Solved Slow Laptop, nothing specific

Cory · Feb 22, 2017

I am working on my girlfriends windows 7 samsung laptop and getting it back to running a little better. Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017

Click to expand...

Ran by Tonya (administrator) on TONYA-PC (22-02-2017 09:34:57)
Running from C:\Users\Tonya\Desktop
Loaded Profiles: Tonya (Available Profiles: Tonya)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIBA.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
() C:\Program Files (x86)\puush\puush.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIIBA.EXE [278112 2011-11-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-06-06] ()
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\MountPoints2: {4be0b2c6-d323-11e5-9fd1-e8039a37613a} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\MountPoints2: {4c9d58d1-59f7-11e1-8884-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\MountPoints2: {fc124739-1a20-11e5-a1c0-e8039a37613a} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2013-01-29]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-02-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{3948824D-B2F4-423C-A1D2-78CAED095655}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com/
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-12] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)

FireFox:
========
FF ProfilePath: C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\pcw27saw.default [2017-02-16]
FF NetworkProxy: Mozilla\Firefox\Profiles\pcw27saw.default -> type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-04-11] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Google Search) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (AdBlock) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-13] (Red Bend Ltd.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [204304 2012-04-11] (Nitro PDF Software)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-13] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-21] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [110536 2017-02-22] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [43968 2017-02-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-22] (Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-02-18] (Windows (R) 2003 DDK 3790 provider)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 09:34 - 2017-02-22 09:38 - 00020195 _____ C:\Users\Tonya\Desktop\FRST.txt
2017-02-22 09:34 - 2017-02-22 09:34 - 00000000 ____D C:\FRST
2017-02-22 09:33 - 2017-02-22 09:33 - 02422784 _____ (Farbar) C:\Users\Tonya\Downloads\FRST64.exe
2017-02-22 09:33 - 2017-02-22 09:33 - 02422784 _____ (Farbar) C:\Users\Tonya\Desktop\FRST64.exe
2017-02-21 10:18 - 2017-02-21 10:18 - 00000000 ____D C:\Users\Tonya\AppData\Local\CEF
2017-02-21 10:16 - 2017-02-22 08:40 - 00000000 ____D C:\ProgramData\Avg
2017-02-21 10:16 - 2017-02-22 08:38 - 00000000 ____D C:\Users\Tonya\AppData\Local\AvgSetupLog
2017-02-21 10:16 - 2017-02-21 10:16 - 00000000 ____D C:\Users\Tonya\AppData\Local\Avg
2017-02-21 09:55 - 2017-02-21 09:56 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tonya\Downloads\AVG_Protection_Free_1606.exe
2017-02-21 09:42 - 2017-02-21 09:48 - 254025068 _____ C:\Users\Tonya\Downloads\mb_driver_lan_intel_100series.zip
2017-02-21 09:42 - 2017-02-21 09:44 - 186858319 _____ C:\Users\Tonya\Downloads\mb_driver_lan_bigfoot.zip
2017-02-21 09:38 - 2017-02-21 09:38 - 00176584 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-02-21 09:37 - 2017-02-22 09:08 - 00251848 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 09:37 - 2017-02-22 09:08 - 00110536 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-02-21 09:37 - 2017-02-22 09:08 - 00043968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-02-21 09:37 - 2017-02-21 12:00 - 00081696 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-02-21 09:37 - 2017-02-21 09:37 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-21 09:37 - 2017-02-21 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-21 09:37 - 2017-01-20 07:47 - 00077416 _____ C:\windows\system32\Drivers\mbae64.sys
2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-21 09:33 - 2017-02-21 09:34 - 55566792 _____ (Malwarebytes ) C:\Users\Tonya\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-21 07:56 - 2017-02-21 10:23 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-02-21 07:55 - 2017-02-21 07:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 07:55 - 2017-02-21 07:55 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-02-06 19:28 - 2017-02-06 19:28 - 00054409 _____ C:\Users\Tonya\Desktop\1098e_interest_statementgreatlakes.pdf
2017-02-04 18:34 - 2017-02-04 18:35 - 00104076 _____ C:\Users\Tonya\Desktop\Tonya Baker Resume 2017.pdf
2017-02-04 05:04 - 2017-02-04 05:04 - 00000000 ____D C:\Users\Tonya\AppData\Local\{81BBAFF1-8DC9-4541-8384-B85370A15226}
2017-02-02 21:43 - 2017-02-02 21:43 - 00000000 ____D C:\Users\Tonya\AppData\Local\{5C8F2909-566B-47D4-8101-10F51F5CD5C9}
2017-02-02 21:36 - 2017-02-02 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-30 18:13 - 2017-01-30 18:13 - 00103612 _____ C:\Users\Tonya\Desktop\Blue Scrimmage.html
2017-01-30 18:13 - 2017-01-30 18:13 - 00000000 ____D C:\Users\Tonya\Desktop\Blue Scrimmage_files
2017-01-27 08:51 - 2017-01-27 08:51 - 00001159 _____ C:\Users\Tonya\Desktop\Tonya Baker Resume 2016 - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 09:38 - 2009-07-13 22:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-22 09:38 - 2009-07-13 22:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-22 09:26 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2017-02-22 09:24 - 2014-09-15 19:46 - 00000000 ____D C:\ProgramData\Apple
2017-02-22 09:19 - 2015-06-01 13:46 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2017-02-22 09:03 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-02-22 09:01 - 2012-06-01 03:42 - 00000000 ____D C:\Users\Tonya\AppData\Local\Deployment
2017-02-22 08:51 - 2012-06-02 02:21 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-02-21 10:22 - 2012-02-01 16:44 - 00000000 ____D C:\ProgramData\Adobe
2017-02-21 09:36 - 2013-02-06 21:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-21 07:55 - 2013-05-17 20:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-21 07:55 - 2012-06-01 07:45 - 00000000 ____D C:\Users\Tonya\AppData\Local\Adobe
2017-02-19 08:45 - 2012-06-05 17:23 - 00000000 ____D C:\Users\Tonya\AppData\Local\ElevatedDiagnostics
2017-02-16 19:21 - 2012-06-02 02:21 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-02-16 19:21 - 2012-06-02 02:21 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-16 19:21 - 2012-06-02 02:21 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-02-16 19:20 - 2012-06-02 02:21 - 00000000 ____D C:\windows\system32\Macromed
2017-02-16 19:20 - 2012-02-01 16:40 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-02-11 10:52 - 2013-11-14 17:32 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-11 10:51 - 2016-11-17 23:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 17:43 - 2013-02-20 17:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 17:43 - 2013-02-20 17:33 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-04 18:36 - 2014-06-21 10:10 - 00000000 ____D C:\Users\Tonya\Desktop\Resume
2017-02-04 18:18 - 2012-06-01 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-03 06:45 - 2016-12-19 06:47 - 00000000 ____D C:\Users\Tonya\AppData\LocalLow\Mozilla
2017-02-02 21:43 - 2012-08-21 11:57 - 00000000 ____D C:\Users\Tonya\Desktop\Pics
2017-02-02 21:36 - 2016-12-29 18:12 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-02-02 21:36 - 2015-11-12 20:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-26 11:52 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache

==================== Files in the root of some directories =======

2013-10-13 22:42 - 2013-10-13 22:42 - 0000036 _____ () C:\Users\Tonya\AppData\Roaming\mbam.context.scan
2012-02-01 16:49 - 2012-02-01 16:49 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-02-01 16:44 - 2012-02-01 16:45 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-02-01 16:47 - 2012-02-01 16:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-02-01 16:45 - 2012-02-01 16:47 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-02-01 16:47 - 2012-02-01 16:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some files in TEMP:
====================
2012-11-20 19:45 - 2012-11-20 19:45 - 0460800 _____ (Realtek Semiconductor Corp.) C:\Users\Tonya\AppData\Local\Temp\COMAP.EXE
2012-06-05 17:57 - 2012-06-05 17:57 - 0690176 _____ (SEIKO EPSON CORPORATION) C:\Users\Tonya\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
2013-01-30 17:58 - 2013-01-30 17:58 - 0897448 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
2013-06-21 19:58 - 2013-06-21 19:58 - 0903080 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 12:27 - 2013-10-08 12:27 - 0915368 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2014-04-15 14:50 - 2014-04-15 14:50 - 0921512 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-11 15:12 - 2014-07-11 15:12 - 0918952 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2014-09-29 11:06 - 2014-09-29 11:06 - 0937896 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2016-06-22 10:52 - 2016-06-22 10:52 - 0741440 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-01-18 06:44 - 2017-01-18 06:44 - 0739904 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u121-windows-au.exe
2014-12-18 11:29 - 2014-12-18 11:29 - 0641448 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u31-windows-au.exe
2015-04-30 17:37 - 2015-04-30 17:37 - 0562272 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u45-windows-au.exe
2015-06-12 16:21 - 2015-06-12 16:21 - 0563808 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-10-07 12:17 - 2015-10-07 12:17 - 0585824 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-10 09:59 - 2015-11-10 09:59 - 0585824 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u66-windows-au.exe
2015-12-23 12:48 - 2015-12-23 12:48 - 0644704 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-01-30 02:10 - 2016-01-30 02:10 - 0736352 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-06-17 11:43 - 2016-06-17 11:43 - 0739904 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u91-windows-au.exe
2010-02-05 09:46 - 2010-02-05 09:46 - 0779600 ____N (CANON INC.) C:\Users\Tonya\AppData\Local\Temp\MSETUP4.EXE
2006-10-30 09:10 - 2006-10-30 09:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Tonya\AppData\Local\Temp\_is473E.exe
2007-04-05 03:09 - 2007-04-05 03:09 - 0455600 ____R (Macrovision Corporation) C:\Users\Tonya\AppData\Local\Temp\_is6327.exe
2015-08-07 17:29 - 2015-08-07 17:29 - 0000000 _____ () C:\Users\Tonya\AppData\Local\Temp\{D512DEEC-50B9-4D27-823C-B81F47290D88}-44.0.2403.130_43.0.2357.134_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-19 08:38

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017

Click to expand...

Ran by Tonya (22-02-2017 09:40:36)
Running from C:\Users\Tonya\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-01 09:28:34)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2880522861-2664208021-4051181673-500 - Administrator - Disabled)
Guest (S-1-5-21-2880522861-2664208021-4051181673-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2880522861-2664208021-4051181673-1004 - Limited - Enabled)
Tonya (S-1-5-21-2880522861-2664208021-4051181673-1000 - Administrator - Enabled) => C:\Users\Tonya

