bcook0407 0 Report post Posted November 19, 2014 Yesterday I was playing around with my Samsung Galaxy S3 and trying to install a custom rom and custom recovery. It seems that all of the sites i visited (xda developers, androidcentral, etc) were loaded with crappy adware, malware, etc. Even though I paid close attention to the downloads and the sneaky way that they install all kinds of crap (same as Adobe, Lavasoft) trying to take over my browser and advertising that my computer is infected, I still ended up with the trojan.win32.generic bt virus and another malicious adware program. Can anyone give me specific step by step instructions for removing this virus? I have attached the FRST log files and I am running Windows 7 Pro. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014Ran by Bruce (administrator) on ADMIN-PC on 19-11-2014 13:21:38Running from C:\Users\Bruce\DownloadsLoaded Profile: Bruce (Available profiles: ADMIN & Bruce & Cari)Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE() C:\Program Files\AppEnable\updateAppEnable.exe(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAware.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe() C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Windows\HelpPane.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Microsoft Corporation) C:\Windows\regedit.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.)HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)HKLM\...\Run: [Ad-Aware Antivirus] => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-runHKLM\...\Run: [sBRegRebootCleaner] => C:\Program Files\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x791FE0EF6F9BCE01HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://Vosteran.com/?f=1&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No FileSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=SearchScopes: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=SearchScopes: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=BHO: AppEnable -> {23d4646c-263a-4e2d-a08c-6c704557973d} -> C:\Program Files\AppEnable\AppEnablebho.dll (AppEnable)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25FireFox:========FF ProfilePath: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\v7gtk1fs.defaultFF Homepage: www.msn.comFF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1012554529-1352615859-3751022473-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF user.js: detected! => C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\v7gtk1fs.default\user.jsFF user.js: detected! => C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\user.jsFF SearchPlugin: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\searchplugins\trovi-search.xmlFF Extension: Zoomify - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\Extensions\[email protected] [2014-11-17]FF Extension: Feedback - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\Extensions\[email protected] [2013-08-25]Chrome:================================= Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] () [File not signed]R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812392 2009-06-26] (Broadcom Corporation)R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [26984 2009-06-26] (Broadcom Corporation)R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)R2 MaintainerSvc4.00.5030318; C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe [123632 2014-11-19] ()R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)R2 Update AppEnable; C:\Program Files\AppEnable\updateAppEnable.exe [423152 2014-11-18] ()S2 Util AppEnable; C:\Program Files\AppEnable\bin\utilAppEnable.exe [423152 2014-11-19] ()==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-10-02] (GFI Software)R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software)S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]R1 {820a714f-c526-4777-8e87-e9d6612e0938}Gw; system32\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-19 13:21 - 2014-11-19 13:22 - 00010576 _____ () C:\Users\Bruce\Downloads\FRST.txt2014-11-19 13:21 - 2014-11-19 13:21 - 00000000 ____D () C:\FRST2014-11-19 13:19 - 2014-11-19 13:19 - 01108992 _____ (Farbar) C:\Users\Bruce\Downloads\FRST.exe2014-11-18 21:58 - 2014-11-19 12:33 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c550092014-11-18 21:04 - 2014-11-18 21:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-11-18 21:01 - 2014-11-18 21:06 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Vosteran2014-11-18 21:01 - 2014-11-18 21:06 - 00000000 ____D () C:\Program Files\AppEnable2014-11-18 21:01 - 2014-11-18 21:00 - 00244032 _____ () C:\Users\Bruce\Downloads\Firefox_Setup_33.0.exe2014-11-18 20:54 - 2014-11-18 20:54 - 00000000 __SHD () C:\Users\Bruce\AppData\Local\EmieUserList2014-11-18 20:54 - 2014-11-18 20:54 - 00000000 __SHD () C:\Users\Bruce\AppData\Local\EmieSiteList2014-11-18 20:53 - 2014-11-18 20:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf2014-11-18 18:54 - 2014-11-18 18:54 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\VERIZON2014-11-18 18:27 - 2014-11-18 18:27 - 00000000 ____D () C:\Users\Bruce\Downloads\VZW-I535VRUDNE1-201406261427232014-11-18 18:07 - 2014-11-18 18:26 - 1022225899 _____ () C:\Users\Bruce\Downloads\VZW-I535VRUDNE1-20140626142723.zip2014-11-18 16:00 - 2014-11-18 16:21 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Samsung2014-11-18 14:58 - 2014-11-18 14:58 - 02265785 _____ () C:\Users\Bruce\Downloads\SuperSU_Bootloader.zip2014-11-18 14:58 - 2014-11-18 14:58 - 00000000 ____D () C:\Users\Bruce\Downloads\SuperSU_Bootloader2014-11-18 14:52 - 2014-11-18 14:52 - 06936123 _____ () C:\Users\Bruce\Downloads\VRBMB1_Bootchain_CWM.tar.md52014-11-18 09:40 - 2014-11-18 09:59 - 173728798 _____ () C:\Users\Bruce\Downloads\cm-10.1.0-d2tmo.zip2014-11-18 09:40 - 2014-11-18 09:58 - 173461585 _____ () C:\Users\Bruce\Downloads\cm-10.1.1-d2tmo.zip2014-11-18 09:39 - 2014-11-18 10:03 - 175187516 _____ () C:\Users\Bruce\Downloads\cm-10.1.3-d2tmo.zip2014-11-18 09:39 - 2014-11-18 10:03 - 173467084 _____ () C:\Users\Bruce\Downloads\cm-10.1.2-d2tmo.zip2014-11-18 09:39 - 2014-11-18 10:02 - 185112993 _____ () C:\Users\Bruce\Downloads\cm-10.2.0-d2tmo.zip2014-11-18 09:39 - 2014-11-18 10:00 - 191604039 _____ () C:\Users\Bruce\Downloads\cm-10.2.1-d2tmo.zip2014-11-18 09:38 - 2014-11-18 09:59 - 173484265 _____ () C:\Users\Bruce\Downloads\cm-10.1.0.3-d2vzw.zip2014-11-18 09:37 - 2014-11-18 10:04 - 175201733 _____ () C:\Users\Bruce\Downloads\cm-10.1.3-d2vzw.zip2014-11-18 09:37 - 2014-11-18 10:00 - 173483147 _____ () C:\Users\Bruce\Downloads\cm-10.1.1-d2vzw.zip2014-11-18 09:37 - 2014-11-18 09:58 - 173480249 _____ () C:\Users\Bruce\Downloads\cm-10.1.2-d2vzw.zip2014-11-18 09:37 - 2014-11-18 09:56 - 185157213 _____ () C:\Users\Bruce\Downloads\cm-10.2.0-d2vzw.zip2014-11-18 09:36 - 2014-11-18 09:59 - 191647370 _____ () C:\Users\Bruce\Downloads\cm-10.2.1-d2vzw.zip2014-11-18 09:34 - 2014-11-18 09:34 - 02056192 _____ () C:\Users\Bruce\Downloads\CMInstaller.msi2014-11-17 19:25 - 2014-11-17 19:25 - 00000000 ____D () C:\Users\Bruce\Desktop\Old Firefox Data2014-11-17 19:19 - 2014-11-17 19:19 - 00000000 ____D () C:\Program Files\SearchProtect2014-11-17 19:12 - 2014-11-17 19:12 - 00000000 ____D () C:\ProgramData\zoomify22014-11-17 19:05 - 2014-11-18 06:35 - 00000176 _____ () C:\Users\Bruce\Downloads\Odin_v3.10.zip2014-11-17 18:57 - 2014-11-17 18:57 - 00995769 _____ () C:\Users\Bruce\Downloads\Odin3_v3.09.zip2014-11-17 18:47 - 2014-11-17 18:47 - 00000000 ____D () C:\ProgramData\23081890592014-11-17 18:40 - 2014-11-17 18:40 - 00000000 ____D () C:\Users\Bruce\Documents\Optimizer Pro2014-11-17 18:35 - 2014-11-18 13:56 - 00000000 ____D () C:\Program Files\Bench2014-11-17 18:35 - 2014-11-17 19:23 - 00000003 _____ () C:\Users\Bruce\AppData\Local\proxy.log2014-11-17 17:57 - 2014-11-17 17:57 - 06547456 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-touch-6.0.4.5-d2tmo.img2014-11-17 17:57 - 2014-11-17 17:57 - 06547456 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-6.0.4.5-d2tmo.img2014-11-17 17:56 - 2014-11-17 17:56 - 06547456 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-touch-6.0.4.5-d2vzw.img2014-11-17 17:56 - 2014-11-17 17:56 - 06545408 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-6.0.4.5-d2vzw.img2014-11-17 17:02 - 2014-11-17 18:06 - 07587903 _____ () C:\Users\Bruce\Downloads\philz_touch_6.07.9-d2vzw.tar.md52014-11-17 16:32 - 2014-11-17 16:32 - 00200563 _____ () C:\Users\Bruce\Downloads\GooManager_2.1.3.apk2014-11-17 16:27 - 2014-11-17 16:27 - 00000000 ____D () C:\ProgramData\FileTypeHelper2014-11-17 16:11 - 2014-11-17 16:11 - 04647657 _____ () C:\Users\Bruce\Downloads\superuser.zip2014-11-16 13:30 - 2014-11-16 13:30 - 00464072 _____ () C:\Users\Bruce\Downloads\Odin-v3.07.zip2014-11-15 16:09 - 2014-11-15 16:09 - 07331840 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.1-d2vzw.tar2014-11-15 16:08 - 2014-11-15 16:08 - 07557120 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2vzw.tar2014-11-15 16:08 - 2014-11-15 16:08 - 07329792 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.1-d2vzw.img2014-11-15 