I am working on my girlfriends windows 7 samsung laptop and getting it back to running a little better. Here are the logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017
Ran by Tonya (administrator) on TONYA-PC (22-02-2017 09:34:57)
Running from C:\Users\Tonya\Desktop
Loaded Profiles: Tonya (Available Profiles: Tonya)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIBA.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
() C:\Program Files (x86)\puush\puush.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIIBA.EXE [278112 2011-11-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-06-06] ()
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\MountPoints2: {4be0b2c6-d323-11e5-9fd1-e8039a37613a} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\MountPoints2: {4c9d58d1-59f7-11e1-8884-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\...\MountPoints2: {fc124739-1a20-11e5-a1c0-e8039a37613a} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2013-01-29]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-02-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{3948824D-B2F4-423C-A1D2-78CAED095655}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{8B2C9FE4-360D-455D-B5AA-B6F66AF92C97}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Internet Explorer:
==================
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com/
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-12] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
FireFox:
========
FF ProfilePath: C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\pcw27saw.default [2017-02-16]
FF NetworkProxy: Mozilla\Firefox\Profiles\pcw27saw.default -> type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-04-11] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Google Search) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (AdBlock) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-21]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-13] (Red Bend Ltd.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [204304 2012-04-11] (Nitro PDF Software)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-13] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-21] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [110536 2017-02-22] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [43968 2017-02-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-22] (Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-02-18] (Windows (R) 2003 DDK 3790 provider)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 09:34 - 2017-02-22 09:38 - 00020195 _____ C:\Users\Tonya\Desktop\FRST.txt
2017-02-22 09:34 - 2017-02-22 09:34 - 00000000 ____D C:\FRST
2017-02-22 09:33 - 2017-02-22 09:33 - 02422784 _____ (Farbar) C:\Users\Tonya\Downloads\FRST64.exe
2017-02-22 09:33 - 2017-02-22 09:33 - 02422784 _____ (Farbar) C:\Users\Tonya\Desktop\FRST64.exe
2017-02-21 10:18 - 2017-02-21 10:18 - 00000000 ____D C:\Users\Tonya\AppData\Local\CEF
2017-02-21 10:16 - 2017-02-22 08:40 - 00000000 ____D C:\ProgramData\Avg
2017-02-21 10:16 - 2017-02-22 08:38 - 00000000 ____D C:\Users\Tonya\AppData\Local\AvgSetupLog
2017-02-21 10:16 - 2017-02-21 10:16 - 00000000 ____D C:\Users\Tonya\AppData\Local\Avg
2017-02-21 09:55 - 2017-02-21 09:56 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tonya\Downloads\AVG_Protection_Free_1606.exe
2017-02-21 09:42 - 2017-02-21 09:48 - 254025068 _____ C:\Users\Tonya\Downloads\mb_driver_lan_intel_100series.zip
2017-02-21 09:42 - 2017-02-21 09:44 - 186858319 _____ C:\Users\Tonya\Downloads\mb_driver_lan_bigfoot.zip
2017-02-21 09:38 - 2017-02-21 09:38 - 00176584 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-02-21 09:37 - 2017-02-22 09:08 - 00251848 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 09:37 - 2017-02-22 09:08 - 00110536 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-02-21 09:37 - 2017-02-22 09:08 - 00043968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-02-21 09:37 - 2017-02-21 12:00 - 00081696 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-02-21 09:37 - 2017-02-21 09:37 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-21 09:37 - 2017-02-21 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-21 09:37 - 2017-01-20 07:47 - 00077416 _____ C:\windows\system32\Drivers\mbae64.sys
