Sign in to follow this  
bcook0407

trojan.win32.generic bt

Recommended Posts

Yesterday I was playing around with my Samsung Galaxy S3 and trying to install a custom rom and custom recovery. It seems that all of the sites i visited (xda developers, androidcentral, etc) were loaded with crappy adware, malware, etc. Even though I paid close attention to the downloads and the sneaky way that they install all kinds of crap (same as Adobe, Lavasoft) trying to take over my browser and advertising that my computer is infected, I still ended up with the trojan.win32.generic bt virus and another malicious adware program.

 

Can anyone give me specific step by step instructions for removing this virus? I have attached the FRST log files and I am running Windows 7 Pro.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by Bruce (administrator) on ADMIN-PC on 19-11-2014 13:21:38
Running from C:\Users\Bruce\Downloads
Loaded Profile: Bruce (Available profiles: ADMIN & Bruce & Cari)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\AppEnable\updateAppEnable.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAware.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
() C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\regedit.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [sBRegRebootCleaner] => C:\Program Files\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x791FE0EF6F9BCE01
HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://Vosteran.com/?f=1&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=
SearchScopes: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=
SearchScopes: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_47_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0Ezz0C0BtDtA0B0F0AyB0E0DtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzy0D0B0DtAtAtDtG0D0FyBzztG0CzztDyDtGzzyEyC0DtGyDyDyCyCzztDtByCzzyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyBzyyB0FzytBtG0DyEtCzytGyEtAtByCtGzyyEtB0EtGtBtD0DyBzztAzytDyEtC0ByE2Q&cr=2109753378&ir=
BHO: AppEnable -> {23d4646c-263a-4e2d-a08c-6c704557973d} -> C:\Program Files\AppEnable\AppEnablebho.dll (AppEnable)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\v7gtk1fs.default
FF Homepage: www.msn.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1012554529-1352615859-3751022473-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\v7gtk1fs.default\user.js
FF user.js: detected! => C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\user.js
FF SearchPlugin: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\searchplugins\trovi-search.xml
FF Extension: Zoomify - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\Extensions\[email protected] [2014-11-17]
FF Extension: Feedback - C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\jqw9x1ty.BruceP\Extensions\[email protected] [2013-08-25]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] () [File not signed]
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812392 2009-06-26] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [26984 2009-06-26] (Broadcom Corporation)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 MaintainerSvc4.00.5030318; C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe [123632 2014-11-19] ()
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 Update AppEnable; C:\Program Files\AppEnable\updateAppEnable.exe [423152 2014-11-18] ()
S2 Util AppEnable; C:\Program Files\AppEnable\bin\utilAppEnable.exe [423152 2014-11-19] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-10-02] (GFI Software)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software)
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
R1 {820a714f-c526-4777-8e87-e9d6612e0938}Gw; system32\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 13:21 - 2014-11-19 13:22 - 00010576 _____ () C:\Users\Bruce\Downloads\FRST.txt
2014-11-19 13:21 - 2014-11-19 13:21 - 00000000 ____D () C:\FRST
2014-11-19 13:19 - 2014-11-19 13:19 - 01108992 _____ (Farbar) C:\Users\Bruce\Downloads\FRST.exe
2014-11-18 21:58 - 2014-11-19 12:33 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-11-18 21:04 - 2014-11-18 21:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-18 21:01 - 2014-11-18 21:06 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Vosteran
2014-11-18 21:01 - 2014-11-18 21:06 - 00000000 ____D () C:\Program Files\AppEnable
2014-11-18 21:01 - 2014-11-18 21:00 - 00244032 _____ () C:\Users\Bruce\Downloads\Firefox_Setup_33.0.exe
2014-11-18 20:54 - 2014-11-18 20:54 - 00000000 __SHD () C:\Users\Bruce\AppData\Local\EmieUserList
2014-11-18 20:54 - 2014-11-18 20:54 - 00000000 __SHD () C:\Users\Bruce\AppData\Local\EmieSiteList
2014-11-18 20:53 - 2014-11-18 20:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-11-18 18:54 - 2014-11-18 18:54 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\VERIZON
2014-11-18 18:27 - 2014-11-18 18:27 - 00000000 ____D () C:\Users\Bruce\Downloads\VZW-I535VRUDNE1-20140626142723
2014-11-18 18:07 - 2014-11-18 18:26 - 1022225899 _____ () C:\Users\Bruce\Downloads\VZW-I535VRUDNE1-20140626142723.zip