16:07 - 2014-11-15 16:07 - 07553024 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2vzw.img2014-11-15 16:06 - 2014-11-15 16:06 - 06615040 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.0-d2tmo.tar2014-11-15 16:05 - 2014-11-15 16:05 - 07557120 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2tmo.tar2014-11-15 16:05 - 2014-11-15 16:05 - 06606848 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.0-d2tmo.img2014-11-15 16:04 - 2014-11-15 16:04 - 07553024 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2tmo.img2014-11-13 14:29 - 2014-11-18 16:20 - 00000000 ____D () C:\ProgramData\Samsung2014-11-13 14:26 - 2014-11-13 14:26 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log2014-11-13 14:24 - 2014-11-18 16:00 - 00000000 ____D () C:\Users\Bruce\Documents\SelfMV2014-11-13 14:24 - 2014-11-13 14:32 - 00000000 ____D () C:\Users\Bruce\Documents\samsung2014-11-13 14:23 - 2014-11-18 16:22 - 00000000 ____D () C:\Program Files\Samsung2014-11-13 14:23 - 2014-11-18 16:21 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Samsung==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-19 12:45 - 2013-09-19 06:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-19 12:32 - 2013-10-02 13:46 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-11-19 12:32 - 2013-08-14 13:14 - 01780751 _____ () C:\Windows\WindowsUpdate.log2014-11-18 21:45 - 2013-08-17 12:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-11-18 21:45 - 2013-08-17 12:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-11-18 21:35 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-18 21:35 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-18 21:28 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-18 21:28 - 2009-07-13 19:04 - 00000505 _____ () C:\Windows\win.ini2014-11-18 21:27 - 2010-11-20 14:48 - 00055450 _____ () C:\Windows\PFRO.log2014-11-18 21:27 - 2009-07-13 21:39 - 00047516 _____ () C:\Windows\setupact.log2014-11-18 20:56 - 2010-11-20 14:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-18 20:52 - 2013-08-17 10:26 - 00000000 ____D () C:\Users\Bruce2014-11-18 20:52 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp2014-11-18 20:51 - 2014-07-27 12:24 - 00000000 ____D () C:\Users\Cari2014-11-18 20:51 - 2013-10-02 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus2014-11-18 20:51 - 2013-10-02 13:46 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus2014-11-18 20:51 - 2013-08-14 13:23 - 00000000 ____D () C:\Users\ADMIN2014-11-18 20:51 - 2011-04-11 19:24 - 00000000 ___RD () C:\Users\Public\Recorded TV2014-11-18 20:51 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration2014-11-18 20:51 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat2014-11-18 20:50 - 2013-08-17 10:36 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Mozilla2014-11-18 20:50 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET2014-11-18 18:28 - 2013-10-02 13:45 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Ad-Aware Antivirus2014-11-03 08:58 - 2014-09-03 15:14 - 00000000 ____D () C:\Users\Bruce\AppData\Local\AdobeSome content of TEMP:====================C:\Users\Bruce\AppData\Local\Temp\5612942e-db04-4d3d-8d8a-73c8b5176561.exeC:\Users\Bruce\AppData\Local\Temp\71e99d89-5e0f-481c-95ac-222102ce6731.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-11-17 19:46==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014Ran by Bruce at 2014-11-19 13:22:34Running from C:\Users\Bruce\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Ad-Aware Antivirus (HKLM\...\{944167EA-7F89-4705-8DCD-1D63B53141B0}) (Version: 10.5.3.4405 - Lavasoft)Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)AppEnable (HKLM\...\AppEnable) (Version: 2014.11.19.012109 - AppEnable) <==== ATTENTIONAsk Toolbar for Epson (HKLM\...\{45504E56-3634-006A-76A7-A758B70C0A00}) (Version: 12.10.0.3562 - APN, LLC) <==== ATTENTIONBioAPI Framework (Version: 1.0.1 - Dell Inc.) HiddenCitrix Online Launcher (HKLM\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)Dell ControlVault Host Components Installer (Version: 1.7.324.55 - Broadcom Corporation) HiddenDell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.3.039 - Dell)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.108 - ALPS ELECTRIC CO., LTD.)Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WF-2520 Series Printer Uninstall (HKLM\...\EPSON WF-2520 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)Fidelity Active Trader Pro® (HKLM\...