2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-21 09:33 - 2017-02-21 09:34 - 55566792 _____ (Malwarebytes ) C:\Users\Tonya\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-21 07:56 - 2017-02-21 10:23 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-02-21 07:55 - 2017-02-21 07:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 07:55 - 2017-02-21 07:55 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-02-06 19:28 - 2017-02-06 19:28 - 00054409 _____ C:\Users\Tonya\Desktop\1098e_interest_statementgreatlakes.pdf
2017-02-04 18:34 - 2017-02-04 18:35 - 00104076 _____ C:\Users\Tonya\Desktop\Tonya Baker Resume 2017.pdf
2017-02-04 05:04 - 2017-02-04 05:04 - 00000000 ____D C:\Users\Tonya\AppData\Local\{81BBAFF1-8DC9-4541-8384-B85370A15226}
2017-02-02 21:43 - 2017-02-02 21:43 - 00000000 ____D C:\Users\Tonya\AppData\Local\{5C8F2909-566B-47D4-8101-10F51F5CD5C9}
2017-02-02 21:36 - 2017-02-02 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-30 18:13 - 2017-01-30 18:13 - 00103612 _____ C:\Users\Tonya\Desktop\Blue Scrimmage.html
2017-01-30 18:13 - 2017-01-30 18:13 - 00000000 ____D C:\Users\Tonya\Desktop\Blue Scrimmage_files
2017-01-27 08:51 - 2017-01-27 08:51 - 00001159 _____ C:\Users\Tonya\Desktop\Tonya Baker Resume 2016 - Shortcut.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 09:38 - 2009-07-13 22:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-22 09:38 - 2009-07-13 22:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-22 09:26 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2017-02-22 09:24 - 2014-09-15 19:46 - 00000000 ____D C:\ProgramData\Apple
2017-02-22 09:19 - 2015-06-01 13:46 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2017-02-22 09:03 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-02-22 09:01 - 2012-06-01 03:42 - 00000000 ____D C:\Users\Tonya\AppData\Local\Deployment
2017-02-22 08:51 - 2012-06-02 02:21 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-02-21 10:22 - 2012-02-01 16:44 - 00000000 ____D C:\ProgramData\Adobe
2017-02-21 09:36 - 2013-02-06 21:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-21 07:55 - 2013-05-17 20:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-21 07:55 - 2012-06-01 07:45 - 00000000 ____D C:\Users\Tonya\AppData\Local\Adobe
2017-02-19 08:45 - 2012-06-05 17:23 - 00000000 ____D C:\Users\Tonya\AppData\Local\ElevatedDiagnostics
2017-02-16 19:21 - 2012-06-02 02:21 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-02-16 19:21 - 2012-06-02 02:21 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-16 19:21 - 2012-06-02 02:21 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-02-16 19:20 - 2012-06-02 02:21 - 00000000 ____D C:\windows\system32\Macromed
2017-02-16 19:20 - 2012-02-01 16:40 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-02-11 10:52 - 2013-11-14 17:32 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-11 10:51 - 2016-11-17 23:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 17:43 - 2013-02-20 17:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 17:43 - 2013-02-20 17:33 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-04 18:36 - 2014-06-21 10:10 - 00000000 ____D C:\Users\Tonya\Desktop\Resume
2017-02-04 18:18 - 2012-06-01 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-03 06:45 - 2016-12-19 06:47 - 00000000 ____D C:\Users\Tonya\AppData\LocalLow\Mozilla
2017-02-02 21:43 - 2012-08-21 11:57 - 00000000 ____D C:\Users\Tonya\Desktop\Pics
2017-02-02 21:36 - 2016-12-29 18:12 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-02-02 21:36 - 2015-11-12 20:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-26 11:52 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
==================== Files in the root of some directories =======
2013-10-13 22:42 - 2013-10-13 22:42 - 0000036 _____ () C:\Users\Tonya\AppData\Roaming\mbam.context.scan
2012-02-01 16:49 - 2012-02-01 16:49 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-02-01 16:44 - 2012-02-01 16:45 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-02-01 16:47 - 2012-02-01 16:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-02-01 16:45 - 2012-02-01 16:47 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-02-01 16:47 - 2012-02-01 16:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Some files in TEMP:
====================