2014-11-18 16:00 - 2014-11-18 16:21 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Samsung
2014-11-18 14:58 - 2014-11-18 14:58 - 02265785 _____ () C:\Users\Bruce\Downloads\SuperSU_Bootloader.zip
2014-11-18 14:58 - 2014-11-18 14:58 - 00000000 ____D () C:\Users\Bruce\Downloads\SuperSU_Bootloader
2014-11-18 14:52 - 2014-11-18 14:52 - 06936123 _____ () C:\Users\Bruce\Downloads\VRBMB1_Bootchain_CWM.tar.md5
2014-11-18 09:40 - 2014-11-18 09:59 - 173728798 _____ () C:\Users\Bruce\Downloads\cm-10.1.0-d2tmo.zip
2014-11-18 09:40 - 2014-11-18 09:58 - 173461585 _____ () C:\Users\Bruce\Downloads\cm-10.1.1-d2tmo.zip
2014-11-18 09:39 - 2014-11-18 10:03 - 175187516 _____ () C:\Users\Bruce\Downloads\cm-10.1.3-d2tmo.zip
2014-11-18 09:39 - 2014-11-18 10:03 - 173467084 _____ () C:\Users\Bruce\Downloads\cm-10.1.2-d2tmo.zip
2014-11-18 09:39 - 2014-11-18 10:02 - 185112993 _____ () C:\Users\Bruce\Downloads\cm-10.2.0-d2tmo.zip
2014-11-18 09:39 - 2014-11-18 10:00 - 191604039 _____ () C:\Users\Bruce\Downloads\cm-10.2.1-d2tmo.zip
2014-11-18 09:38 - 2014-11-18 09:59 - 173484265 _____ () C:\Users\Bruce\Downloads\cm-10.1.0.3-d2vzw.zip
2014-11-18 09:37 - 2014-11-18 10:04 - 175201733 _____ () C:\Users\Bruce\Downloads\cm-10.1.3-d2vzw.zip
2014-11-18 09:37 - 2014-11-18 10:00 - 173483147 _____ () C:\Users\Bruce\Downloads\cm-10.1.1-d2vzw.zip
2014-11-18 09:37 - 2014-11-18 09:58 - 173480249 _____ () C:\Users\Bruce\Downloads\cm-10.1.2-d2vzw.zip
2014-11-18 09:37 - 2014-11-18 09:56 - 185157213 _____ () C:\Users\Bruce\Downloads\cm-10.2.0-d2vzw.zip
2014-11-18 09:36 - 2014-11-18 09:59 - 191647370 _____ () C:\Users\Bruce\Downloads\cm-10.2.1-d2vzw.zip
2014-11-18 09:34 - 2014-11-18 09:34 - 02056192 _____ () C:\Users\Bruce\Downloads\CMInstaller.msi
2014-11-17 19:25 - 2014-11-17 19:25 - 00000000 ____D () C:\Users\Bruce\Desktop\Old Firefox Data
2014-11-17 19:19 - 2014-11-17 19:19 - 00000000 ____D () C:\Program Files\SearchProtect
2014-11-17 19:12 - 2014-11-17 19:12 - 00000000 ____D () C:\ProgramData\zoomify2
2014-11-17 19:05 - 2014-11-18 06:35 - 00000176 _____ () C:\Users\Bruce\Downloads\Odin_v3.10.zip
2014-11-17 18:57 - 2014-11-17 18:57 - 00995769 _____ () C:\Users\Bruce\Downloads\Odin3_v3.09.zip
2014-11-17 18:47 - 2014-11-17 18:47 - 00000000 ____D () C:\ProgramData\2308189059
2014-11-17 18:40 - 2014-11-17 18:40 - 00000000 ____D () C:\Users\Bruce\Documents\Optimizer Pro
2014-11-17 18:35 - 2014-11-18 13:56 - 00000000 ____D () C:\Program Files\Bench
2014-11-17 18:35 - 2014-11-17 19:23 - 00000003 _____ () C:\Users\Bruce\AppData\Local\proxy.log
2014-11-17 17:57 - 2014-11-17 17:57 - 06547456 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-touch-6.0.4.5-d2tmo.img
2014-11-17 17:57 - 2014-11-17 17:57 - 06547456 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-6.0.4.5-d2tmo.img
2014-11-17 17:56 - 2014-11-17 17:56 - 06547456 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-touch-6.0.4.5-d2vzw.img
2014-11-17 17:56 - 2014-11-17 17:56 - 06545408 _____ () C:\Users\Bruce\Downloads\recovery-clockwork-6.0.4.5-d2vzw.img
2014-11-17 17:02 - 2014-11-17 18:06 - 07587903 _____ () C:\Users\Bruce\Downloads\philz_touch_6.07.9-d2vzw.tar.md5
2014-11-17 16:32 - 2014-11-17 16:32 - 00200563 _____ () C:\Users\Bruce\Downloads\GooManager_2.1.3.apk
2014-11-17 16:27 - 2014-11-17 16:27 - 00000000 ____D () C:\ProgramData\FileTypeHelper
2014-11-17 16:11 - 2014-11-17 16:11 - 04647657 _____ () C:\Users\Bruce\Downloads\superuser.zip
2014-11-16 13:30 - 2014-11-16 13:30 - 00464072 _____ () C:\Users\Bruce\Downloads\Odin-v3.07.zip
2014-11-15 16:09 - 2014-11-15 16:09 - 07331840 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.1-d2vzw.tar
2014-11-15 16:08 - 2014-11-15 16:08 - 07557120 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2vzw.tar
2014-11-15 16:08 - 2014-11-15 16:08 - 07329792 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.1-d2vzw.img
2014-11-15 16:07 - 2014-11-15 16:07 - 07553024 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2vzw.img
2014-11-15 16:06 - 2014-11-15 16:06 - 06615040 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.0-d2tmo.tar
2014-11-15 16:05 - 2014-11-15 16:05 - 07557120 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2tmo.tar
2014-11-15 16:05 - 2014-11-15 16:05 - 06606848 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.6.3.0-d2tmo.img
2014-11-15 16:04 - 2014-11-15 16:04 - 07553024 _____ () C:\Users\Bruce\Downloads\openrecovery-twrp-2.8.1.0-d2tmo.img
2014-11-13 14:29 - 2014-11-18 16:20 - 00000000 ____D () C:\ProgramData\Samsung
2014-11-13 14:26 - 2014-11-13 14:26 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-11-13 14:24 - 2014-11-18 16:00 - 00000000 ____D () C:\Users\Bruce\Documents\SelfMV
2014-11-13 14:24 - 2014-11-13 14:32 - 00000000 ____D () C:\Users\Bruce\Documents\samsung
2014-11-13 14:23 - 2014-11-18 16:22 - 00000000 ____D () C:\Program Files\Samsung
2014-11-13 14:23 - 2014-11-18 16:21 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Samsung

