mikehende Posted December 1, 2014 Posted December 1, 2014 Hey guys, my machine running win7 is showing an error message on startup: There was a problem starting C:\Users\mike\AppData\local\Conduit\BackgroundContainer\BackgroundContainer.dll The specified module could not be found Help please? Quote
FPCH Admin allheart55 Cindy E Posted December 1, 2014 FPCH Admin Posted December 1, 2014 Hi Mike, Try this.....http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/backgroundcontainerdll-module-not-found/7aff8655-ca29-4354-9213-5a45252e9d39 You may want to have Starbuck take a look at your pc. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
mikehende Posted December 1, 2014 Author Posted December 1, 2014 Actually Cindy, I think I just solved it, I never expected this pc to get any viruses since I only use it to play music and it never goes on the net so I thought it was something else but the malware scan showed many entries, all is well now, thanks. Quote
starbuck Posted December 1, 2014 Posted December 1, 2014 There was a problem starting C:\Users\mike\AppData\local\Conduit\BackgroundContainer\BackgroundContainer.dll The specified module could not be found Sounds like a security program has removed Conduit, but has left one or more orphan entries behind. Quote
mikehende Posted December 1, 2014 Author Posted December 1, 2014 Yeah but Mbam took care of it. Quote
Rich-M Posted December 3, 2014 Posted December 3, 2014 As long as the internet is connected as you have found out, Malware can creep in and networks that are open are all suspect! You might want toi let Pete take a look at some logs Mike. Quote
mikehende Posted December 3, 2014 Author Posted December 3, 2014 Yeah, I did not pay attention to that and also that something can creep in from other pc's on my network, no need to bother Pete, I did a total cleaning, all is fine now so far. Quote
mikehende Posted December 3, 2014 Author Posted December 3, 2014 With malware it's never certain I think unless you reformat, I see no abnormal activity but I don't really use that pc much, only on a saturday to run music for a few hours, come to think of it why not be sure? I'll reach out to Pete to see if he can find anything, thanks. 1 Quote
DSTM Posted December 3, 2014 Posted December 3, 2014 Smart decision. Always best to be sure. Quote Roses are red, violets are blue, I'm Schizophrenic, and so am I Free Photo Restoration and Repair for all Forum members - CLICK HERE Please pop back and let us know if your Computer problem has been solved.
starbuck Posted December 3, 2014 Posted December 3, 2014 Have sent you a PM Mike. Just post the results here, of the scan i asked for and i'll take a look. 2 Quote
mikehende Posted December 4, 2014 Author Posted December 4, 2014 Oh, sop sorry Pete, looks like I had posted in the pm by mistake last night instead of in this thread, please see blow: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014 Ran by mike (administrator) on MIKEPC on 03-12-2014 19:05:32 Running from C:\Users\mike\Desktop Loaded Profile: mike (Available profiles: mike) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (2X Software Ltd.) C:\Program Files\2X\ApplicationServer\2XController.exe (2X Software Ltd.) C:\Program Files\2X\ApplicationServer\2XRedundancy.exe (2X Software Ltd.) C:\Program Files\2X\ApplicationServer\2XProxyGateway.exe (2X Software Ltd.) C:\Program Files\2X\ApplicationServer\2XAgent.exe (Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe () C:\Program Files\NETGEAR\A6200\WifiService.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (2X Software Ltd.) C:\Program Files\2X\ApplicationServer\TuxMonitor.exe (NETGEAR,Inc.) C:\Program Files\NETGEAR\A6200\A6200.exe (Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncclipboard.exe (Ipswitch) C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor) HKLM\...\Run: [installerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters). HKLM\...\Run: [GENIE] => C:\Program Files\NETGEAR\A6200\A6200.exe [348888 2013-02-18] (NETGEAR,Inc.) HKLM\...\Run: [LanuchApp] => C:\Program Files\NETGEAR\A6200\LanuchApp.exe [15136 2012-07-11] () HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 0 HKU\S-1-5-21-855852175-3270004835-611297600-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe HKU\S-1-5-21-855852175-3270004835-611297600-1001\...\Run: [EPSONB8BAA5 (WorkForce 840)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGMA.EXE [201216 2010-01-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" HKU\S-1-5-18\...