1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive] slow running notebook logs

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by xlaurax, Mar 19, 2015.

Thread Status:
Not open for further replies.
  1. xlaurax

    xlaurax Established Techie7 Member

    hi, my mums notebook is running really slow was wondering if you could possibly have quick look at the logs too see if its malware/adware related?
    its windows 7

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
    Ran by new (administrator) on JENNIFER-PC on 19-03-2015 04:25:49
    Running from C:\Users\new\Downloads
    Loaded Profiles: new (Available profiles: new)
    Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
    (Spotify Ltd) C:\Users\new\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    (Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    (Google Inc.) C:\Users\new\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\new\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\new\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Farbar) C:\Users\new\Downloads\FRST (1).exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-07] (Realtek Semiconductor)
    HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [1891720 2010-03-25] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM\...\Run: [MobileBroadband] => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [272384 2010-08-18] (Vodafone)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4273976 2012-07-03] (AVAST Software)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [SMART Floating Tools] => C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe [9221424 2013-08-22] (SMART Technologies ULC)
    HKLM\...\Run: [SMARTNotification] => C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe [208688 2013-10-18] (SMART Technologies)
    HKLM\...\Run: [SMART Tray Tools] => C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe [754992 2013-10-18] (SMART Technologies)
    HKLM\...\Run: [SMART Board Service] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [1937200 2013-10-18] (SMART Technologies)
    HKLM\...\Run: [sbsdk-server] => C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)
    HKLM\...\Run: [SMART Ink] => C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [147248 2013-09-30] (SMART Technologies)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKU\S-1-5-21-3657556864-2306374585-1095554477-1001\...\Run: [Google Update] => C:\Users\new\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-10] (Google Inc.)
    HKU\S-1-5-21-3657556864-2306374585-1095554477-1001\...\Run: [Spotify Web Helper] => C:\Users\new\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-28] (Spotify Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    Startup: C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
    SearchScopes: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001 -> {0FB47D3A-6E0C-4A0F-8FFD-E7FEFB66E594} URL = http://www.bing.com/search?FORM=UP74DF&PC=UP74&dt=051113&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
    BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\NotebookPlugin.dll [2013-08-22] (SMART Technologies ULC.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05] (Oracle Corporation)
    BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05] (Oracle Corporation)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
    Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03] (AVAST Software)
    Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{755337AC-BB44-42F6-8B9C-1455F7A7C9C7}: [NameServer] 10.203.65.68 10.203.65.68

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-10] ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\windows\system32\npDeployJava1.dll [2012-07-05] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-07-05] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin HKU\S-1-5-21-3657556864-2306374585-1095554477-1001: @tools.google.com/Google Update;version=3 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-26] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3657556864-2306374585-1095554477-1001: @tools.google.com/Google Update;version=9 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-26] (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-15]