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 12:45 - 2013-09-19 06:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 12:32 - 2013-10-02 13:46 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-11-19 12:32 - 2013-08-14 13:14 - 01780751 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 21:45 - 2013-08-17 12:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-18 21:45 - 2013-08-17 12:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-18 21:35 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 21:35 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 21:28 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 21:28 - 2009-07-13 19:04 - 00000505 _____ () C:\Windows\win.ini
2014-11-18 21:27 - 2010-11-20 14:48 - 00055450 _____ () C:\Windows\PFRO.log
2014-11-18 21:27 - 2009-07-13 21:39 - 00047516 _____ () C:\Windows\setupact.log
2014-11-18 20:56 - 2010-11-20 14:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 20:52 - 2013-08-17 10:26 - 00000000 ____D () C:\Users\Bruce
2014-11-18 20:52 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-18 20:51 - 2014-07-27 12:24 - 00000000 ____D () C:\Users\Cari
2014-11-18 20:51 - 2013-10-02 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-11-18 20:51 - 2013-10-02 13:46 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus
2014-11-18 20:51 - 2013-08-14 13:23 - 00000000 ____D () C:\Users\ADMIN
2014-11-18 20:51 - 2011-04-11 19:24 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-18 20:51 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2014-11-18 20:51 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2014-11-18 20:50 - 2013-08-17 10:36 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Mozilla
2014-11-18 20:50 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-18 18:28 - 2013-10-02 13:45 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Ad-Aware Antivirus
2014-11-03 08:58 - 2014-09-03 15:14 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Bruce\AppData\Local\Temp\5612942e-db04-4d3d-8d8a-73c8b5176561.exe
C:\Users\Bruce\AppData\Local\Temp\71e99d89-5e0f-481c-95ac-222102ce6731.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 19:46