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3806.02 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON NX100 Series Printer Uninstall (HKLM\...\EPSON NX100 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mission Planner (HKLM-x32\...\{1BB8304A-BAFD-4339-B8D7-2BB31F85DADA}) (Version: 1.3.7 - Michael Oborne)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Nitro Reader 2 (HKLM\...\{7B72A3FB-2563-4A83-B054-98C57415DFFA}) (Version: 2.3.1.7 - Nitro PDF Software)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.2 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
Windows Driver Package - 3D Robotics (usbser) Ports (04/11/2013 2.0.0.4) (HKLM\...\434608CF2B6E31F0DDBA5C511053F957B55F098E) (Version: 04/11/2013 2.0.0.4 - 3D Robotics)
Windows Driver Package - 3D Robotics (usbser) Ports (04/11/2013 2.0.0.4) (HKLM\...\FCBC924691E2F2C40A755779AA1E64588ED634A6) (Version: 04/11/2013 2.0.0.4 - 3D Robotics)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports (11/15/2012 5.1.2600.1) (HKLM\...\4D5C83CB44CE9278C27458316B8CCA4571BA7B39) (Version: 11/15/2012 5.1.2600.1 - Arduino LLC (www.arduino.cc))
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F837B3-A130-4BE4-81AA-A2AF50A48759} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.)
Task: {069BB839-FC15-419E-8C6F-7DDB43847102} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
Task: {1191F933-570A-4668-85A6-86A35A38883E} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {148F1AA6-732D-4488-9646-1C5A3A359D86} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-22] (Samsung Electronics)
Task: {1647740E-1BAE-465F-8326-5345FD017923} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {2DEDB326-6F84-4453-B8A4-FBEE8D32A27A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {40704A58-0AB1-4216-86B8-E73BC5AB5639} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {44BF78AC-944F-4FAE-86A8-0208DF37C8E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-19] (SAMSUNG Electronics co., LTD.)
Task: {5080A8AD-21F0-4996-98EC-EAD722F95AAF} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {71F08F47-726A-4CE2-830D-E96047366186} - System32\Tasks\{C30423AA-F180-40E1-8A14-3F221956945A} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2016-11-16] (Microsoft Corporation)
Task: {AE68459D-AFEF-4D5D-A82E-0496E00A6FF6} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.)
Task: {CD9CF607-BAEE-4240-B2A2-3D4D91492968} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {CDB304D7-81BA-4E03-B39F-6410CDA32002} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {DBFA864B-B8C3-48B2-9C26-243CB8860C17} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-17] (Samsung Electronics. Co. Ltd.)
Task: {E1376645-1707-4E45-AC11-C8112ECD7C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {E6E302AB-08FA-4F60-BE5C-CD2450B0F5CF} - System32\Tasks\{64A7C46F-B7BD-458F-BCF2-57372439E14B} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2016-11-16] (Microsoft Corporation)
Task: {EEF72E03-9A7E-4223-AEBC-204D70C87AC4} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {F185412F-8A50-4006-957D-71BEF30733E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F2640E01-75F3-4907-BA34-FDFEAAAEC299} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-01-04 21:53 - 2011-01-04 21:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-06-03 17:31 - 2011-02-28 16:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2012-02-01 19:20 - 2008-06-04 17:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2012-02-01 16:46 - 2009-12-01 01:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-01-10 13:41 - 2015-06-06 12:56 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2017-02-21 09:37 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-21 09:37 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2012-02-01 19:20 - 2010-10-21 12:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2011-01-04 21:53 - 2011-01-04 21:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-02-01 19:17 - 2010-12-16 18:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-02-01 16:38 - 2006-08-11 21:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2012-02-01 16:53 - 2010-07-05 04:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2012-02-01 16:54 - 2010-05-07 08:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-01 23:20 - 2009-11-01 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-01 23:23 - 2009-11-01 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2017-02-06 17:43 - 2017-02-01 03:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 17:43 - 2017-02-01 03:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2017-02-02 21:36 - 00000877 ____A C:\windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A4CB50BB-9F0D-47F4-822F-B523397F6658}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{9F79BDD0-DB37-4D2D-8852-F18C4F6EF89D}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{60C87FD3-BF65-4E21-9286-97D0B669F9A9}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{765BA8BA-2580-4A55-B591-C2EEBDB4F3CA}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{9BB400E5-5995-4629-A8A9-C65716CE5A89}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{B369024C-871A-48BC-8212-613132B8A2D6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{F1C1E2DE-5B21-4106-B1FC-7C5E7B4F94F1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{92D61651-FA8F-44BB-B609-726F7BC56DC1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{C879E83B-5DE6-427F-82C5-CEB2562411D3}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{45536E00-315D-435A-8015-4455424D79CC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{6AD9E22A-1FB6-4207-BE22-9466042B0747}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0A7E3BEC-D650-4318-BAC7-AA364F9E4CE1}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{DE6FB64A-B3E4-494B-B282-65308371A661}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{CB71EA61-C673-4897-8099-B77D69066021}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C476AE8A-1512-4284-9E83-D0661DD329C6}] => (Allow) LPort=2869
FirewallRules: [{AA339E05-FECA-4913-A28E-FF4E758ACE8A}] => (Allow) LPort=1900
FirewallRules: [{CB56F428-6053-4CD1-B644-C50009670475}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A32EC7C9-A708-4E54-A38B-C48EF9BCB9F1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{75748FF4-E956-472D-86C4-DBA4B14BEA61}C:\users\tonya\appdata\local\microsoft\windows\temporary internet files\content.ie5\zbv6wpsz\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod023_en-us.exe] => (Allow) C:\users\tonya\appdata\local\microsoft\windows\temporary internet files\content.ie5\zbv6wpsz\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod023_en-us.exe
FirewallRules: [UDP Query User{94F21023-7BB0-461E-8895-6C79F91D10DF}C:\users\tonya\appdata\local\microsoft\windows\temporary internet files\content.ie5\zbv6wpsz\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod023_en-us.exe] => (Allow) C:\users\tonya\appdata\local\microsoft\windows\temporary internet files\content.ie5\zbv6wpsz\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod023_en-us.exe
FirewallRules: [TCP Query User{1311F1B3-AA5A-4CA5-9889-9FAC3E4E868C}C:\users\tonya\desktop\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod8_en-us.exe] => (Allow) C:\users\tonya\desktop\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod8_en-us.exe
FirewallRules: [UDP Query User{31B7F998-6E74-41E0-B65B-710990E13D8B}C:\users\tonya\desktop\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod8_en-us.exe] => (Allow) C:\users\tonya\desktop\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod8_en-us.exe
FirewallRules: [TCP Query User{C2735454-ADD4-4DAA-AE27-9F50BBE137A6}C:\users\tonya\appdata\local\temp\epsoninkjetdriverdownloader.exe] => (Allow) C:\users\tonya\appdata\local\temp\epsoninkjetdriverdownloader.exe
FirewallRules: [UDP Query User{3081759C-D7CC-450A-BD03-6909448E23FB}C:\users\tonya\appdata\local\temp\epsoninkjetdriverdownloader.exe] => (Allow) C:\users\tonya\appdata\local\temp\epsoninkjetdriverdownloader.exe
FirewallRules: [{D017F287-A32C-47C3-9D98-40D385BBFAE8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{661B17AE-7693-489C-BFEE-2128F3CF5B39}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{99E69726-CEA4-49BE-9B78-923142FC8F31}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{A75FDE1D-2848-4AA5-93EB-031387386915}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [UDP Query User{4BB651AD-2FC4-4AEB-9E8F-8FDA3C91DC45}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [{7491D6D1-5041-427D-8567-E1140A91FFB7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C764A4D1-1247-43B9-AC62-2CF75EDB7167}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A35B74BA-199E-4FE4-B430-121A73E51B0B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A84E4000-F07F-4DF6-AD2A-C2C35605364C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A7C42ED1-CB40-4CA1-95D4-A79B5E758475}] => (Allow) C:\Users\Tonya\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DCCF766B-34B7-4D96-A30B-7B47EE85F055}] => (Allow) C:\Users\Tonya\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{28536F5D-19CC-4A10-88B4-0B0CD72969F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CFA46658-75A8-46FC-B119-25DF32335115}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A1150F97-155D-41BE-AD75-F2891A0DBC95}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{250F17FA-4314-4E7C-AC67-C6F1B3F4CD99}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BD3B3038-AA65-4A3D-8DB7-EC5B4C8653DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2C5C0DE7-12CC-45E7-8E12-2F8DC39D3B2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{38E8ACF8-CB42-4B2D-8EE4-374E6487C9D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-02-2017 18:36:53 Windows Update
08-02-2017 18:23:51 Windows Update
12-02-2017 20:56:46 Windows Update
16-02-2017 19:32:46 Windows Update
20-02-2017 18:22:01 Windows Update
22-02-2017 08:57:32 Removed Best Buy Connect.
22-02-2017 09:08:57 Removed iTunes
22-02-2017 09:21:13 Removed Bonjour
22-02-2017 09:22:31 Removed Apple Application Support (32-bit)
22-02-2017 09:23:54 Removed Apple Application Support (64-bit)
22-02-2017 09:25:36 Removed Apple Mobile Device Support
22-02-2017 09:26:42 Removed Apple Software Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2017 09:25:06 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Tonya-PC)
Description: Application or service 'Apple Mobile Device Service' could not be restarted.