    Chrome:
    =======
    CHR HomePage: Default ->
    CHR Plugin: (Shockwave Flash) - C:\Users\new\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Users\new\AppData\Local\Google\Chrome\Application\40.0.2214.91\gcswf32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\new\AppData\Local\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\new\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-19]
    CHR Extension: (avast! WebRep) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2015-03-18]
    CHR Extension: (Google Wallet) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17]
    CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-08-11]
    StartMenuInternet: Google Chrome - C:\Users\Jennifer\AppData\Local\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-07-03] (AVAST Software)
    S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2013-11-01] (Flexera Software LLC)
    S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
    R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2044248 2010-03-05] (Symantec Corporation)
    S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
    R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [539952 2013-10-18] (SMART Technologies)
    R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2010-08-18] (Vodafone) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswFsBlk; C:\windows\system32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
    R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
    R1 aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software)
    R1 aswSnx; C:\windows\system32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
    R1 aswSP; C:\windows\system32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
    R1 aswTdi; C:\windows\system32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
    R3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [286248 2010-03-06] (Broadcom Corporation.)
    R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109056 2010-04-01] (ELAN Microelectronics Corp.)
    S3 massfilter; C:\windows\System32\DRIVERS\massfilter.sys [9216 2010-08-11] (MBB Incorporated)
    R3 rtl819xp; C:\windows\System32\DRIVERS\rtl819xp.sys [557088 2010-02-01] (Realtek Semiconductor Corporation )
    S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-07-15] (Windows (R) 2003 DDK 3790 provider)
    R3 SMARTMouseFilterx86; C:\windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-10-18] (SMART Technologies)
    R3 SMARTVHidMini2000x86; C:\windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-10-18] (SMART Technologies)
    R3 vodafone_K380x-z_dc_enum; C:\windows\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [61952 2010-05-20] (Vodafone)
    R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
    S3 ZTEusbvoice; C:\windows\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-08-11] (ZTE Incorporated)
    S3 ZTEusbwwan; C:\windows\System32\DRIVERS\ZTEusbwwan.sys [194048 2010-08-11] (ZTE Incorporated)
    U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-19 04:25 - 2015-03-19 04:32 - 00021210 _____ () C:\Users\new\Downloads\FRST.txt
    2015-03-19 04:00 - 2015-03-19 04:00 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
    2015-03-19 03:50 - 2015-03-19 04:27 - 00000000 ____D () C:\FRST
    2015-03-19 03:32 - 2014-06-27 01:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
    2015-03-19 03:24 - 2015-03-19 03:24 - 01135104 _____ (Farbar) C:\Users\new\Downloads\FRST (1).exe
    2015-03-19 03:16 - 2014-03-09 21:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
    2015-03-19 03:15 - 2014-06-30 22:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
    2015-03-19 03:13 - 2014-06-06 06:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
    2015-03-19 03:13 - 2014-03-09 21:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
    2015-03-19 02:45 - 2015-03-19 02:49 - 01135104 _____ (Farbar) C:\Users\new\Downloads\FRST.exe
    2015-03-19 02:41 - 2015-03-19 02:41 - 01067157 _____ () C:\Users\new\Downloads\A2DF.tmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-19 04:32 - 2010-04-28 05:31 - 01533216 _____ () C:\windows\WindowsUpdate.log
    2015-03-19 04:31 - 2009-07-14 02:37 - 00000000 ____D () C:\windows\Microsoft.NET
    2015-03-19 04:20 - 2011-01-20 10:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-03-19 04:11 - 2012-08-11 18:45 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-03-19 04:10 - 2009-07-26 20:06 - 00732510 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-03-19 03:58 - 2012-08-10 23:26 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1001UA.job
    2015-03-19 03:57 - 2015-02-10 13:53 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-19 03:39 - 2010-12-26 14:52 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1000UA.job
    2015-03-19 03:37 - 2009-07-14 04:34 - 00010272 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-19 03:37 - 2009-07-14 04:34 - 00010272 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-19 02:42 - 2013-10-15 18:15 - 00000000 ____D () C:\Users\new\AppData\Local\CrashDumps
    2015-03-19 01:44 - 2012-08-10 23:25 - 00118680 _____ () C:\Users\new\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-03-19 01:44 - 2010-12-24 23:21 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-19 01:40 - 2009-07-14 04:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-03-19 01:40 - 2009-07-14 04:39 - 00100292 _____ () C:\windows\setupact.log
    2015-03-19 01:40 - 2009-07-14 04:33 - 00441368 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-03-19 01:33 - 2011-05-15 21:55 - 00004363 _____ () C:\ProgramData\hpzinstall.log
    2015-03-19 01:32 - 2010-12-24 18:18 - 00000000 ____D () C:\ProgramData\Temp
    2015-03-19 01:14 - 2011-05-15 21:55 - 00000000 ____D () C:\ProgramData\HP
    2015-03-19 01:09 - 2011-05-15 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-03-18 23:42 - 2012-08-10 23:26 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1001Core.job
    2015-03-18 23:29 - 2010-12-26 14:52 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1000Core.job
    2015-03-17 01:17 - 2012-08-10 23:36 - 00000000 ____D () C:\Users\new\AppData\Roaming\Spotify
    2015-03-17 01:15 - 2013-08-26 19:14 - 00000000 ___RD () C:\Users\new\Dropbox
    2015-03-17 01:01 - 2013-08-26 19:07 - 00000000 ____D () C:\Users\new\AppData\Roaming\Dropbox
    2015-03-17 01:00 - 2013-08-26 19:09 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-03-17 00:46 - 2012-08-10 23:36 - 00000000 ____D () C:\Users\new\AppData\Local\Spotify
    2015-03-17 00:06 - 2011-05-15 21:57 - 00000000 ____D () C:\Program Files\HP
    2015-03-17 00:02 - 2009-07-14 02:04 - 00000513 _____ () C:\windows\win.ini