\Run: [bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-08-17] (Microsoft Corporation) Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Monitor.lnk ShortcutTarget: 2X Monitor.lnk -> C:\Program Files\2X\ApplicationServer\TuxMonitor.exe (2X Software Ltd.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-855852175-3270004835-611297600-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-855852175-3270004835-611297600-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-855852175-3270004835-611297600-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-855852175-3270004835-611297600-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7EA3F9548398CE01 HKU\S-1-5-21-855852175-3270004835-611297600-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKU\S-1-5-21-855852175-3270004835-611297600-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM - (No Name) - {eef3855c-fc2d-41e6-8d91-d368f51b3055} - No File SearchScopes: HKLM -> DefaultScope {4D367D41-2111-4C13-B8A9-8FA3CFE72D27} URL = SearchScopes: HKU\S-1-5-21-855852175-3270004835-611297600-1001 -> DefaultScope {4D367D41-2111-4C13-B8A9-8FA3CFE72D27} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File ShellExecuteHooks: UrlHook Class - {AFBDFF94-346C-4C3D-AC24-3DA0B41BB6CD} - C:\Program Files\2X\ApplicationServer\TUXUrlHandler.dll [96136 2014-05-26] (2X Software Ltd.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\gmdv69d4.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File FF Plugin HKU\S-1-5-21-855852175-3270004835-611297600-1001: @citrixonline.com/appdetectorplugin -> C:\Users\mike\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-11-22] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path CHR HKLM\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path CHR HKLM\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - No Path CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 2X Publishing Agent; C:\Program Files\2X\ApplicationServer\2XController.exe [3397512 2014-05-26] (2X Software Ltd.) R2 2X Redundancy Service; C:\Program Files\2X\ApplicationServer\2XRedundancy.exe [2981768 2014-05-26] (2X Software Ltd.) R2 2X SecureClientGateway; C:\Program Files\2X\ApplicationServer\2XProxyGateway.exe [1943944 2014-05-26] (2X Software Ltd.) R2 2X Terminal Server Agent; C:\Program Files\2X\ApplicationServer\2XAgent.exe [1785736 2014-05-26] (2X Software Ltd.) R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed] S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll [2407936 2013-08-21] (Microsoft Corporation) [File not signed] R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [577376 2014-01-17] (Copyright 2013 SAMSUNG) R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [371008 2014-04-01] (RealVNC Ltd) S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2013-08-16] () [File not signed] R2 WNDA6200; C:\Program Files\NETGEAR\A6200\WifiService.exe [29984 2012-09-24] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [2375472 2013-02-28] (Broadcom Corporation) R1 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2014-04-01] (RealVNC Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S3 catchme; \??\C:\Users\mike\AppData\Local\Temp\catchme.sys [X] S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-03 19:05 - 2014-12-03 19:06 - 00012868 _____ () C:\Users\mike\Desktop\FRST.txt 2014-12-03 19:05 - 2014-12-03 19:05 - 00000000 ____D () C:\FRST 2014-12-03 19:03 - 2014-12-03 19:03 - 01110016 _____ (Farbar) C:\Users\mike\Desktop\FRST.exe 2014-12-02 12:34 - 2014-12-02 12:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh6_01009.Wdf 2014-12-02 12:33 - 2014-12-02 12:33 - 00001893 _____ () C:\Users\Public\Desktop\NETGEAR A6200 Genie.lnk 2014-12-02 12:33 - 2014-12-02 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR A6200 Genie 2014-12-02 12:32 - 2010-06-26 01:07 - 00035088 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys 2014-12-02 12:31 - 2014-12-02 12:31 - 00000000 ____D () C:\Program Files\NETGEAR 2014-12-02 12:31 - 2013-02-28 17:54 - 02375472 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWLHIGH6.SYS 2014-12-02 12:31 - 2013-02-28 17:53 - 00092464 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2014-12-02 12:31 - 2013-02-28 16:55 - 04263936 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll 2014-12-02 12:31 - 2013-02-28 16:55 - 03649536 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll 2014-12-02 12:30 - 2014-12-02 12:30 - 00000000 ____D () C:\ProgramData\NETGEAR 2014-12-01 18:08 - 2014-12-01 18:08 - 00000000 ____D () C:\Users\mike\Downloads\Autoruns 2014-12-01 18:07 - 2014-12-01 18:07 - 00511633 _____ () C:\Users\mike\Downloads\Autoruns(1).zip 