Search the Community

Showing results for tags 'removal'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Lavasoft - Announcements (Read only)
    • Announcements
  • Product Support
    • adaware antivirus 12
    • Ad-Aware 11
    • adaware ad block & web protection
    • Ad-Aware Web Companion
    • General support
    • Old versions and other Lavasoft products
  • Request a Feature
    • adaware antivirus
    • adaware ad block
  • Malware Removal Help
    • Help with Stubborn Infections
    • Malware Uploads
  • False Positives
    • Report a False Positive
  • Beta Testing
    • Ad-Aware 12 Beta Testing
  • FAQ's
  • Archived Topics
    • Archives: Resolved/Inactive Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 2 results

  1. Yesterday I was playing around with my Samsung Galaxy S3 and trying to install a custom rom and custom recovery. It seems that all of the sites i visited (xda developers, androidcentral, etc) were loaded with crappy adware, malware, etc. Even though I paid close attention to the downloads and the sneaky way that they install all kinds of crap (same as Adobe, Lavasoft) trying to take over my browser and advertising that my computer is infected, I still ended up with the trojan.win32.generic bt virus and another malicious adware program. Can anyone give me specific step by step instructions for removing this virus? I have attached the FRST log files and I am running Windows 7 Pro. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014 Ran by Bruce (administrator) on ADMIN-PC on 19-11-2014 13:21:38 Running from C:\Users\Bruce\Downloads Loaded Profile: Bruce (Available profiles: ADMIN & Bruce & Cari) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE () C:\Program Files\AppEnable\updateAppEnable.exe (GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAware.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Windows\regedit.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft) HKLM\...\Run: [Ad-Aware Antivirus] => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run HKLM\...\Run: [sBRegRebootCleaner] => C:\Program Files\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x791FE0EF6F9BCE01 HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://Vosteran.com/?f=1&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir= HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir= SearchScopes: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir= SearchScopes: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir= BHO: AppEnable -> {23d4646c-263a-4e2d-a08c-6c704557973d} -> C:\Program Files\AppEnable\AppEnablebho.dll (AppEnable) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25 FireFox: ======== FF ProfilePath: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\v7gtk1fs.default FF Homepage: www.msn.com FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1012554529-1352615859-3751022473-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF user.js: detected! => C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\v7gtk1fs.default\user.js FF user.js: detected! => C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\user.js FF SearchPlugin: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\searchplugins\trovi-search.xml FF Extension: Zoomify - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\Extensions\[email protected] [2014-11-17] FF Extension: Feedback - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\Extensions\[email protected] [2013-08-25] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited) S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] () [File not signed] R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812392 2009-06-26] (Broadcom Corporation) R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [26984 2009-06-26] (Broadcom Corporation) R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation) R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION) R2 MaintainerSvc4.00.5030318; C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe [123632 2014-11-19] () R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) R2 Update AppEnable; C:\Program Files\AppEnable\updateAppEnable.exe [423152 2014-11-18] () S2 Util AppEnable; C:\Program Files\AppEnable\bin\utilAppEnable.exe [423152 2014-11-19] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-10-02] (GFI Software) R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software) S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X] R1 {820a714f-c526-4777-8e87-e9d6612e0938}Gw; system32\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 13:21 - 2014-11-19 13:22 - 00010576 _____ () C:\Users\Bruce\Downloads\FRST.txt 