Error: (02/22/2017 09:04:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/22/2017 08:28:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/21/2017 10:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16661

Error: (02/21/2017 10:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16661

Error: (02/21/2017 10:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2017 10:53:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15413

Error: (02/21/2017 10:53:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15413

Error: (02/21/2017 10:53:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2017 10:53:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14415

System errors:
=============
Error: (02/22/2017 09:25:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/22/2017 09:25:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.

Error: (02/22/2017 09:13:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/22/2017 09:06:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2017 09:04:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2017 09:04:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Amazon Unbox Video Service service to connect.

Error: (02/22/2017 08:37:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/22/2017 08:33:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/22/2017 08:31:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2017 08:29:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 6057.55 MB
Available physical RAM: 3192.73 MB
Total Virtual: 12113.28 MB
Available Virtual: 9393.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:365 GB) (Free:214.97 GB) NTFS
Drive d: () (Fixed) (Total:547.38 GB) (Free:547.27 GB) NTFS
Drive e: (50941) (CDROM) (Total:4.16 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E199BFFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=365 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=547.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19 GB) - (Type=27)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software

Click to expand...

Run date: 2017-02-22 09:47:24
-----------------------------
09:47:24.647 OS Version: Windows x64 6.1.7601 Service Pack 1
09:47:24.647 Number of processors: 4 586 0x2A07
09:47:24.652 ComputerName: TONYA-PC UserName: Tonya
09:47:49.299 Initialize success
09:47:49.575 VM: initialized successfully
09:47:49.578 VM: Intel CPU supported
09:47:54.187 VM: supported disk I/O iaStor.sys
09:49:49.379 AVAST engine defs: 17010903
11:03:48.685 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:03:48.691 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 953869MB BusType: 3
11:03:48.859 VM: Disk 0 MBR read successfully
11:03:48.867 Disk 0 MBR scan
11:03:49.011 Disk 0 unknown MBR code
11:03:49.553 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:03:49.566 Disk 0 default boot code
11:03:49.692 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 373760 MB offset 206848
11:03:49.797 Disk 0 Partition - 00 0F Extended LBA 560516 MB offset 765667328
11:03:49.848 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 19492 MB offset 1913604096
11:03:50.020 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 560515 MB offset 765669376
11:03:50.389 Disk 0 scanning C:\windows\system32\drivers
11:04:22.647 Service scanning
11:05:26.491 Modules scanning
11:05:26.506 Disk 0 trace - called modules:
11:05:26.548 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:05:26.560 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800820a060]
11:05:26.573 3 CLASSPNP.SYS[fffff8800132743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80066d8050]
11:05:28.239 AVAST engine scan C:\windows
11:05:36.482 AVAST engine scan C:\windows\system32
11:23:33.121 AVAST engine scan C:\windows\system32\drivers
11:25:23.926 AVAST engine scan C:\Users\Tonya
11:50:00.481 AVAST engine scan C:\ProgramData
11:59:32.115 Disk 0 statistics 4178711/0/21915 @ 1.62 MB/s
11:59:32.132 Scan finished successfully
15:03:40.313 Disk 0 MBR has been saved successfully to "C:\Users\Tonya\Desktop\MBR.dat"
15:03:40.504 The log file has been saved successfully to "C:\Users\Tonya\Desktop\aswMBR.txt"

Malnutrition · Feb 22, 2017

Please uninstall the programs listed below with Geek Uninstaller.

Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)

Update all old programs with Patch My PC -- One click and free.

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Zemana Scan.

Please download Zemana AntiMalware and save it to your Desktop.

Install the program and once the installation is complete it will start automatically.
Click the Cog/Sproket Wheel,

at the top right of Zemana
Select Advanced - I have read the warning and wish to proceed.
Place a tick next to Detect Suspicious (Root CA) Certificates.
Then click the house icon in Zemana.
Then, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

Open Zemana AntiMalware again.
Click on

icon and double click the latest report.
Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to Copy Paste saved report in your next message.

This will open a logfile, post that in your next reply

Cory · Feb 23, 2017

Still working on it. Life, "the bar" got in the way last night.

The best buy app that is hidden was not in the geek tool, How should i remove it? I had already removed some of the other bust buy apps.