2014-12-01 18:06 - 2014-12-01 18:06 - 00511633 _____ () C:\Users\mike\Downloads\Autoruns.zip 2014-12-01 18:01 - 2014-12-01 18:01 - 00002330 _____ () C:\Users\mike\Desktop\JRT.txt 2014-12-01 17:54 - 2014-12-01 17:56 - 00000000 ____D () C:\AdwCleaner 2014-12-01 17:53 - 2014-12-01 17:53 - 02154496 _____ () C:\Users\mike\Downloads\AdwCleaner.exe 2014-12-01 17:39 - 2014-12-01 17:39 - 00000000 ____D () C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com 2014-12-01 17:38 - 2014-12-01 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-12-01 16:33 - 2014-12-01 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-01 16:08 - 2014-12-01 16:08 - 00000000 ____D () C:\Users\mike\Documents\Splashtop Whiteboard 2014-12-01 16:08 - 2014-12-01 16:08 - 00000000 ____D () C:\Users\mike\Documents\Splashtop Presenter 2014-12-01 13:33 - 2014-12-01 14:25 - 00000000 ____D () C:\Users\mike\AppData\Roaming\AlbumPlayer 2014-12-01 13:33 - 2014-12-01 13:33 - 00000000 ____D () C:\Users\mike\AppData\Local\AlbumPlayer 2014-12-01 13:33 - 2014-12-01 13:33 - 00000000 ____D () C:\ProgramData\AlbumPlayer 2014-12-01 13:31 - 2014-12-01 13:31 - 00001001 _____ () C:\Users\mike\Desktop\AlbumPlayer.lnk 2014-12-01 13:31 - 2014-12-01 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlbumPlayer 2014-12-01 13:31 - 2014-12-01 13:31 - 00000000 ____D () C:\Program Files\AlbumPlayer 2014-12-01 13:30 - 2014-12-01 13:30 - 27904340 _____ (Albumon ) C:\Users\mike\Downloads\albumplayer_demo.exe 2014-12-01 09:54 - 2014-12-01 09:54 - 00000000 ____D () C:\Dell 2014-12-01 09:53 - 2014-12-01 09:53 - 00380096 _____ () C:\Users\mike\Downloads\DELL_S2240T-MONITOR_A00-00_DRVR_4P0GH.EXE 2014-12-01 09:52 - 2014-12-01 16:15 - 00000000 ____D () C:\Users\mike\AppData\Local\Deployment 2014-12-01 09:52 - 2014-12-01 09:52 - 00000000 ____D () C:\Users\mike\AppData\Local\Apps\2.0 2014-12-01 09:51 - 2014-12-01 09:51 - 00417064 _____ () C:\Users\mike\Downloads\DellSystemDetect.exe 2014-11-22 11:24 - 2014-11-22 11:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-03 19:03 - 2013-08-13 19:18 - 00781406 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-03 19:02 - 2013-08-13 22:09 - 01984969 _____ () C:\Windows\WindowsUpdate.log 2014-12-03 18:57 - 2013-08-19 08:49 - 00072583 _____ () C:\Windows\setupact.log 2014-12-03 18:57 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-03 17:27 - 2014-09-27 14:21 - 00000000 ____D () C:\Users\mike\AppData\Local\CrashDumps 2014-12-03 17:08 - 2013-08-13 19:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-02 12:42 - 2009-07-13 23:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-02 12:42 - 2009-07-13 23:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-02 12:31 - 2013-09-15 14:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-12-01 18:26 - 2013-08-19 10:44 - 00761394 _____ () C:\Windows\PFRO.log 2014-12-01 16:30 - 2014-05-21 16:02 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-12-01 16:14 - 2013-10-22 19:57 - 00000000 ____D () C:\Program Files\Citrix 2014-12-01 16:11 - 2013-09-15 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-12-01 16:11 - 2013-09-15 14:01 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-12-01 16:08 - 2014-05-22 12:15 - 00000000 ____D () C:\Program Files\Splashtop 2014-12-01 15:34 - 2014-01-31 16:49 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Skype 2014-11-27 08:15 - 2013-08-13 19:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-26 12:08 - 2013-08-13 19:27 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-26 12:08 - 2013-08-13 19:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-24 14:04 - 2013-08-13 19:37 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-07 12:13 - 2013-08-14 08:56 - 00000000 ____D () C:\mike's docs Some content of TEMP: ==================== C:\Users\mike\AppData\Local\temp\avgnt.exe C:\Users\mike\AppData\Local\temp\i4jdel0.exe C:\Users\mike\AppData\Local\temp\oi_{3818E67A-553D-4C2A-939B-2D818A12ACBA}.exe C:\Users\mike\AppData\Local\temp\SamsungAPInstaller_1389549848551.exe C:\Users\mike\AppData\Local\temp\SamsungAPInstaller_1389979349451.exe C:\Users\mike\AppData\Local\temp\SamsungAPInstaller_1411264141087.exe C:\Users\mike\AppData\Local\temp\SetupUtil.exe C:\Users\mike\AppData\Local\temp\SkypeSetup.exe C:\Users\mike\AppData\Local\temp\UNINSTALL.EXE ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-26 11:18 ==================== End Of Log ============================ Quote