2012-11-20 19:45 - 2012-11-20 19:45 - 0460800 _____ (Realtek Semiconductor Corp.) C:\Users\Tonya\AppData\Local\Temp\COMAP.EXE
2012-06-05 17:57 - 2012-06-05 17:57 - 0690176 _____ (SEIKO EPSON CORPORATION) C:\Users\Tonya\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
2013-01-30 17:58 - 2013-01-30 17:58 - 0897448 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
2013-06-21 19:58 - 2013-06-21 19:58 - 0903080 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 12:27 - 2013-10-08 12:27 - 0915368 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2014-04-15 14:50 - 2014-04-15 14:50 - 0921512 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-11 15:12 - 2014-07-11 15:12 - 0918952 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2014-09-29 11:06 - 2014-09-29 11:06 - 0937896 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2016-06-22 10:52 - 2016-06-22 10:52 - 0741440 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-01-18 06:44 - 2017-01-18 06:44 - 0739904 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u121-windows-au.exe
2014-12-18 11:29 - 2014-12-18 11:29 - 0641448 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u31-windows-au.exe
2015-04-30 17:37 - 2015-04-30 17:37 - 0562272 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u45-windows-au.exe
2015-06-12 16:21 - 2015-06-12 16:21 - 0563808 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-10-07 12:17 - 2015-10-07 12:17 - 0585824 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-10 09:59 - 2015-11-10 09:59 - 0585824 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u66-windows-au.exe
2015-12-23 12:48 - 2015-12-23 12:48 - 0644704 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-01-30 02:10 - 2016-01-30 02:10 - 0736352 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-06-17 11:43 - 2016-06-17 11:43 - 0739904 _____ (Oracle Corporation) C:\Users\Tonya\AppData\Local\Temp\jre-8u91-windows-au.exe
2010-02-05 09:46 - 2010-02-05 09:46 - 0779600 ____N (CANON INC.) C:\Users\Tonya\AppData\Local\Temp\MSETUP4.EXE
2006-10-30 09:10 - 2006-10-30 09:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Tonya\AppData\Local\Temp\_is473E.exe
2007-04-05 03:09 - 2007-04-05 03:09 - 0455600 ____R (Macrovision Corporation) C:\Users\Tonya\AppData\Local\Temp\_is6327.exe
2015-08-07 17:29 - 2015-08-07 17:29 - 0000000 _____ () C:\Users\Tonya\AppData\Local\Temp\{D512DEEC-50B9-4D27-823C-B81F47290D88}-44.0.2403.130_43.0.2357.134_chrome_updater.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-19 08:38
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017
Ran by Tonya (22-02-2017 09:40:36)
Running from C:\Users\Tonya\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-01 09:28:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2880522861-2664208021-4051181673-500 - Administrator - Disabled)
Guest (S-1-5-21-2880522861-2664208021-4051181673-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2880522861-2664208021-4051181673-1004 - Limited - Enabled)
Tonya (S-1-5-21-2880522861-2664208021-4051181673-1000 - Administrator - Enabled) => C:\Users\Tonya
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3806.02 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON NX100 Series Printer Uninstall (HKLM\...\EPSON NX100 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mission Planner (HKLM-x32\...\{1BB8304A-BAFD-4339-B8D7-2BB31F85DADA}) (Version: 1.3.7 - Michael Oborne)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Nitro Reader 2 (HKLM\...\{7B72A3FB-2563-4A83-B054-98C57415DFFA}) (Version: 2.3.1.7 - Nitro PDF Software)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.2 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
Windows Driver Package - 3D Robotics (usbser) Ports (04/11/2013 2.0.0.4) (HKLM\...\434608CF2B6E31F0DDBA5C511053F957B55F098E) (Version: 04/11/2013 2.0.0.4 - 3D Robotics)
Windows Driver Package - 3D Robotics (usbser) Ports (04/11/2013 2.0.0.4) (HKLM\...\FCBC924691E2F2C40A755779AA1E64588ED634A6) (Version: 04/11/2013 2.0.0.4 - 3D Robotics)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports (11/15/2012 5.1.2600.1) (HKLM\...\4D5C83CB44CE9278C27458316B8CCA4571BA7B39) (Version: 11/15/2012 5.1.2600.1 - Arduino LLC (www.arduino.cc))
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02F837B3-A130-4BE4-81AA-A2AF50A48759} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.)
