:

createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b

Now open Notepad, and in the Notepad window paste the text, and save the text to a new text file on the Desktop named Zoek.txt

• DISCONNECT from the Internet
• Close all running programs.
• Reboot to Safe Mode (without Networking).
• After rebooting, double-click on Zoek.txt that you previously saved to the Desktop.
• In the Notepad window that opens, select all the text that you previously saved and Copy the text.
• Close Notepad.
• On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
• (Give it a few seconds to appear.)
• Next, paste the entire script you just copied from Notepad to the input field of Zoek:
• Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.

Save the file to the Desktop for easy retrieval, and close Notepad.

The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

 

Restart the system.

Reconnect to the Internet.

Please post the zoek-results.log in your reply, note any errors encountered, and let me know how the system is running.

[paulo34]

sorry for the delay. ive been very busy

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Bob on 03/09/2016 at 15:31:24.20.
Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\Bob\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\Users\Bob\AppData\Roaming\MPC-HC deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\42lUtyI5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\42lUtyI5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================


==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\42lUtyI5.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137
- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- Instagram for Firefox - %ProfilePath%\extensions\jid0-BumCY9dUzYckeJaH3JEeimjBpxM@jetpack.xpi
- Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\7zj88kw2.default-1453194899137
CEEF2B70937C374295AF8047525B137D    - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll -    Adobe Acrobat
08C3C6B144EB5EBDE93263237C53DB14    - C:\Program Files\VideoLAN\VLC\npvlc.dll -    VLC Web Plugin
3EE8AE0ECFE5D79DE1737A855AD1E84C    - C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll -    Google Update
CF46E0E1398B382CE0CE738C67A38DD1    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live? Photo Gallery
C45A130CA14334073C0FF795897A1D22    - c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll -    Silverlight Plug-In
8C98D3D162E200A8F2620E1709F19EF0    - C:\Program Files\Google\Picasa3\npPicasa3.dll -    Picasa
0205ADAFFDDF04F0F69200E5CFB5FFD9    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
88041A1D3DB193614C1DD264CDD7417E    - C:\windows\system32\Adobe\Director\np32dsw_1221171.dll -    Shockwave for Director / Shockwave for Director
67D325B5AEB28E381B84E8DE1A90C7A8    - C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll -    Shockwave Flash
62D98B286C805E193568037B70D936D2    - C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll -    Shockwave Flash
B24F014C6DDA5A39CE7FCB2A8B862C5A    - c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrlui.dll -    Microsoft® Silverlight


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACSW17EN deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KSS deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype deleted successfully

==== Empty IE Cache ======================

C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=137 folders=42 21752634 bytes)

==== Empty Temp Folders ======================

C:\Users\Bob\AppData\Local\temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Bob\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 03/09/2016 at 16:17:32.35 ======================
 

[TheJoker]

Remember, as you connect through an Internet cafe, you always need to have the firewall and antivirus turned on.

 

How is the system running now?

[paulo34]

The system is running better, so thanks a lot.

I ran mbam again last night by the way and it came up clean.

[TheJoker]

Excellent!

 

Now it's time to do some cleanup.

 

You can now delete the following tools and any logs they created:

AdwCleaner (run the program and click Uninstall)

Junkware Removal Tool
Farbar Recovery Scan Tool (and delete the folder C:\FRST)

Security Analysis

RogueKiller (I see you had used this, probably the tool you used that you couldn't remember the name)
Kaspersky Virus Removal Tool
fix.reg (that you created)
StartUpLite (as you didn't find it useful)
Zeok tool

 

To help keep malware off your system:

• Keep Windows updated at Windows Update or Microsoft Update.
• Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
• Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.
• Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
• Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
• Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
• Don't click on links received in instant message programs.
• In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
• A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
• A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.html
• I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

[nasdaq]

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.