Malnutrition · Feb 23, 2017

Cory said:
How should i remove it?

File Search With Everything Search Engine.

Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste best buy into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.

Cory · Feb 23, 2017

here is the FRST fix file:

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01

Click to expand...

Ran by Tonya (23-02-2017 14:18:31) Run:1
Running from C:\Users\Tonya\Desktop
Loaded Profiles: Tonya (Available Profiles: Tonya)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
emptytemp:
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\MountPoints2: {4be0b2c6-d323-11e5-9fd1-e8039a37613a} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\MountPoints2: {4c9d58d1-59f7-11e1-8884-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\MountPoints2: {fc124739-1a20-11e5-a1c0-e8039a37613a} - F:\LG_PC_Programs.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2013-01-29]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-02-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
C:\ProgramData\Best Buy pc app
C:\Program Files\McAfee Security Scan
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{3948824D-B2F4-423C-A1D2-78CAED095655}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}: [DhcpNameServer] 75.75.76.76 75.75.75.75
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com/
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
FF NetworkProxy: Mozilla\Firefox\Profiles\pcw27saw.default -> type", 4
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\windows\SysWOW64\npDeployJava1.dll => No File
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
C:\ProgramData\Avg
C:\Users\Tonya\AppData\Local\AvgSetupLog
C:\Users\Tonya\AppData\Local\Avg
C:\Users\Tonya\Downloads\AVG_Protection_Free_1606.exe
C:\windows\System32\Tasks\Adobe Acrobat Update Task
C:\Users\Tonya\AppData\Local\{81BBAFF1-8DC9-4541-8384-B85370A15226}
C:\Users\Tonya\AppData\Local\{5C8F2909-566B-47D4-8101-10F51F5CD5C9}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
C:\windows\Tasks\Adobe Flash Player Updater.job
C:\windows\System32\Tasks\Adobe Flash Player Updater
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Task: {069BB839-FC15-419E-8C6F-7DDB43847102} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
Task: {1191F933-570A-4668-85A6-86A35A38883E} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {148F1AA6-732D-4488-9646-1C5A3A359D86} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-22] (Samsung Electronics)
Task: {1647740E-1BAE-465F-8326-5345FD017923} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {2DEDB326-6F84-4453-B8A4-FBEE8D32A27A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {40704A58-0AB1-4216-86B8-E73BC5AB5639} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {44BF78AC-944F-4FAE-86A8-0208DF37C8E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-19] (SAMSUNG Electronics co., LTD.)
Task: {5080A8AD-21F0-4996-98EC-EAD722F95AAF} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {AE68459D-AFEF-4D5D-A82E-0496E00A6FF6} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.)
Task: {CDB304D7-81BA-4E03-B39F-6410CDA32002} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {DBFA864B-B8C3-48B2-9C26-243CB8860C17} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-17] (Samsung Electronics. Co. Ltd.)
Task: {E1376645-1707-4E45-AC11-C8112ECD7C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {EEF72E03-9A7E-4223-AEBC-204D70C87AC4} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {F185412F-8A50-4006-957D-71BEF30733E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F2640E01-75F3-4907-BA34-FDFEAAAEC299} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
C:\windows\Tasks\Adobe Flash Player Updater.job
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
C:\windows\system32\Drivers\etc\hosts
Hosts:
reboot:
end

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4be0b2c6-d323-11e5-9fd1-e8039a37613a} => key removed successfully
HKCR\CLSID\{4be0b2c6-d323-11e5-9fd1-e8039a37613a} => key not found.
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c9d58d1-59f7-11e1-8884-806e6f6e6963} => key removed successfully
HKCR\CLSID\{4c9d58d1-59f7-11e1-8884-806e6f6e6963} => key not found.
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc124739-1a20-11e5-a1c0-e8039a37613a} => key removed successfully
HKCR\CLSID\{fc124739-1a20-11e5-a1c0-e8039a37613a} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk => moved successfully
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => not found.
C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe => not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => moved successfully
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
C:\ProgramData\Best Buy pc app => moved successfully
"C:\Program Files\McAfee Security Scan" => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3948824D-B2F4-423C-A1D2-78CAED095655}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value not found.
HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully
HKCR\Wow6432Node\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
Firefox Proxy settings were reset.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll => not found.
C:\windows\SysWOW64\npDeployJava1.dll => not found.
McComponentHostService => service not found.
C:\ProgramData\Avg => moved successfully
C:\Users\Tonya\AppData\Local\AvgSetupLog => moved successfully
C:\Users\Tonya\AppData\Local\Avg => moved successfully
C:\Users\Tonya\Downloads\AVG_Protection_Free_1606.exe => moved successfully
C:\windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
C:\Users\Tonya\AppData\Local\{81BBAFF1-8DC9-4541-8384-B85370A15226} => moved successfully
C:\Users\Tonya\AppData\Local\{5C8F2909-566B-47D4-8101-10F51F5CD5C9} => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" => not found.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => moved successfully
C:\windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk" => not found.
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log => moved successfully
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{069BB839-FC15-419E-8C6F-7DDB43847102} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{069BB839-FC15-419E-8C6F-7DDB43847102} => key removed successfully
C:\windows\System32\Tasks\SUPBackground => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPBackground => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1191F933-570A-4668-85A6-86A35A38883E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1191F933-570A-4668-85A6-86A35A38883E} => key removed successfully
C:\windows\System32\Tasks\SmartRestarter => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartRestarter => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{148F1AA6-732D-4488-9646-1C5A3A359D86} => key not found.
C:\windows\System32\Tasks\EasySpeedUpManager => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasySpeedUpManager => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1647740E-1BAE-465F-8326-5345FD017923} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1647740E-1BAE-465F-8326-5345FD017923} => key removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DEDB326-6F84-4453-B8A4-FBEE8D32A27A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DEDB326-6F84-4453-B8A4-FBEE8D32A27A} => key removed successfully
C:\windows\System32\Tasks\Adobe Flash Player Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40704A58-0AB1-4216-86B8-E73BC5AB5639} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40704A58-0AB1-4216-86B8-E73BC5AB5639} => key removed successfully
C:\windows\System32\Tasks\MovieColorEnhancer => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MovieColorEnhancer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44BF78AC-944F-4FAE-86A8-0208DF37C8E2} => key not found.
C:\windows\System32\Tasks\EasyBatteryManager => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyBatteryManager => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5080A8AD-21F0-4996-98EC-EAD722F95AAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5080A8AD-21F0-4996-98EC-EAD722F95AAF} => key removed successfully
C:\windows\System32\Tasks\SamsungSupportCenter => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SamsungSupportCenter => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE68459D-AFEF-4D5D-A82E-0496E00A6FF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE68459D-AFEF-4D5D-A82E-0496E00A6FF6} => key removed successfully
C:\windows\System32\Tasks\EasyDisplayMgr => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyDisplayMgr => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CDB304D7-81BA-4E03-B39F-6410CDA32002} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDB304D7-81BA-4E03-B39F-6410CDA32002} => key removed successfully
C:\windows\System32\Tasks\advSRS5 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\advSRS5 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBFA864B-B8C3-48B2-9C26-243CB8860C17} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBFA864B-B8C3-48B2-9C26-243CB8860C17} => key removed successfully
C:\windows\System32\Tasks\BatteryLifeExtender => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BatteryLifeExtender => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1376645-1707-4E45-AC11-C8112ECD7C94} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1376645-1707-4E45-AC11-C8112ECD7C94} => key removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEF72E03-9A7E-4223-AEBC-204D70C87AC4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEF72E03-9A7E-4223-AEBC-204D70C87AC4} => key removed successfully
C:\windows\System32\Tasks\EasyPartitionManager => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyPartitionManager => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F185412F-8A50-4006-957D-71BEF30733E0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F185412F-8A50-4006-957D-71BEF30733E0} => key removed successfully
C:\windows\System32\Tasks\Adobe Acrobat Update Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2640E01-75F3-4907-BA34-FDFEAAAEC299} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2640E01-75F3-4907-BA34-FDFEAAAEC299} => key removed successfully
C:\windows\System32\Tasks\MirageAgent => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent => key removed successfully
"C:\windows\Tasks\Adobe Flash Player Updater.job" => not found.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\windows\system32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 81703208 B
Java, Flash, Steam htmlcache => 107441010 B
Windows/system/drivers => 21201131083 B
Edge => 0 B
Chrome => 882184543 B
Firefox => 107137000 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42344254 B
systemprofile32 => 5039461 B
LocalService => 128 B
NetworkService => 15416070 B
Tonya => 2972439112 B