Task: {069BB839-FC15-419E-8C6F-7DDB43847102} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
Task: {1191F933-570A-4668-85A6-86A35A38883E} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {148F1AA6-732D-4488-9646-1C5A3A359D86} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-22] (Samsung Electronics)
Task: {1647740E-1BAE-465F-8326-5345FD017923} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {2DEDB326-6F84-4453-B8A4-FBEE8D32A27A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {40704A58-0AB1-4216-86B8-E73BC5AB5639} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {44BF78AC-944F-4FAE-86A8-0208DF37C8E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-19] (SAMSUNG Electronics co., LTD.)
Task: {5080A8AD-21F0-4996-98EC-EAD722F95AAF} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {71F08F47-726A-4CE2-830D-E96047366186} - System32\Tasks\{C30423AA-F180-40E1-8A14-3F221956945A} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2016-11-16] (Microsoft Corporation)
Task: {AE68459D-AFEF-4D5D-A82E-0496E00A6FF6} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.)
Task: {CD9CF607-BAEE-4240-B2A2-3D4D91492968} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {CDB304D7-81BA-4E03-B39F-6410CDA32002} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {DBFA864B-B8C3-48B2-9C26-243CB8860C17} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-17] (Samsung Electronics. Co. Ltd.)
Task: {E1376645-1707-4E45-AC11-C8112ECD7C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {E6E302AB-08FA-4F60-BE5C-CD2450B0F5CF} - System32\Tasks\{64A7C46F-B7BD-458F-BCF2-57372439E14B} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2016-11-16] (Microsoft Corporation)
Task: {EEF72E03-9A7E-4223-AEBC-204D70C87AC4} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {F185412F-8A50-4006-957D-71BEF30733E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F2640E01-75F3-4907-BA34-FDFEAAAEC299} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-01-04 21:53 - 2011-01-04 21:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-06-03 17:31 - 2011-02-28 16:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2012-02-01 19:20 - 2008-06-04 17:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2012-02-01 16:46 - 2009-12-01 01:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-01-10 13:41 - 2015-06-06 12:56 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2017-02-21 09:37 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-21 09:37 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2012-02-01 19:20 - 2010-10-21 12:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2011-01-04 21:53 - 2011-01-04 21:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-02-01 19:17 - 2010-12-16 18:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-02-01 16:38 - 2006-08-11 21:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2012-02-01 16:53 - 2010-07-05 04:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2012-02-01 16:54 - 2010-05-07 08:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-01 23:20 - 2009-11-01 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-01 23:23 - 2009-11-01 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2017-02-06 17:43 - 2017-02-01 03:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 17:43 - 2017-02-01 03:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2017-02-02 21:36 - 00000877 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2880522861-2664208021-4051181673-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A4CB50BB-9F0D-47F4-822F-B523397F6658}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{9F79BDD0-DB37-4D2D-8852-F18C4F6EF89D}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{60C87FD3-BF65-4E21-9286-97D0B669F9A9}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{765BA8BA-2580-4A55-B591-C2EEBDB4F3CA}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{9BB400E5-5995-4629-A8A9-C65716CE5A89}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{B369024C-871A-48BC-8212-613132B8A2D6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{F1C1E2DE-5B21-4106-B1FC-7C5E7B4F94F1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{92D61651-FA8F-44BB-B609-726F7BC56DC1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{C879E83B-5DE6-427F-82C5-CEB2562411D3}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{45536E00-315D-435A-8015-4455424D79CC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{6AD9E22A-1FB6-4207-BE22-9466042B0747}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0A7E3BEC-D650-4318-BAC7-AA364F9E4CE1}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{DE6FB64A-B3E4-494B-B282-65308371A661}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{CB71EA61-C673-4897-8099-B77D69066021}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C476AE8A-1512-4284-9E83-D0661DD329C6}] => (Allow) LPort=2869