2014-11-19 13:21 - 2014-11-19 13:21 - 00000000 ____D () C:\FRST 2014-11-19 13:19 - 2014-11-19 13:19 - 01108992 _____ (Farbar) C:\Users\Bruce\Downloads\FRST.exe 2014-11-18 21:58 - 2014-11-19 12:33 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009 2014-11-18 21:04 - 2014-11-18 21:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-18 21:01 - 2014-11-18 21:06 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Vosteran 2014-11-18 21:01 - 2014-11-18 21:06 - 00000000 ____D () C:\Program Files\AppEnable 2014-11-18 21:01 - 2014-11-18 21:00 - 00244032 _____ () C:\Users\Bruce\Downloads\Firefox_Setup_33.0.exe 2014-11-18 20:54 - 2014-11-18 20:54 - 00000000 __SHD () C:\Users\Bruce\AppData\Local\EmieUserList 2014-11-18 20:54 - 2014-11-18 20:54 - 00000000 __SHD () C:\Users\Bruce\AppData\Local\EmieSiteList 2014-11-18 20:53 - 2014-11-18 20:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-11-18 18:54 - 2014-11-18 18:54 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\VERIZON 2014-11-18 18:27 - 2014-11-18 18:27 - 00000000 ____D () C:\Users\Bruce\Downloads\VZW-I535VRUDNE1-20140626142723 2014-11-18 18:07 - 2014-11-18 18:26 - 1022225899 _____ () C:\Users\Bruce\Downloads\VZW-I535VRUDNE1-20140626142723.zip 2014-11-18 16:00 - 2014-11-18 16:21 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Samsung 2014-11-18 14:58 - 2014-11-18 14:58 - 02265785 _____ () C:\Users\Bruce\Downloads\SuperSU_Bootloader.zip 2014-11-18 14:58 - 2014-11-18 14:58 - 00000000 ____D () C:\Users\Bruce\Downloads\SuperSU_Bootloader 2014-11-18 14:52 - 2014-11-18 14:52 - 06936123 _____ () C:\Users\Bruce\Downloads\VRBMB1_Bootchain_CWM.tar.md5 2014-11-18 09:40 - 2014-11-18 09:59 - 173728798 _____ () C:\Users\Bruce\Downloads\cm-10.1.0-d2tmo.zip 2014-11-18 09:40 - 2014-11-18 09:58 - 173461585 _____ () C:\Users\Bruce\Downloads\cm-10.1.1-d2tmo.zip 2014-11-18 09:39 - 2014-11-18 10:03 - 175187516 _____ () C:\Users\Bruce\Downloads\cm-10.1.3-d2tmo.zip 2014-11-18 09:39 - 2014-11-18 10:03 - 173467084 _____ () C:\Users\Bruce\Downloads\cm-10.1.2-d2tmo.zip 2014-11-18 09:39 - 2014-11-18 10:02 - 185112993 _____ () C:\Users\Bruce\Downloads\cm-10.2.0-d2tmo.zip 2014-11-18 09:39 - 2014-11-18 10:00 - 191604039 _____ () C:\Users\Bruce\Downloads\cm-10.2.1-d2tmo.zip 2014-11-18 09:38 - 2014-11-18 09:59 - 173484265 _____ () C:\Users\Bruce\Downloads\cm-10.1.0.3-d2vzw.zip 2014-11-18 09:37 - 2014-11-18 10:04 - 175201733 _____ () C:\Users\Bruce\Downloads\cm-10.1.3-d2vzw.zip 2014-11-18 09:37 - 2014-11-18 10:00 - 173483147 _____ () C:\Users\Bruce\Downloads\cm-10.1.1-d2vzw.zip 2014-11-18 09:37 - 2014-11-18 09:58 - 173480249 _____ () C:\Users\Bruce\Downloads\cm-10.1.2-d2vzw.zip 2014-11-18 09:37 - 2014-11-18 09:56 - 185157213 _____ () C:\Users\Bruce\Downloads\cm-10.2.0-d2vzw.zip 2014-11-18 09:36 - 2014-11-18 09:59 - 191647370 _____ () C:\Users\Bruce\Downloads\cm-10.2.1-d2vzw.zip 2014-11-18 09:34 - 2014-11-18 09:34 - 02056192 _____ () C:\Users\Bruce\Downloads\CMInstaller.msi 2014-11-17 19:25 - 2014-11-17 19:25 - 00000000 ____D () C:\Users\Bruce\Desktop\Old Firefox Data 2014-11-17 19:19 - 2014-11-17 19:19 - 00000000 ____D () C:\Program Files\SearchProtect 2014-11-17 19:12 - 2014-11-17 19:12 - 00000000 ____D () C:\ProgramData\zoomify2 2014-11-17 19:05 - 2014-11-18 06:35 - 00000176 _____ () C:\Users\Bruce\Downloads\Odin_v3.10.zip 2014-11-17 18:57 - 2014-11-17 18:57 - 00995769 _____ () C:\Users\Bruce\Downloads\Odin3_v3.09.zip 2014-11-17 18:47 - 2014-11-17 18:47 - 00000000 ____D () C:\ProgramData\2308189059 2014-11-17 18:40 - 2014-11-17 18:40 - 00000000 ____D () C:\Users\Bruce\Documents\Optimizer Pro 2014-11-17 18:35 - 2014-11-18 13:56 - 00000000 ____D () C:\Program Files\Bench 2014-11-17 18:35 - 2014-11-17 19:23 - 00000003 _____ () C:\Users\Bruce\AppData\Local\proxy.log 2014-11-17 17:57 - 2014-11-17 17:57 - 06547456 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-touch-6.0.4.5-d2tmo.img 2014-11-17 17:57 - 2014-11-17 17:57 - 06547456 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-6.0.4.5-d2tmo.img 2014-11-17 17:56 - 2014-11-17 17:56 - 06547456 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-touch-6.0.4.5-d2vzw.img 2014-11-17 17:56 - 2014-11-17 17:56 - 06545408 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-6.0.4.5-d2vzw.img 2014-11-17 17:02 - 2014-11-17 18:06 - 07587903 _____ () C:\Users\Bruce\Downloads\philz_touch_6.07.9-d2vzw.tar.md5 2014-11-17 16:32 - 2014-11-17 16:32 - 00200563 _____ () C:\Users\Bruce\Downloads\GooManager_2.1.3.apk 2014-11-17 16:27 - 2014-11-17 16:27 - 00000000 ____D () C:\ProgramData\FileTypeHelper 2014-11-17 16:11 - 2014-11-17 16:11 - 04647657 _____ () C:\Users\Bruce\Downloads\superuser.zip 