    ==================== Files in the root of some directories =======

    2014-06-10 14:36 - 2014-06-10 14:36 - 6103040 _____ () C:\Program Files\GUT7D59.tmp
    2015-02-09 21:39 - 2015-02-09 21:39 - 6103040 _____ () C:\Program Files\GUTC0C8.tmp
    2013-08-12 20:19 - 2013-08-12 20:19 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-08-11 10:43 - 2010-08-11 10:43 - 0159464 ____R () C:\ProgramData\DeviceManager.xml.rc4
    2011-05-15 21:55 - 2015-03-19 01:33 - 0004363 _____ () C:\ProgramData\hpzinstall.log

    Some content of TEMP:
    ====================
    C:\Users\new\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphugktx.dll
    C:\Users\new\AppData\Local\temp\SpotifyUpgrader.exe
    C:\Users\new\AppData\Local\temp\{93880960-10E0-4D43-B2BC-C6BA8CBA5921}-41.0.2272.89_chrome_installer.exe
    C:\Users\new\AppData\Local\temp\{DE799589-DA2F-4E6C-9F4C-DA2FB82FA353}-41.0.2272.89_chrome_installer.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-10 16:04

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
    Ran by new at 2015-03-19 04:37:09
    Running from C:\Users\new\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
    AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.25 - Doctorsoft)
    Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
    avast! Free Antivirus (HKLM\...\avast) (Version: 7.0.1456.0 - AVAST Software)
    B110 (Version: 140.0.142.000 - Hewlett-Packard) Hidden
    BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
    Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
    Bonbon Quest (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}) (Version: - Oberon Media)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
    BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
    ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
    CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Daycare Nightmare (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}) (Version: - Oberon Media)
    Dropbox (HKU\S-1-5-21-3657556864-2306374585-1095554477-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
    Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0.0.13 - Samsung Electronics Co., LTD)
    Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.1 - Samsung Electronics Co., Ltd.)
    Easy Network Manager (HKLM\...\{F771F1D4-EDD4-4D68-82DC-811583C099CD}) (Version: 4.3.1 - Samsung)
    Easy Resolution Manager (HKLM\...\{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}) (Version: 1.0.0 - Samsung)
    Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.10 - Samsung Electronics Co.,Ltd.)
    EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
    EasyFileShare (HKLM\...\{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}) (Version: 1.0.2 - Samsung)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    ETDWare PS/2-x86 7.0.7.0_WHQL (HKLM\...\Elantech) (Version: 7.0.7.0 - ELAN Microelectronics Corp.)
    Flip Words (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version: - Oberon Media)
    Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
    Game Pack (HKLM\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.)
    Gem Shop (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}) (Version: - Oberon Media)
    Google Chrome (HKU\S-1-5-21-3657556864-2306374585-1095554477-1001\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
    HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
    Insaniquarium Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}) (Version: - Oberon Media)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2108 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
    Java(TM) 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
    Malwarebytes Anti-Malware version 1.62.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.62.0.1300 - Malwarebytes Corporation)
    Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
    Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.13580 - Symantec Corporation)
    OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
    PS_AIO_07_B110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
    QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
    REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.)
    Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
    Samsung Support Center (HKLM\...\{749BDD29-D756-4B9B-8022-3E666A24C13F}) (Version: 1.1.3 - Samsung)
    Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
    SamsungMovie (HKLM\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
    Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
    Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
    Slingo (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}) (Version: - Oberon Media)
    SMART Common Files (HKLM\...\{BBA07B40-F7C6-44F7-BF08-767F8835685F}) (Version: 11.4.194.0 - SMART Technologies ULC)
    SMART English (United Kingdom) Language Pack (HKLM\...\{61A35153-1BD4-41AD-9CFD-B938B1627EA9}) (Version: 11.3.29.0 - SMART Technologies ULC)
    SMART Ink (HKLM\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.720.0 - SMART Technologies ULC)
    SMART Notebook (HKLM\...\{E57F6C8B-E159-477E-93BF-764759747BC4}) (Version: 11.3.857.0 - SMART Technologies ULC)
    SMART Product Drivers (HKLM\...\{589B09F5-0768-4BE9-B8C0-DD253E6B3643}) (Version: 11.3.550.0 - SMART Technologies ULC)
    SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
    Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
    SpywareBlaster 4.6 (HKLM\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC)
    Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
    User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
    Vodafone Mobile Broadband Lite (HKLM\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.1.0.25677 - Vodafone)
    WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
    WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4500 - Broadcom Corporation)
    Winamp (HKLM\...\Winamp) (Version: 5.601 - Nullsoft, Inc)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\new\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\new\AppData\Local\Google\Chrome\Application\40.0.2214.91\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3657556864-2306374585-1095554477-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\new\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