FirewallRules: [{AA339E05-FECA-4913-A28E-FF4E758ACE8A}] => (Allow) LPort=1900
FirewallRules: [{CB56F428-6053-4CD1-B644-C50009670475}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A32EC7C9-A708-4E54-A38B-C48EF9BCB9F1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{75748FF4-E956-472D-86C4-DBA4B14BEA61}C:\users\tonya\appdata\local\microsoft\windows\temporary internet files\content.ie5\zbv6wpsz\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod023_en-us.exe] => (Allow) C:\users\tonya\appdata\local\microsoft\windows\temporary internet files\content.ie5\zbv6wpsz\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod023_en-us.exe
FirewallRules: [UDP Query User{94F21023-7BB0-461E-8895-6C79F91D10DF}C:\users\tonya\appdata\local\microsoft\windows\temporary internet files\content.ie5\zbv6wpsz\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod023_en-us.exe] => (Allow) C:\users\tonya\appdata\local\microsoft\windows\temporary internet files\content.ie5\zbv6wpsz\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod023_en-us.exe
FirewallRules: [TCP Query User{1311F1B3-AA5A-4CA5-9889-9FAC3E4E868C}C:\users\tonya\desktop\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod8_en-us.exe] => (Allow) C:\users\tonya\desktop\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod8_en-us.exe
FirewallRules: [UDP Query User{31B7F998-6E74-41E0-B65B-710990E13D8B}C:\users\tonya\desktop\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod8_en-us.exe] => (Allow) C:\users\tonya\desktop\d9e982aa214b4533aea90366db3cbeeddr99999dr860698903_pod8_en-us.exe
FirewallRules: [TCP Query User{C2735454-ADD4-4DAA-AE27-9F50BBE137A6}C:\users\tonya\appdata\local\temp\epsoninkjetdriverdownloader.exe] => (Allow) C:\users\tonya\appdata\local\temp\epsoninkjetdriverdownloader.exe
FirewallRules: [UDP Query User{3081759C-D7CC-450A-BD03-6909448E23FB}C:\users\tonya\appdata\local\temp\epsoninkjetdriverdownloader.exe] => (Allow) C:\users\tonya\appdata\local\temp\epsoninkjetdriverdownloader.exe
FirewallRules: [{D017F287-A32C-47C3-9D98-40D385BBFAE8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{661B17AE-7693-489C-BFEE-2128F3CF5B39}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{99E69726-CEA4-49BE-9B78-923142FC8F31}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{A75FDE1D-2848-4AA5-93EB-031387386915}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [UDP Query User{4BB651AD-2FC4-4AEB-9E8F-8FDA3C91DC45}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [{7491D6D1-5041-427D-8567-E1140A91FFB7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C764A4D1-1247-43B9-AC62-2CF75EDB7167}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A35B74BA-199E-4FE4-B430-121A73E51B0B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A84E4000-F07F-4DF6-AD2A-C2C35605364C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A7C42ED1-CB40-4CA1-95D4-A79B5E758475}] => (Allow) C:\Users\Tonya\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DCCF766B-34B7-4D96-A30B-7B47EE85F055}] => (Allow) C:\Users\Tonya\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{28536F5D-19CC-4A10-88B4-0B0CD72969F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CFA46658-75A8-46FC-B119-25DF32335115}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A1150F97-155D-41BE-AD75-F2891A0DBC95}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{250F17FA-4314-4E7C-AC67-C6F1B3F4CD99}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BD3B3038-AA65-4A3D-8DB7-EC5B4C8653DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2C5C0DE7-12CC-45E7-8E12-2F8DC39D3B2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{38E8ACF8-CB42-4B2D-8EE4-374E6487C9D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
04-02-2017 18:36:53 Windows Update
08-02-2017 18:23:51 Windows Update
12-02-2017 20:56:46 Windows Update
16-02-2017 19:32:46 Windows Update
20-02-2017 18:22:01 Windows Update
22-02-2017 08:57:32 Removed Best Buy Connect.