2014-11-16 13:30 - 2014-11-16 13:30 - 00464072 _____ () C:\Users\Bruce\Downloads\Odin-v3.07.zip 2014-11-15 16:09 - 2014-11-15 16:09 - 07331840 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.1-d2vzw.tar 2014-11-15 16:08 - 2014-11-15 16:08 - 07557120 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2vzw.tar 2014-11-15 16:08 - 2014-11-15 16:08 - 07329792 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.1-d2vzw.img 2014-11-15 16:07 - 2014-11-15 16:07 - 07553024 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2vzw.img 2014-11-15 16:06 - 2014-11-15 16:06 - 06615040 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.0-d2tmo.tar 2014-11-15 16:05 - 2014-11-15 16:05 - 07557120 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2tmo.tar 2014-11-15 16:05 - 2014-11-15 16:05 - 06606848 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.0-d2tmo.img 2014-11-15 16:04 - 2014-11-15 16:04 - 07553024 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2tmo.img 2014-11-13 14:29 - 2014-11-18 16:20 - 00000000 ____D () C:\ProgramData\Samsung 2014-11-13 14:26 - 2014-11-13 14:26 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-11-13 14:24 - 2014-11-18 16:00 - 00000000 ____D () C:\Users\Bruce\Documents\SelfMV 2014-11-13 14:24 - 2014-11-13 14:32 - 00000000 ____D () C:\Users\Bruce\Documents\samsung 2014-11-13 14:23 - 2014-11-18 16:22 - 00000000 ____D () C:\Program Files\Samsung 2014-11-13 14:23 - 2014-11-18 16:21 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Samsung ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 12:45 - 2013-09-19 06:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-19 12:32 - 2013-10-02 13:46 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-11-19 12:32 - 2013-08-14 13:14 - 01780751 _____ () C:\Windows\WindowsUpdate.log 2014-11-18 21:45 - 2013-08-17 12:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-18 21:45 - 2013-08-17 12:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-18 21:35 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-18 21:35 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-18 21:28 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-18 21:28 - 2009-07-13 19:04 - 00000505 _____ () C:\Windows\win.ini 2014-11-18 21:27 - 2010-11-20 14:48 - 00055450 _____ () C:\Windows\PFRO.log 2014-11-18 21:27 - 2009-07-13 21:39 - 00047516 _____ () C:\Windows\setupact.log 2014-11-18 20:56 - 2010-11-20 14:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-18 20:52 - 2013-08-17 10:26 - 00000000 ____D () C:\Users\Bruce 2014-11-18 20:52 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-11-18 20:51 - 2014-07-27 12:24 - 00000000 ____D () C:\Users\Cari 2014-11-18 20:51 - 2013-10-02 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus 2014-11-18 20:51 - 2013-10-02 13:46 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus 2014-11-18 20:51 - 2013-08-14 13:23 - 00000000 ____D () C:\Users\ADMIN 2014-11-18 20:51 - 2011-04-11 19:24 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-11-18 20:51 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration 2014-11-18 20:51 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat 2014-11-18 20:50 - 2013-08-17 10:36 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Mozilla 2014-11-18 20:50 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-18 18:28 - 2013-10-02 13:45 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Ad-Aware Antivirus 2014-11-03 08:58 - 2014-09-03 15:14 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Adobe Some content of TEMP: ==================== C:\Users\Bruce\AppData\Local\Temp\5612942e-db04-4d3d-8d8a-73c8b5176561.exe C:\Users\Bruce\AppData\Local\Temp\71e99d89-5e0f-481c-95ac-222102ce6731.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-17 19:46 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014 Ran by Bruce at 2014-11-19 13:22:34 Running from C:\Users\Bruce\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Antivirus (HKLM\...\{944167EA-7F89-4705-8DCD-1D63B53141B0}) (Version: 10.5.3.4405 - Lavasoft) Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated) AppEnable (HKLM\...\AppEnable) (Version: 2014.11.19.012109 - AppEnable) <==== ATTENTION Ask Toolbar for Epson (HKLM\...\{45504E56-3634-006A-76A7-A758B70C0A00}) (Version: 12.10.0.3562 - APN, LLC) <==== ATTENTION BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden Citrix Online Launcher (HKLM\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix) Dell ControlVault Host Components Installer (Version: 1.7.324.55 - Broadcom Corporation) Hidden Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.3.039 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.108 - ALPS ELECTRIC CO., LTD.) Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2520 Series Printer Uninstall (HKLM\...\EPSON WF-2520 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Fidelity Active Trader Pro® (HKLM\...\{D748701A-3301-4466-AC31-AF26A55A94B2}) (Version: 10.1.1193.0 - Fidelity Investments) GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla) OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation) Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (HKLM\...\9D57DE505B6D8C710EF3B74BE638DBB936EED8A3) (Version: 01/07/2008 1.0.1.5 - Dell Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{43887C67-4D5D-4127-BAAC-87A288494C7C}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll () CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\so_activex.dll () CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{BDD611C3-7BAB-460F-8711-5B9AC9EF6020}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll () CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{C6AB3E74-9F4F-4370-8120-A8A6FABB7A7C}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll () CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{CB43F086-838D-4FA4-B5F6-3406B9A57439}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll () CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) ==================== Restore Points ========================= 30-10-2014 19:04:08 Scheduled Checkpoint 06-11-2014 22:25:50 Scheduled Checkpoint 13-11-2014 21:23:09 Installed Samsung Kies3 13-11-2014 21:25:53 Installed Samsung Kies3 16-11-2014 19:52:09 Removed Samsung Kies3 18-11-2014 16:44:39 Installed CM Installer 18-11-2014 17:16:06 Device Driver Package Install: ClockworkMod 18-11-2014 22:46:28 Installed Samsung Kies3 18-11-2014 22:54:27 Removed Samsung Kies3 18-11-2014 22:55:55 Installed Samsung Kies 18-11-2014 23:19:19 Removed Samsung Kies 19-11-2014 03:48:21 Restore Operation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {560B0ED2-811F-4367-A116-596CE627DDE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-18] (Adobe Systems Incorporated) Task: {6CF06080-E76C-4FA5-BDD8-AB94E4B1A96C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-18 18:21 - 2014-11-18 21:11 - 00423152 _____ () C:\Program Files\AppEnable\updateAppEnable.exe 2013-10-02 13:48 - 2014-06-20 05:08 - 00192376 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll 2013-10-02 13:48 - 2014-06-20 05:08 - 00180088 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll 2014-11-18 19:29 - 2014-11-19 12:33 - 00123632 _____ () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe 2014-11-18 21:04 - 2014-11-13 19:42 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: APNMCP => 2 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" ========================= Accounts: ========================== ADMIN (S-1-5-21-1012554529-1352615859-3751022473-1000 - Administrator - Enabled) => C:\Users\ADMIN Administrator (S-1-5-21-1012554529-1352615859-3751022473-500 - Administrator - Disabled) Bruce (S-1-5-21-1012554529-1352615859-3751022473-1001 - Administrator - Enabled) => C:\Users\Bruce Cari (S-1-5-21-1012554529-1352615859-3751022473-1006 - Limited - Enabled) => C:\Users\Cari Guest (S-1-5-21-1012554529-1352615859-3751022473-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1012554529-1352615859-3751022473-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/18/2014 09:28:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 08:54:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 08:40:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 04:17:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Kies.exe version 1.0.0.1821 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 938 Start Time: 01d0038495c29fd4 Termination Time: 41 Application Path: C:\Program Files\Samsung\Kies\Kies.exe Report Id: ffc05a46-6f78-11e4-81f2-0024e8cb03bf Error: (11/18/2014 04:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 01:57:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 01:56:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: cozhost.exe, version: 1.1.0.27, time stamp: 0x5460fae7 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c Exception code: 0xc0000374 Fault offset: 0x000c3873 Faulting process id: 0x6d4 Faulting application start time: 0xcozhost.exe0 Faulting application path: cozhost.exe1 Faulting module path: cozhost.exe2 Report Id: cozhost.exe3 Error: (11/18/2014 10:40:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.1.5430, time stamp: 0x54656826 Faulting module name: mozalloc.dll, version: 33.1.1.5430, time stamp: 0x54654321 Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x1444 