    ==================== Restore Points =========================

    19-03-2015 03:04:05 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:04 - 2012-08-10 17:40 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0B777010-DF39-43DC-9FD6-C30A4210C4D3} - System32\Tasks\Toolbox.exe_{FA3190A3-521C-47EE-8592-C19042AE3506} => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\Toolbox.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {170A9266-4B66-44B7-BB49-B3B63C3430A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1001UA => C:\Users\new\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)
    Task: {201BA125-83A4-4CFC-A0BE-F774E0CD92E8} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.)
    Task: {28404BB5-DB41-496D-873A-56054DCBD1F7} - System32\Tasks\{944F0D55-1AF1-440B-BB57-927F6561B6BB} => Chrome.exe
    Task: {2E5388D5-B1D1-45A8-9FDF-4237D633ACE2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1000Core => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25] (Google Inc.)
    Task: {31FA0A14-EED5-44BD-93B8-21A8D243627E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
    Task: {42C8DD44-273C-4757-823A-9AB8F693DA00} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
    Task: {464C0066-429B-4F9D-AC5B-88254FF72557} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-04-20] (Samsung Electronics)
    Task: {4AAA9F3A-821D-45C0-8149-0828BB66075A} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
    Task: {65EE0B06-A383-42BE-B0F3-1BD1D8EE9AC6} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
    Task: {6EFDC61B-C4C3-4432-8789-0E3A6887A342} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-27] (AVAST Software)
    Task: {73D67799-E088-4FC3-9881-70788C0A30EB} - System32\Tasks\{019BE6E4-F4DF-4B94-A246-C400E374A98E} => Chrome.exe
    Task: {7BB1D112-7574-4A6A-AB93-0E103C4A8E2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-26] (Google Inc.)
    Task: {8136E567-0C41-4D20-AA43-3F000971F284} - System32\Tasks\{E455182E-57CB-4ADA-812A-37A5FFD5F95F} => pcalua.exe -a "C:\Program Files\Game Pack\Alice Greenfingers\Uninstall.exe" -c "C:\Program Files\Game Pack\Alice Greenfingers\install.log"
    Task: {81E140D2-80FF-4282-A667-667E2071CE3B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-10] (Adobe Systems Incorporated)
    Task: {8C3FF91E-C077-4563-B68C-3DC9743D3A58} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {AD6ED471-9403-4657-B9B7-A1E5B2D263B3} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A92\EPM.exe
    Task: {CF2B4002-D18E-4576-9A79-8E28C897F242} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
    Task: {D1AA3E76-BCE4-4F67-858D-21AD73FE21C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1000UA => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25] (Google Inc.)
    Task: {D4D72949-CDBF-4D11-870C-9F3B4E14A5B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-26] (Google Inc.)
    Task: {E685D404-EEE1-4F04-9193-1CF2A4C059DA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)
    Task: {F5CC0F26-439C-46D1-AB3E-C2D1EA6160EC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {F9C52E11-6B10-4292-9C32-6FCAEC8CF1B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1001Core => C:\Users\new\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1000Core.job => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1000UA.job => C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1001Core.job => C:\Users\new\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657556864-2306374585-1095554477-1001UA.job => C:\Users\new\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-03-19 02:10 - 2015-03-18 19:40 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15031801\algo.dll
    2010-04-28 05:45 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
    2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
    2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
    2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node
    2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node
    2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-03-19 01:29 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\new\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
    2015-03-19 01:29 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\new\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
    2015-01-26 22:51 - 2015-01-21 03:50 - 09171272 _____ () C:\Users\new\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:5C321E34