22-02-2017 09:08:57 Removed iTunes
22-02-2017 09:21:13 Removed Bonjour
22-02-2017 09:22:31 Removed Apple Application Support (32-bit)
22-02-2017 09:23:54 Removed Apple Application Support (64-bit)
22-02-2017 09:25:36 Removed Apple Mobile Device Support
22-02-2017 09:26:42 Removed Apple Software Update
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/22/2017 09:25:06 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Tonya-PC)
Description: Application or service 'Apple Mobile Device Service' could not be restarted.
Error: (02/22/2017 09:04:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/22/2017 08:28:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/21/2017 10:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16661
Error: (02/21/2017 10:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16661
Error: (02/21/2017 10:53:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/21/2017 10:53:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15413
Error: (02/21/2017 10:53:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15413
Error: (02/21/2017 10:53:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/21/2017 10:53:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14415
System errors:
=============
Error: (02/22/2017 09:25:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (02/22/2017 09:25:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.
Error: (02/22/2017 09:13:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (02/22/2017 09:06:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2017 09:04:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2017 09:04:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Amazon Unbox Video Service service to connect.
Error: (02/22/2017 08:37:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (02/22/2017 08:33:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (02/22/2017 08:31:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2017 08:29:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 6057.55 MB
Available physical RAM: 3192.73 MB
Total Virtual: 12113.28 MB
Available Virtual: 9393.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:365 GB) (Free:214.97 GB) NTFS
Drive d: () (Fixed) (Total:547.38 GB) (Free:547.27 GB) NTFS
Drive e: (50941) (CDROM) (Total:4.16 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E199BFFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=365 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=547.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19 GB) - (Type=27)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-02-22 09:47:24
-----------------------------
09:47:24.647 OS Version: Windows x64 6.1.7601 Service Pack 1
09:47:24.647 Number of processors: 4 586 0x2A07
09:47:24.652 ComputerName: TONYA-PC UserName: Tonya
09:47:49.299 Initialize success
09:47:49.575 VM: initialized successfully
09:47:49.578 VM: Intel CPU supported
09:47:54.187 VM: supported disk I/O iaStor.sys
09:49:49.379 AVAST engine defs: 17010903
11:03:48.685 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:03:48.691 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 953869MB BusType: 3
11:03:48.859 VM: Disk 0 MBR read successfully
11:03:48.867 Disk 0 MBR scan
11:03:49.011 Disk 0 unknown MBR code
11:03:49.553 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:03:49.566 Disk 0 default boot code
11:03:49.692 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 373760 MB offset 206848
11:03:49.797 Disk 0 Partition - 00 0F Extended LBA 560516 MB offset 765667328
11:03:49.848 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 19492 MB offset 1913604096
11:03:50.020 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 560515 MB offset 765669376
11:03:50.389 Disk 0 scanning C:\windows\system32\drivers
11:04:22.647 Service scanning
11:05:26.491 Modules scanning
11:05:26.506 Disk 0 trace - called modules:
11:05:26.548 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:05:26.560 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800820a060]
11:05:26.573 3 CLASSPNP.SYS[fffff8800132743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80066d8050]
11:05:28.239 AVAST engine scan C:\windows
11:05:36.482 AVAST engine scan C:\windows\system32
11:23:33.121 AVAST engine scan C:\windows\system32\drivers
11:25:23.926 AVAST engine scan C:\Users\Tonya
11:50:00.481 AVAST engine scan C:\ProgramData
11:59:32.115 Disk 0 statistics 4178711/0/21915 @ 1.62 MB/s
11:59:32.132 Scan finished successfully
15:03:40.313 Disk 0 MBR has been saved successfully to "C:\Users\Tonya\Desktop\MBR.dat"
15:03:40.504 The log file has been saved successfully to "C:\Users\Tonya\Desktop\aswMBR.txt"