\{D748701A-3301-4466-AC31-AF26A55A94B2}) (Version: 10.1.1193.0 - Fidelity Investments)GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (HKLM\...\9D57DE505B6D8C710EF3B74BE638DBB936EED8A3) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{43887C67-4D5D-4127-BAAC-87A288494C7C}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll ()CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\so_activex.dll ()CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{BDD611C3-7BAB-460F-8711-5B9AC9EF6020}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll ()CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{C6AB3E74-9F4F-4370-8120-A8A6FABB7A7C}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll ()CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{CB43F086-838D-4FA4-B5F6-3406B9A57439}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll ()CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)==================== Restore Points =========================30-10-2014 19:04:08 Scheduled Checkpoint06-11-2014 22:25:50 Scheduled Checkpoint13-11-2014 21:23:09 Installed Samsung Kies313-11-2014 21:25:53 Installed Samsung Kies316-11-2014 19:52:09 Removed Samsung Kies318-11-2014 16:44:39 Installed CM Installer18-11-2014 17:16:06 Device Driver Package Install: ClockworkMod18-11-2014 22:46:28 Installed Samsung Kies318-11-2014 22:54:27 Removed Samsung Kies318-11-2014 22:55:55 Installed Samsung Kies18-11-2014 23:19:19 Removed Samsung Kies19-11-2014 03:48:21 Restore Operation==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {560B0ED2-811F-4367-A116-596CE627DDE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-18] (Adobe Systems Incorporated)Task: {6CF06080-E76C-4FA5-BDD8-AB94E4B1A96C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe==================== Loaded Modules (whitelisted) =============2014-11-18 18:21 - 2014-11-18 21:11 - 00423152 _____ () C:\Program Files\AppEnable\updateAppEnable.exe2013-10-02 13:48 - 2014-06-20 05:08 - 00192376 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll2013-10-02 13:48 - 2014-06-20 05:08 - 00180088 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll2014-11-18 19:29 - 2014-11-19 12:33 - 00123632 _____ () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe2014-11-18 21:04 - 2014-11-13 19:42 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\Services: APNMCP => 2MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"MSCONFIG\startupreg: EPLTarget =>MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"========================= Accounts: ==========================ADMIN (S-1-5-21-1012554529-1352615859-3751022473-1000 - Administrator - Enabled) => C:\Users\ADMINAdministrator (S-1-5-21-1012554529-1352615859-3751022473-500 - Administrator - Disabled)Bruce (S-1-5-21-1012554529-1352615859-3751022473-1001 - Administrator - Enabled) => C:\Users\BruceCari (S-1-5-21-1012554529-1352615859-3751022473-1006 - Limited - Enabled) => C:\Users\CariGuest (S-1-5-21-1012554529-1352615859-3751022473-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1012554529-1352615859-3751022473-1005 - Limited - Enabled)==================== Faulty Device Manager Devices =============Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.==================== Event log errors: =========================Application errors:==================Error: (11/18/2014 09:28:24 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 08:54:04 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 08:40:51 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 04:17:37 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Kies.exe version 1.0.0.1821 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 938Start Time: 01d0038495c29fd4Termination Time: 41Application Path: C:\Program Files\Samsung\Kies\Kies.exeReport Id: ffc05a46-6f78-11e4-81f2-0024e8cb03bfError: (11/18/2014 04:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 01:57:51 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 01:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: cozhost.exe, version: 1.1.0.27, time stamp: 0x5460fae7Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91cException code: 0xc0000374Fault offset: 0x000c3873Faulting process id: 0x6d4Faulting application start time: 0xcozhost.exe0Faulting application path: cozhost.exe1Faulting module path: cozhost.exe2Report Id: cozhost.exe3Error: (11/18/2014 10:40:43 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 33.1.1.5430, time stamp: 0x54656826Faulting module name: mozalloc.dll, version: 33.1.1.5430, time stamp: 0x54654321Exception code: 0x80000003Fault offset: 