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3657556864-2306374585-1095554477-1001\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3657556864-2306374585-1095554477-500 - Administrator - Disabled)
    Guest (S-1-5-21-3657556864-2306374585-1095554477-501 - Limited - Disabled)
    new (S-1-5-21-3657556864-2306374585-1095554477-1001 - Administrator - Enabled) => C:\Users\new

    ==================== Faulty Device Manager Devices =============

    Name: Photosmart B110 series
    Description: Photosmart B110 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/19/2015 02:41:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 40.0.2214.91, time stamp: 0x54bf0a96
    Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
    Exception code: 0xc0000005
    Fault offset: 0x0000c9d8
    Faulting process id: 0xffc
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (03/19/2015 02:27:43 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 40.0.2214.91, time stamp: 0x54bf0a96
    Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
    Exception code: 0xc0000005
    Fault offset: 0x0000c9d8
    Faulting process id: 0x12ec
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (03/19/2015 02:14:11 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: GetProcessOwner

    Error: (03/19/2015 02:14:10 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: GetProcessOwner

    Error: (03/19/2015 02:13:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b84

    Start Time: 01d061e5e50104a4

    Termination Time: 2823

    Application Path: C:\windows\Explorer.EXE

    Report Id: 7a8c833e-cddd-11e4-aa50-0026b66b2e61

    Error: (03/19/2015 01:40:55 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: conflictManagerTypeValue

    Error: (03/19/2015 01:34:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SSCMain.exe version 1.1.1.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1668

    Start Time: 01d061e16ffcd774

    Termination Time: 18862

    Application Path: C:\Program Files\Samsung\Samsung Support Center\SSCMain.exe

    Report Id: c4cd8dac-cdd7-11e4-b743-0026b66b2e61

    Error: (03/19/2015 00:35:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 40.0.2214.91, time stamp: 0x54bf0a96
    Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
    Exception code: 0xc0000005
    Fault offset: 0x0000c9d8
    Faulting process id: 0x7d4
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3

    Error: (03/17/2015 01:32:15 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: conflictManagerTypeValue

    Error: (03/17/2015 00:54:30 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
    at System.Management.ManagementScope.InitializeGuts(Object o)
    at System.Management.ManagementScope.Initialize()
    at System.Management.ManagementObject.Initialize(Boolean getObject)
    at System.Management.ManagementClass.GetInstances(EnumerationOptions options)
    at System.Management.ManagementClass.GetInstances()
    at Vodafone.NtService.Core.WmiHandler.GetProcessOwner(UInt32 processId, String processName, String& domain, String& user)
    at Vodafone.NtService.Core.ProcessCommunication.ProcessServiceChannelMessage()
    at Vodafone.NtService.Core.ProcessCommunication.Receiving()


    System errors:
    =============
    Error: (03/19/2015 02:13:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

    Error: (03/19/2015 02:12:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

    Error: (03/19/2015 02:09:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.