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014
Ran by Bruce at 2014-11-19 13:22:34
Running from C:\Users\Bruce\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{944167EA-7F89-4705-8DCD-1D63B53141B0}) (Version: 10.5.3.4405 - Lavasoft)
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AppEnable (HKLM\...\AppEnable) (Version: 2014.11.19.012109 - AppEnable) <==== ATTENTION
Ask Toolbar for Epson (HKLM\...\{45504E56-3634-006A-76A7-A758B70C0A00}) (Version: 12.10.0.3562 - APN, LLC) <==== ATTENTION
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Citrix Online Launcher (HKLM\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Dell ControlVault Host Components Installer (Version: 1.7.324.55 - Broadcom Corporation) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.3.039 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.108 - ALPS ELECTRIC CO., LTD.)
Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2520 Series Printer Uninstall (HKLM\...\EPSON WF-2520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Fidelity Active Trader Pro® (HKLM\...\{D748701A-3301-4466-AC31-AF26A55A94B2}) (Version: 10.1.1193.0 - Fidelity Investments)
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-1012554529-1352615859-3751022473-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (HKLM\...\9D57DE505B6D8C710EF3B74BE638DBB936EED8A3) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{43887C67-4D5D-4127-BAAC-87A288494C7C}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll ()
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\so_activex.dll ()
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{BDD611C3-7BAB-460F-8711-5B9AC9EF6020}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll ()
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{C6AB3E74-9F4F-4370-8120-A8A6FABB7A7C}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll ()
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{CB43F086-838D-4FA4-B5F6-3406B9A57439}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\xmergesync.dll ()
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1012554529-1352615859-3751022473-1001_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

==================== Restore Points =========================

30-10-2014 19:04:08 Scheduled Checkpoint
06-11-2014 22:25:50 Scheduled Checkpoint
13-11-2014 21:23:09 Installed Samsung Kies3
13-11-2014 21:25:53 Installed Samsung Kies3
16-11-2014 19:52:09 Removed Samsung Kies3
18-11-2014 16:44:39 Installed CM Installer
18-11-2014 17:16:06 Device Driver Package Install: ClockworkMod
18-11-2014 22:46:28 Installed Samsung Kies3
18-11-2014 22:54:27 Removed Samsung Kies3
18-11-2014 22:55:55 Installed Samsung Kies
18-11-2014 23:19:19 Removed Samsung Kies
19-11-2014 03:48:21 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {560B0ED2-811F-4367-A116-596CE627DDE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-18] (Adobe Systems Incorporated)
Task: {6CF06080-E76C-4FA5-BDD8-AB94E4B1A96C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-11-18 18:21 - 2014-11-18 21:11 - 00423152 _____ () C:\Program Files\AppEnable\updateAppEnable.exe
2013-10-02 13:48 - 2014-06-20 05:08 - 00192376 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-10-02 13:48 - 2014-06-20 05:08 - 00180088 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2014-11-18 19:29 - 2014-11-19 12:33 - 00123632 _____ () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
2014-11-18 21:04 - 2014-11-13 19:42 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: APNMCP => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"