0x00001425Faulting process id: 0x1444Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Failed to uninstall source, code: 2Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the remote_log registry value, code: 2System errors:=============Error: (11/18/2014 09:28:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:SBREError: (11/18/2014 08:39:09 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 8:38:07 PM on 11/18/2014 was unexpected.Error: (11/18/2014 04:07:20 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 4:06:29 PM on 11/18/2014 was unexpected.Error: (11/18/2014 01:56:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The cozhost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error: (11/18/2014 01:56:14 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 1:54:47 PM on 11/18/2014 was unexpected.Error: (11/16/2014 04:24:43 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.The computer with the IP address 192.168.0.18 did not allow the name to be claimed bythis computer.Error: (11/16/2014 04:05:50 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.The computer with the IP address 192.168.0.18 did not allow the name to be claimed bythis computer.Error: (11/16/2014 03:55:46 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.The computer with the IP address 192.168.0.18 did not allow the name to be claimed bythis computer.Error: (11/16/2014 03:35:17 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.The computer with the IP address 192.168.0.18 did not allow the name to be claimed bythis computer.Error: (11/16/2014 03:17:52 PM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.The computer with the IP address 192.168.0.18 did not allow the name to be claimed bythis computer.Microsoft Office Sessions:=========================Error: (11/18/2014 09:28:24 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 08:54:04 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 08:40:51 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 04:17:37 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Kies.exe1.0.0.182193801d0038495c29fd441C:\Program Files\Samsung\Kies\Kies.exeffc05a46-6f78-11e4-81f2-0024e8cb03bfError: (11/18/2014 04:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 01:57:51 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/18/2014 01:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )Description: cozhost.exe1.1.0.275460fae7ntdll.dll6.1.7601.18247521ea91cc0000374000c38736d401d0037218de68c4C:\PROGRA~2\zoomify2\110~1.27\cozhost.exeC:\Windows\SYSTEM32\ntdll.dll626866e3-6f65-11e4-b52e-0024e8cb03bfError: (11/18/2014 10:40:43 AM) (Source: Application Error) (EventID: 1000) (User: )Description: plugin-container.exe33.1.1.543054656826mozalloc.dll33.1.1.5430546543218000000300001425144401d003374d76a95cC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll04e4ab3e-6f4a-11e4-bd53-0024e8cb03bfError: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Failed to uninstall source, code: 2Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )Description: Can't query a value of the remote_log registry value, code: 2==================== Memory info ===========================Processor: Intel® Core2 Duo CPU P9400 @ 2.40GHzPercentage of memory in use: 37%Total physical RAM: 3535.9 MBAvailable physical RAM: 2208.19 MBTotal Pagefile: 7070.09 MBAvailable Pagefile: 5654.49 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1896.86 MB==================== Drives ================================Drive c: () (Fixed) (Total:148.95 GB) (Free:103.44 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 0BBD6AF0)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)==================== End Of Log ============================ Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted November 20, 2014 Hi bcook0407, I can see several adware programs in the logs. 1. Please, try to uninstall: AppEnable due to http://www.systemlookup.com/CLSID/84462-appenablebho_dll.html Restart the computer. 2. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/ Turn off all programs, including browsers. Double-click on AdwCleaner to start the program. Click on the Scan button. Wait until the search has finished. Click on the Report button. A report will be displayed, copy its content and paste into your answer. If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[R0].txt. Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted February 25, 2015 Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You ! Share this post Link to post Share on other sites