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: ) Description: Failed to uninstall source, code: 2 Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: ) Description: Can't query a value of the remote_log registry value, code: 2 System errors: ============= Error: (11/18/2014 09:28:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SBRE Error: (11/18/2014 08:39:09 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:38:07 PM on ‎11/‎18/‎2014 was unexpected. Error: (11/18/2014 04:07:20 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 4:06:29 PM on ‎11/‎18/‎2014 was unexpected. Error: (11/18/2014 01:56:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The cozhost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (11/18/2014 01:56:14 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 1:54:47 PM on ‎11/‎18/‎2014 was unexpected. Error: (11/16/2014 04:24:43 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32. The computer with the IP address 192.168.0.18 did not allow the name to be claimed by this computer. Error: (11/16/2014 04:05:50 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32. The computer with the IP address 192.168.0.18 did not allow the name to be claimed by this computer. Error: (11/16/2014 03:55:46 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32. The computer with the IP address 192.168.0.18 did not allow the name to be claimed by this computer. Error: (11/16/2014 03:35:17 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32. The computer with the IP address 192.168.0.18 did not allow the name to be claimed by this computer. Error: (11/16/2014 03:17:52 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32. The computer with the IP address 192.168.0.18 did not allow the name to be claimed by this computer. Microsoft Office Sessions: ========================= Error: (11/18/2014 09:28:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 08:54:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 08:40:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 04:17:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Kies.exe1.0.0.182193801d0038495c29fd441C:\Program Files\Samsung\Kies\Kies.exeffc05a46-6f78-11e4-81f2-0024e8cb03bf Error: (11/18/2014 04:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 01:57:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 01:56:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: cozhost.exe1.1.0.275460fae7ntdll.dll6.1.7601.18247521ea91cc0000374000c38736d401d0037218de68c4C:\PROGRA~2\zoomify2\110~1.27\cozhost.exeC:\Windows\SYSTEM32\ntdll.dll626866e3-6f65-11e4-b52e-0024e8cb03bf Error: (11/18/2014 10:40:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe33.1.1.543054656826mozalloc.dll33.1.1.5430546543218000000300001425144401d003374d76a95cC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll04e4ab3e-6f4a-11e4-bd53-0024e8cb03bf Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: ) Description: Failed to uninstall source, code: 2 Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: ) Description: Can't query a value of the remote_log registry value, code: 2 ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU P9400 @ 2.40GHz Percentage of memory in use: 37% Total physical RAM: 3535.9 MB Available physical RAM: 2208.19 MB Total Pagefile: 7070.09 MB Available Pagefile: 5654.49 MB Total Virtual: 2047.88 MB Available Virtual: 1896.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.95 GB) (Free:103.44 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 0BBD6AF0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  2. mateo

    Quarantine File Removal

    I'm using Ad-Aware Free Antivirus + version 10.3.45.3935 and I have several threats in the quarantine folder. I do not understand how to remove them. There are buttons that say "restore" and "delete selected" but I'm not sure if "delete selected" actually deletes the file from the computer or if it just removes the file/threat from the computer. Where is this mystical quarantine folder anyway and how does it work? When ad-aware detects a threat to quarantine, does it actually physically move the threat into an actual quarantine folder? How do I locate and ensure that I am permenantly removing quarantined files??? In the quarantine it says that I have this item Trojan-Clicker.HTML.RemoteScript (v) here C:\Users\Mateo\AppData\Local\Mozilla\Firefox\Profiles\5ybahnn3.default\Cache\5\6B. What do I have to do to get rid of it permenantly. Bottom line, while viewing the list of quarantined items, does highlighting it and clicking "delete selected" remove the files from the computer or just from that list?