    Error: (03/19/2015 01:49:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (03/19/2015 01:48:58 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

    Error: (03/19/2015 01:46:50 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The HP Network Devices Support service hung on starting.

    Error: (03/19/2015 01:41:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (03/19/2015 01:40:23 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 01:38:22 on ‎19/‎03/‎2015 was unexpected.

    Error: (03/19/2015 01:12:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition.

    Error: (03/19/2015 01:08:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Word Viewer (KB2956188).


    Microsoft Office Sessions:
    =========================
    Error: (03/19/2015 02:41:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe40.0.2214.9154bf0a96YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d8ffc01d061ec770fe6acC:\Users\new\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax7d637a57-cde1-11e4-aa50-0026b66b2e61

    Error: (03/19/2015 02:27:43 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe40.0.2214.9154bf0a96YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d812ec01d061ea98b60178C:\Users\new\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax85531691-cddf-11e4-aa50-0026b66b2e61

    Error: (03/19/2015 02:14:11 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: GetProcessOwner

    Error: (03/19/2015 02:14:10 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: GetProcessOwner

    Error: (03/19/2015 02:13:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Explorer.EXE6.1.7601.17567b8401d061e5e50104a42823C:\windows\Explorer.EXE7a8c833e-cddd-11e4-aa50-0026b66b2e61

    Error: (03/19/2015 01:40:55 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: conflictManagerTypeValue

    Error: (03/19/2015 01:34:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: SSCMain.exe1.1.1.3166801d061e16ffcd77418862C:\Program Files\Samsung\Samsung Support Center\SSCMain.exec4cd8dac-cdd7-11e4-b743-0026b66b2e61

    Error: (03/19/2015 00:35:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe40.0.2214.9154bf0a96YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d87d401d061d321675310C:\Users\new\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.axcb953ffb-cdcf-11e4-b743-0026b66b2e61

    Error: (03/17/2015 01:32:15 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: conflictManagerTypeValue

    Error: (03/17/2015 00:54:30 AM) (Source: VmbService) (EventID: 0) (User: )
    Description: System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
    at System.Management.ManagementScope.InitializeGuts(Object o)
    at System.Management.ManagementScope.Initialize()
    at System.Management.ManagementObject.Initialize(Boolean getObject)
    at System.Management.ManagementClass.GetInstances(EnumerationOptions options)
    at System.Management.ManagementClass.GetInstances()
    at Vodafone.NtService.Core.WmiHandler.GetProcessOwner(UInt32 processId, String processName, String& domain, String& user)
    at Vodafone.NtService.Core.ProcessCommunication.ProcessServiceChannelMessage()
    at Vodafone.NtService.Core.ProcessCommunication.Receiving()


    ==================== Memory info ===========================

    Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
    Percentage of memory in use: 87%
    Total physical RAM: 1013.3 MB
    Available physical RAM: 123.44 MB
    Total Pagefile: 2467.3 MB
    Available Pagefile: 771.47 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1901.51 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:52 GB) (Free:2.92 GB) NTFS
    Drive d: () (Fixed) (Total:76.95 GB) (Free:75.3 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: CE41A31C)
    Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=52 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=77 GB) - (Type=OF Extended)

    ==================== End Of Log ============================
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] I don't see much so far but we'll run some more checks.
    However to start with you have only 1GB of RAM there. Not enough. You'll need at least 2GB of RAM for this computer to run better.

    Next...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Thread Status:
Not open for further replies.