RecycleBin => 21462082752 B
EmptyTemp: => 43.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:21:28 ====

Malnutrition · Feb 23, 2017

Cory said:
EmptyTemp: => 43.7 GB temporary data Removed.

........

Most temp files cleaned that I've seen in my 9 years of helping on forums....

Clean up temp files and reduce startup load with CCleaner.

Note: This tool will clean your browsing history as well.

Download CCleaner from here.
After install Click Options.
Go to monitoring.
Uncheck All Monitoring items.
Go to advanced -- Click close program after cleaning.
Go to settings -- click run ccleaner when the computer starts.
Now that you have ccleaner installed and set-up:
Open the program.
Go to Tools
Go to Startup
Now double click each item. To Disable.
Leave only your antivirus enabled.
Then disable All items in your scheduled task as well.
Unless they are related to windows defender.Or your antivirus.
Reboot the machine.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Auto logger scan!

Disable your Antivirus & Anti spyware applications!!
Download Autologger to your desktop.
Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
Right click Autologger and run as admin. (Xp user double click)
AVZ4 will open and scan your machine, allow this to complete.
Upload Collectionlog.zip to your next reply.

Malnutrition · Feb 23, 2017

Might also Clean up some more and then defrag the void....

Deep Clean the machine with Privazer, then defrag with SmartDefrag.

Cory · Feb 23, 2017

she probably never emptied them! lol

here is the zemana log:

Zemana AntiMalware 2.72.2.101 (Installed)

Click to expand...

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/2/23
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
BIOS Mode : Legacy
CUID : 12F7A3D67813DC210CBF86
Scan Type : System Scan
Duration : 22m 16s
Scanned Objects : 65123
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Michael Oborne
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B6B1638E5EFC0DA254F575DF248AD0D1D227924B\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B6B1638E5EFC0DA254F575DF248AD0D1D227924B\Blob = 190000000100000010000000A8C1451ACA8907CCBC39E5AA6D26BE5A0F0000000100000010000000B6E04C6F0B1CC890615F5814C1A933810B00000001000000320000004D00690063006800610065006C0020004F0062006F0072006E0065005F0077006900780043006500720074005F0031000000030000000100000014000000B6B1638E5EFC0DA254F575DF248AD0D1D227924B1400000001000000140000004DEFA5581A7DEBB6EE20BC5AF1CBB9087CAF0C5B200000000100000009020000308202053082016EA0030201020210A44E89781464CBA14C9803DF025C8B36300D06092A864886F70D01010405003019311730150603550403130E4D69636861656C204F626F726E65301E170D3132313131343232353330315A170D3339313233313233353935395A3019311730150603550403130E4D69636861656C204F626F726E6530819F300D06092A864886F70D010101050003818D0030818902818100C2FBB61F31249506B7EC86DC707AF6E070DA777A453D8F0C31A7FCE0F611B52E47C99BFB1A91FBCFA77E11172AF561F17B8BE74E4FB2862FFC462452F52FF3B92619E08E8F14E7F64A5FFB4210A489AE6B00CC89796813B38F1B19D8E5F0B47E3CF3443C9A70A2BE7DDA46AEFD0D94FC8A277F8894BD3DD2D676986F7DD92FE50203010001A34E304C304A0603551D0104433041801086026F4B058056D6DE89DF66592B32A5A11B3019311730150603550403130E4D69636861656C204F626F726E658210A44E89781464CBA14C9803DF025C8B36300D06092A864886F70D01010405000381810016EA77FFEA1057D01CAB9CE6F1726C5C3D93534BECBEB934A6E2F0D6530ECC29966CCBE373A0F783B00A513CB0E030253971B423B7CAFE9834DD92882863F2E15F0BF616955C71AF535A2F91A25440E97DAA262125192DD898B56869CC81EF271C227A4541177C516D53F5A09392A0F1DE272EFBBC6F709E68ECF3636735D4C1

Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0

Cory · Feb 23, 2017

Here is the search everthing info:

C:\FRST\Quarantine\C\ProgramData\Best Buy pc app
C:\FRST\Quarantine\C\ProgramData\Best Buy pc app\Best Buy pc app
C:\Users\Tonya\AppData\Local\Best Buy pc app
C:\Users\Tonya\Desktop\Desktop Icons\Best Buy Connect.lnk
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.dat
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.lnk
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.msi
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.par
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.res
C:\FRST\Quarantine\C\ProgramData\Best Buy pc app\Best Buy pc app\Best Buy pc app.3.0.0.0.application
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\Best Buy pc app.3.0.0.0.application
C:\FRST\Quarantine\C\ProgramData\Best Buy pc app\Best Buy pc app\Best Buy pc app.application
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\Best Buy pc app.application
C:\FRST\Quarantine\C\ProgramData\Best Buy pc app\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.config.deploy
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.config.deploy
C:\FRST\Quarantine\C\ProgramData\Best Buy pc app\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.deploy
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.deploy
C:\FRST\Quarantine\C\ProgramData\Best Buy pc app\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.manifest
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.manifest
C:\FRST\Quarantine\C\ProgramData\Best Buy pc app\Best Buy pc app\Best Buy pc app.lnk
C:\FRST\Quarantine\C\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk.xBAD
C:\Program Files\Intel\WiMAX\Bin\WiMAXData\BestBuyConnectOperator.dat
C:\FRST\Quarantine\C\ProgramData\Best Buy pc app\Best Buy pc app\3.0.0.0\BestBuySoftwareInstaller.dll.deploy
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\BestBuySoftwareInstaller.dll.deploy

Malnutrition · Feb 23, 2017

Alright, when you post the info from Auto logger I will include the removal of the Best Buy items..

Cory · Feb 23, 2017

I am getting this screen from ZHP and not option to repair. not for sure what to do.

Malnutrition · Feb 23, 2017

Exit that screen then press repair on the program.

Malnutrition · Feb 23, 2017

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy the items in red below, and paste them into Zoek.

createsrpoint;
{FBF3739B-717D-4429-BCEB-98D514E65F29};c
C:\Users\Tonya\AppData\Local\Best Buy pc app;f
C:\Users\Tonya\Desktop\Desktop Icons\Best Buy Connect.lnk;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.dat;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.lnk;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.msi;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.par;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.res;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\Best Buy pc app.3.0.0.0.application;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\Best Buy pc app.application;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.config.deploy;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.deploy;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.manifest;f
C:\Program Files\Intel\WiMAX\Bin\WiMAXData\BestBuyConnectOperator.dat;f
C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\BestBuySoftwareInstaller.dll.deploy;f
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Cory · Feb 24, 2017

I tried that on the ZHP Cleaner but the buttons are not active.

Malnutrition · Feb 24, 2017

Just skip the ZHP Cleaner step.

Cory · Feb 24, 2017

It is odd with ZHP, I had to close it with task manager.

attached is the Auto logger collection file

Malnutrition · Feb 24, 2017

Step 1: ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Check_Browsers_LNK from your Collection log made earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.

Step 2: AVZ Fix
Disable your antivirus prior to this fix.
Copy the content of the code box below.

Code:

begin
SetServiceStart('TermService', 4);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\ControlSet001\Control\Remote Assistance','fAllowToGetHelp', 0);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\LSA','RestrictAnonymous', 2);
 DeleteService('MozillaMaintenance');
 StopService('MozillaMaintenance');
 DeleteFile('C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe','32');
 DeleteFile('C:\windows\system32\diagtrack.dll','32');
 DeleteFile('C:\windows\system32\MRT');
 DeleteFile('C:\windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program');
 DeleteFile('C:\windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver');
 DeleteFile('C:\windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector');
 DeleteFile('C:\windows\system32\tasks\Microsoft\Windows\RemoteAssistance');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\DiagTrack\Parameters','ServiceDll');
 DeleteFile('C:\Program Files\Bonjour\mDNSResponder.exe','32');
 DeleteFile('C:\windows\system32\Tasks\Microsoft\Windows\Application Experience\AitAgent','64');
 DeleteFile('C:\windows\system32\Tasks\Microsoft\Windows\Media Center\mcupdate','64');
 DeleteFile('C:\windows\system32\Tasks\Microsoft\Windows\Media Center\RecordingRestart','64');
RebootWindows(true);
end.

Open the folder you unzipped Autologger in. Double click the AVZ4 folder Right click AVZ run as admin. (Xp users Double Click)
Go to file -- Custom Scripts.

Paste the content of your clipboard into the Custom Script Area.
Click the Run Button.

The program will reboot your machine.

Step 3: Hijack This Fix.

Locate the HijackThis file within the Autologger folder, Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - MSConfig\startupfolder: C:^Users^Tonya^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel(R) Turbo Boost Technology Monitor 2.0.lnk - C:\windows\pss\Intel(R) Turbo Boost Technology Monitor 2.0.lnk.Startup (2017/02/23)
O4 - MSConfig\startupreg:[CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[EPLTarget] (2017/02/23) (no file)
O4 - MSConfig\startupreg:[ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[Everything] "C:\Program Files\Everything\Everything.exe" -startup (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[Persistence] C:\windows\system32\igfxpers.exe (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[ZAM] "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized (2017/02/23) (HKLM)
O4 - MSConfig\startupreg:[puush] C:\Program Files (x86)\puush\puush.exe (2017/02/23) (HKCU)
O18 - Pro-maintenancetocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)
O22 - ScheduledTask: (Queued) ProgramDataUpdater - \Microsoft\Windows\Application Experience - C:\windows\system32\compattelrunner.exe
O22 - ScheduledTask: (Ready) ValidationTask - \Microsoft\Windows\Windows Activation Technologies - C:\windows\system32\Wat\WatAdminSvc.exe /run
O22 - ScheduledTask: (Ready) ValidationTaskDeadline - \Microsoft\Windows\Windows Activation Technologies - C:\windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Amazon Unbox Video Service - (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Now click on fix checked.
After the fix is complete, then reboot your machine.