========================= Accounts: ==========================

ADMIN (S-1-5-21-1012554529-1352615859-3751022473-1000 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-1012554529-1352615859-3751022473-500 - Administrator - Disabled)
Bruce (S-1-5-21-1012554529-1352615859-3751022473-1001 - Administrator - Enabled) => C:\Users\Bruce
Cari (S-1-5-21-1012554529-1352615859-3751022473-1006 - Limited - Enabled) => C:\Users\Cari
Guest (S-1-5-21-1012554529-1352615859-3751022473-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1012554529-1352615859-3751022473-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 09:28:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 08:54:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 08:40:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 04:17:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Kies.exe version 1.0.0.1821 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 938

Start Time: 01d0038495c29fd4

Termination Time: 41

Application Path: C:\Program Files\Samsung\Kies\Kies.exe

Report Id: ffc05a46-6f78-11e4-81f2-0024e8cb03bf

Error: (11/18/2014 04:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 01:57:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 01:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozhost.exe, version: 1.1.0.27, time stamp: 0x5460fae7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0x6d4
Faulting application start time: 0xcozhost.exe0
Faulting application path: cozhost.exe1
Faulting module path: cozhost.exe2
Report Id: cozhost.exe3

Error: (11/18/2014 10:40:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.1.5430, time stamp: 0x54656826
Faulting module name: mozalloc.dll, version: 33.1.1.5430, time stamp: 0x54654321
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1444
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Failed to uninstall source, code: 2

Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the remote_log registry value, code: 2


System errors:
=============
Error: (11/18/2014 09:28:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (11/18/2014 08:39:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:38:07 PM on ‎11/‎18/‎2014 was unexpected.

Error: (11/18/2014 04:07:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:06:29 PM on ‎11/‎18/‎2014 was unexpected.

Error: (11/18/2014 01:56:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The cozhost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/18/2014 01:56:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:54:47 PM on ‎11/‎18/‎2014 was unexpected.

Error: (11/16/2014 04:24:43 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.
The computer with the IP address 192.168.0.18 did not allow the name to be claimed by
this computer.

Error: (11/16/2014 04:05:50 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.
The computer with the IP address 192.168.0.18 did not allow the name to be claimed by
this computer.

Error: (11/16/2014 03:55:46 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.
The computer with the IP address 192.168.0.18 did not allow the name to be claimed by
this computer.

Error: (11/16/2014 03:35:17 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.
The computer with the IP address 192.168.0.18 did not allow the name to be claimed by
this computer.

Error: (11/16/2014 03:17:52 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "ADMIN-PC :0" could not be registered on the interface with IP address 192.168.0.32.
The computer with the IP address 192.168.0.18 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (11/18/2014 09:28:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 08:54:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 08:40:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 04:17:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Kies.exe1.0.0.182193801d0038495c29fd441C:\Program Files\Samsung\Kies\Kies.exeffc05a46-6f78-11e4-81f2-0024e8cb03bf

Error: (11/18/2014 04:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 01:57:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 01:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cozhost.exe1.1.0.275460fae7ntdll.dll6.1.7601.18247521ea91cc0000374000c38736d401d0037218de68c4C:\PROGRA~2\zoomify2\110~1.27\cozhost.exeC:\Windows\SYSTEM32\ntdll.dll626866e3-6f65-11e4-b52e-0024e8cb03bf

Error: (11/18/2014 10:40:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.1.543054656826mozalloc.dll33.1.1.5430546543218000000300001425144401d003374d76a95cC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll04e4ab3e-6f4a-11e4-bd53-0024e8cb03bf

Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Failed to uninstall source, code: 2

Error: (11/17/2014 07:26:35 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the remote_log registry value, code: 2


==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU P9400 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 3535.9 MB
Available physical RAM: 2208.19 MB
Total Pagefile: 7070.09 MB
Available Pagefile: 5654.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:103.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 0BBD6AF0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Share this post


Link to post
Share on other sites

Hi bcook0407,

 

I can see several adware programs in the logs.

 

1. Please, try to uninstall:

AppEnable due to http://www.systemlookup.com/CLSID/84462-appenablebho_dll.html

 

Restart the computer.

 

 

2. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

 

Click on the Scan button.

Wait until the search has finished.

 

Click on the Report button.

A report will be displayed, copy its content and paste into your answer.

If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this