Cory · Feb 24, 2017

here is the ZOEK scan:

Zoek.exe v5.0.0.1 Updated 27-09-2015

Tool run by Tonya on Fri 02/24/2017 at 9:18:28.76.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Tonya\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 9:19:06.05 =====

--- Create Environment Variables 9:19:06.93
--- Create System Restore Point 9:19:11.41
--- Checking Input 9:19:23.20
--- Reset Hosts File 9:19:43.74
--- AU AppData Check 9:19:44.25
--- Remove From Windows Installer 9:19:46.79
--- Empty Folders Check 9:21:41.84
--- Registry HKLM Software Check 9:21:41.85
--- Quick Launch Shortcut Check 9:21:56.49
--- IE Startpage Check 9:22:00.45
--- Program Files DB Check 9:22:14.55
--- C:\Users\Default\AppData\Roaming DB Check 9:22:49.34
--- C:\Users\Default User\AppData\Roaming DB Check 9:22:49.34
--- C:\Users\Tonya\AppData\Roaming DB Check 9:22:49.34
--- C:\windows\SysNative\config\systemprofile\AppData\Roaming DB Check 9:22:49.34
--- C:\windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 9:22:49.34
--- C:\windows\serviceprofiles\networkservice\AppData\Roaming DB Check 9:22:49.34
--- C:\windows\serviceprofiles\Localservice\AppData\Roaming DB Check 9:22:49.34
--- C:\Users\Tonya DB Check 9:24:31.01
--- C:\PROGRA~3 DB Check 9:24:43.74
--- C:\Users\Default\AppData\Local DB Check 9:24:47.11
--- C:\Users\Default User\AppData\Local DB Check 9:24:47.11
--- C:\Users\Tonya\AppData\Local DB Check 9:24:47.11
--- C:\windows\SysNative\config\systemprofile\AppData\Local DB Check 9:24:47.11
--- C:\windows\sysWoW64\config\systemprofile\AppData\Local DB Check 9:24:47.11
--- C:\windows\serviceprofiles\networkservice\AppData\Local DB Check 9:24:47.11
--- C:\windows\serviceprofiles\Localservice\AppData\Local DB Check 9:24:47.11
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 9:26:01.89
--- C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 9:26:09.47
--- Tasks DB Check 9:26:14.29
--- Downloads DB Check 9:26:17.27
--- C:\Users\Tonya\AppData\LocalLow DB Check 9:26:20.47
--- C:\windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 9:26:20.47
--- C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 9:26:20.47
--- C:\windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 9:26:20.47
--- C:\windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 9:26:20.47
--- Tasks2 DB Check 9:26:58.19
--- Documents DB Check 9:27:20.87
--- C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\pcw27saw.default DB Check 9:27:26.51
--- C:\Users\Public\Desktop DB Check 9:27:28.27
--- C:\Users\Tonya\Desktop DB Check 9:27:32.22
--- Services DB Check 9:27:39.66
--- FF prefs.js DB Check 9:28:13.37
--- Emptyclsid 9:28:43.46
--- Del by CLSID 9:28:45.35
--- Delete Services 9:28:58.30
--- Batch Commands 9:29:00.26
--- Delete files\folders 9:29:00.47
--- Create Backups 9:29:00.54
--- Firefox Extensions 9:29:06.47

Malnutrition · Feb 24, 2017

Zoek was not complete, you will know when it is done when the machine reboots.

Cory · Feb 24, 2017

Here is the ClearLNK log

ClearLNK by Alex Dragokas ver. 2.9.0.11

OS: x64 Windows 7 Home Premium, 6.1.7601, Service Pack: 1
Time: 24.02.2017 - 14:41
Language: OS: EN (0x409). Display: EN (0x409). Non-Unicode: EN (0x409)
Elevated: Yes
User: Tonya (group: Administrator)

_____________________________ Begin of Log ______________________________
.
[DEL ] 7 "C:\Users\Tonya\AppData\Roaming\Microsoft\Word\Final%20Paper-2303246832432936426\Final%20Paper-2.docx.lnk" (target was not recovered)
.
[SKIP] 1 "C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.lnk" (shortcut was not found)
[SKIP] 2 "C:\Users\Tonya\Desktop\Desktop Icons\Best Buy Connect.lnk" (shortcut was not found)
[SKIP] 3 "C:\Users\Tonya\Desktop\Desktop Icons\Office Professional 2010 _1338550397971.lnk" (shortcut was not found)
[SKIP] 4 "C:\Users\Tonya\Desktop\Desktop Icons\Adobe Reader 9.lnk" (shortcut was not found)
[SKIP] 5 "C:\Users\Tonya\Desktop\Desktop Icons\Microsoft Office Download Manager_1338558656438.lnk" (shortcut was not found)
[SKIP] 6 "C:\Users\Tonya\Desktop\Desktop Icons\McAfee Security Scan Plus.lnk" (shortcut was not found)
.
______________________________ Statistics _______________________________
Cure ran per today: 1 times.

Total processed: 7

Deleted: 1
Omitted: 6
______________________________ End of Log _______________________________CRC32: E1EB385C

Cory

Malnutrition

Malnurished Mod

Attachments

Cory

Malnutrition

Malnurished Mod

Cory

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Cory

Cory

Malnutrition

Malnurished Mod

Cory

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Cory

Malnutrition

Malnurished Mod

Cory

Attachments

Malnutrition

Malnurished Mod

Cory

Malnutrition

Malnurished Mod

Cory

Search

Search

Solved Slow Laptop, nothing specific