mikehende Posted December 4, 2014 Author Posted December 4, 2014 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014 Ran by mike at 2014-12-03 19:06:31 Running from C:\Users\mike\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2X ApplicationServer XG (HKLM\...\{7482AA9A-F7C5-46BB-BDDB-A68511E0E247}) (Version: 11.1.2026 - 2X Software Ltd.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) AlbumPlayer V5.3e Demo Edition (HKLM\...\AlbumPlayer Demo Edition_is1) (Version: - Albumon) AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BPM Counter 1.6.0.0 (HKLM\...\BPM Counter_is1) (Version: 1.6.0.0 - AbyssMedia.com) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP) CopyTrans Suite Remove Only (HKU\S-1-5-21-855852175-3270004835-611297600-1001\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) EncSpot Basic 2.0 (HKLM\...\EncSpot Basic_is1) (Version: - GuerillaSoft) Epson Easy Photo Print 2 (HKLM\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 840 Series Printer Uninstall (HKLM\...\EPSON WorkForce 840 Series) (Version: - SEIKO EPSON Corporation) E-Touch Jukebox (HKLM\...\E-Touch Jukebox) (Version: - ) Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated) FastStone Image Viewer 4.8 (HKLM\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft) Free YouTube Downloader 3.5.159 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.) Free YouTube to MP3 Converter version 3.12.12.827 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.) GoldWave v5.69 (HKLM\...\GoldWave v5.69) (Version: 5.69 - GoldWave Inc.) ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Inzomia Viewer 3.11 (HKLM\...\Inzomia Viewer) (Version: 3.11 - Fredrik Lönn) iPad/iPhone/iPod to Computer Transfer 7.8.7.0 (HKLM\...\Cucusoft iPad/iPhone/iPod to Computer Transfer_is1) (Version: - Cucusoft, Inc.) Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan) IsoBuster 3.3 (HKLM\...\IsoBuster3_is1) (Version: 3.3 - Smart Projects) iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.) Java 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle) K-Lite Codec Pack 9.3.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MPC-HC 1.6.8 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-855852175-3270004835-611297600-1001\...\MyFreeCodec) (Version: - ) NETGEAR A6200 Genie (HKLM\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 26.0.0.0 - NETGEAR) OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation) OtsAV DJ 1.90.015 (HKLM\...\OtsAV DJ) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) Samsung Link 1.8.0.1401171024 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1401171024 - Copyright 2013 SAMSUNG) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer) VirtualDJ (HKLM\...\VirtualDJ) (Version: - ) VNC Server 5.1.1 (HKLM\...\{A8BF600C-049B-4F57-9C53-9E3001D2B1A0}) (Version: 5.1.1 - RealVNC Ltd) WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-10-2014 18:07:35 Scheduled Checkpoint 13-10-2014 07:06:09 Windows Update 07-11-2014 14:13:58 Scheduled Checkpoint 24-11-2014 20:06:17 Scheduled Checkpoint 01-12-2014 10:36:44 Windows Update 01-12-2014 21:06:48 Removed Splashtop Streamer. 01-12-2014 21:11:16 Removed Samsung Story Album Viewer 01-12-2014 21:12:15 Removed Paragon HFS+ for Windows™ 10.2. 01-12-2014 21:15:41 Removed 2X ApplicationServer XG 01-12-2014 21:25:26 Removed LogMeIn 01-12-2014 21:29:33 Removed LogMeIn 02-12-2014 17:31:34 Installed NETGEAR Genie ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:04 - 2013-08-26 18:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {345C5912-94E8-4C6A-B06B-90739CEE4A2F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {54FE7FF3-4A6A-413D-9764-1B414628BE68} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {5C282200-F772-4F39-BCD3-DC4ED4F2C80A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMMJPMOMMJMMHMJMKJCNLJLMLJLMCNLMGMMMOMCNGMMMOMJJCNJJLJOJNMNJOJLMKMJJHMKMMMJNJICMIMCNGMCNOMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMOMNMJNHICMOMNMKJOMMMJNBJCMCJGJEJKJJNKJCMJNNICMJNDJCMKJBJ" Task: {676F25A1-C13A-45EF-9E98-443F2B1944BF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-16] () Task: {A06CCE9E-68E0-496A-857D-1B8FC6BDD8B6} - \BackgroundContainer Startup Task No Task File <==== ATTENTION Task: {BB644DAF-06F1-4040-A2C1-CB441B2306BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: {CBF980FB-D869-4A42-BD87-1F1FF9715AE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 20:17 - 2010-03-24 20:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-10-15 13:04 - 2010-09-28 14:56 - 06551672 _____ () C:\Program Files\Ipswitch\WS_FTP 12\res0409.dll 2013-09-15 16:11 - 2014-01-17 10:24 - 00012800 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniSys.dll 2013-09-15 16:12 - 2013-09-15 16:12 - 00541696 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll 2013-09-15 16:11 - 2014-01-17 10:24 - 00987648 _____ () C:\Program Files\SAMSUNG\Samsung Link\scone_proxy.dll 2013-09-15 16:11 - 2014-01-17 10:24 - 01025024 _____ () C:\Program Files\SAMSUNG\Samsung Link\scone_stub.dll 2013-12-21 11:15 - 2013-12-21 11:15 - 00038912 _____ () C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\JNIInterface.dll 2013-12-21 11:15 - 2013-12-21 11:15 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ASFAPI.dll 2013-12-21 11:17 - 2013-12-21 11:17 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB_Manager.dll 2013-10-01 09:46 - 2013-10-01 09:46 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB.dll 2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll 2013-12-21 11:17 - 2013-12-21 11:17 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMS_Manager.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll 2013-09-15 16:11 - 2014-01-17 10:24 - 00040448 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniIO.dll 2014-12-02 12:32 - 2012-09-24 17:28 - 00029984 _____ () C:\Program Files\NETGEAR\A6200\WifiService.exe 2014-12-02 12:32 - 2013-02-18 16:13 - 00106496 _____ () C:\Program Files\NETGEAR\A6200\GWlanController.dll 2014-12-02 12:32 - 2013-03-26 17:00 - 00018944 _____ () C:\Program Files\NETGEAR\A6200\GWPSController.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll 2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll 2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll 2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll 2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll 2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll 2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll 2014-11-22 11:24 - 2014-11-22 11:24 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-10-15 13:04 - 2010-09-28 14:53 - 00948496 _____ () C:\Program Files\Ipswitch\WS_FTP 12\LIBEAY32.dll 2013-10-15 13:04 - 2010-09-28 14:53 - 00153360 _____ () C:\Program Files\Ipswitch\WS_FTP 12\SSLEAY32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\mike\Downloads\dotNetFx45_Full_setup.exe:BDU AlternateDataStreams: C:\Users\mike\Downloads\Install_CopyTrans_Suite.exe:BDU AlternateDataStreams: C:\Users\mike\Downloads\install_virtualdj_home_v7.4.exe:BDU AlternateDataStreams: C:\Users\mike\Downloads\iphone-ipad-ipod-transfer.exe:BDU AlternateDataStreams: C:\Users\mike\Downloads\iTunesSetup.exe:BDU AlternateDataStreams: C:\Users\mike\Downloads\iview436_setup.exe:BDU AlternateDataStreams: C:\Users\mike\Downloads\mp3gain-win-1_2_5.exe:BDU AlternateDataStreams: C:\Users\mike\Downloads\MPC-HC.1.6.8.x86.exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DellSystemDetect => C:\Users\mike\AppData\Local\Apps\2.0\XN4M7702.HD2\3K7JA2OM.KZ4\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-855852175-3270004835-611297600-500 - Administrator - Disabled) Guest (S-1-5-21-855852175-3270004835-611297600-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-855852175-3270004835-611297600-1002 - Limited - Enabled) mike (S-1-5-21-855852175-3270004835-611297600-1001 - Administrator - Enabled) => C:\Users\mike ==================== Faulty Device Manager Devices ============= Name: Broadcom 802.11g Network Adapter Description: Broadcom 802.11g Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: BCM43XX Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/03/2014 06:57:52 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (12/03/2014 05:24:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Config 8.exe, version: 8.0.0.5, time stamp: 0x5263c0eb Faulting module name: AudioGenie3.dll, version: 2.0.4.0, time stamp: 0x4d78b3d1 Exception code: 0xc0000005 Fault offset: 0x0000ced7 Faulting process id: 0x12e8 Faulting application start time: 0xConfig 8.exe0 Faulting application path: Config 8.exe1 Faulting module path: Config 8.exe2 Report Id: Config 8.exe3 Error: (12/03/2014 03:45:00 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (12/03/2014 03:30:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Config 8.exe, version: 8.0.0.5, time stamp: 0x5263c0eb Faulting module name: AudioGenie3.dll, version: 2.0.4.0, time stamp: 0x4d78b3d1 Exception code: 0xc0000005 Fault offset: 0x0000ced7 Faulting process id: 0x1448 Faulting application start time: 0xConfig 8.exe0 Faulting application path: Config 8.exe1 Faulting module path: Config 8.exe2 Report Id: Config 8.exe3 Error: (12/03/2014 03:00:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Config 8.exe, version: 8.0.0.5, time stamp: 0x5263c0eb Faulting module name: AudioGenie3.dll, version: 2.0.4.0, time stamp: 0x4d78b3d1 Exception code: 0xc0000005 Fault offset: 0x0000ced7 Faulting process id: 0x7cc Faulting application start time: 0xConfig 8.exe0 Faulting application path: Config 8.exe1 Faulting module path: Config 8.exe2 Report Id: Config 8.exe3 Error: (12/03/2014 02:31:31 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (12/02/2014 05:00:50 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (12/02/2014 00:15:20 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (12/01/2014 06:27:10 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. System errors: ============= Error: (12/03/2014 07:01:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (12/03/2014 06:58:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/03/2014 03:46:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/03/2014 02:32:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/02/2014 05:01:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/02/2014 05:01:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (12/02/2014 05:01:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (12/02/2014 00:34:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (12/02/2014 00:16:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/01/2014 06:28:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (12/03/2014 06:57:52 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (12/03/2014 05:24:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Config 8.exe8.0.0.55263c0ebAudioGenie3.dll2.0.4.04d78b3d1c00000050000ced712e801d00f4469b34292C:\Etouch8\E-Touch Jukebox 8\Config 8.exeC:\Etouch8\E-Touch Jukebox 8\AudioGenie3.dll245138c0-7b3b-11e4-a096-001d099c6cf2 Error: (12/03/2014 03:45:00 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (12/03/2014 03:30:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Config 8.exe8.0.0.55263c0ebAudioGenie3.dll2.0.4.04d78b3d1c00000050000ced7144801d00f342a9b75baC:\Etouch8\E-Touch Jukebox 8\Config 8.exeC:\Etouch8\E-Touch Jukebox 8\AudioGenie3.dll2e07c289-7b2b-11e4-9bcc-001d099c6cf2 Error: (12/03/2014 03:00:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Config 8.exe8.0.0.55263c0ebAudioGenie3.dll2.0.4.04d78b3d1c00000050000ced77cc01d00f2fec71b09eC:\Etouch8\E-Touch Jukebox 8\Config 8.exeC:\Etouch8\E-Touch Jukebox 8\AudioGenie3.dll0292d8e3-7b27-11e4-9bcc-001d099c6cf2 Error: (12/03/2014 02:31:31 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (12/02/2014 05:00:50 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (12/02/2014 00:15:20 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 Error: (12/01/2014 06:27:10 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x800700050x00000000 CodeIntegrity Errors: =================================== Date: 2013-09-28 09:34:34.253 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-28 09:34:34.249 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-28 09:34:34.245 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-28 09:34:34.231 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-28 09:34:34.227 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-28 09:34:34.223 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-28 09:34:34.207 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-28 09:34:34.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-28 09:34:34.198 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-28 09:34:34.177 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz Percentage of memory in use: 86% Total physical RAM: 1013.18 MB Available physical RAM: 140.36 MB Total Pagefile: 2037.18 MB Available Pagefile: 1023.04 MB Total Virtual: 2047.88 MB Available Virtual: 1897.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.77 GB) (Free:34.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:10 GB) (Free:9.89 GB) NTFS Drive f: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:172.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 88000000) Partition 1: (Not Active) - (Size=63 MB) - (Type=DE) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 1576D506) Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Quote
starbuck Posted December 4, 2014 Posted December 4, 2014 Hi Mike, Nothing seriously amiss.... No malware showing in the reports. A few things for you to think about and quite a few orphan entries we need to remove: Rich said: As long as the internet is connected as you have found out, Malware can creep in and networks that are open are all suspect! Did you read this about Ipswitch WS_FTP 12 A scheduled task is added to Windows Task Scheduler in order to launch the program at various scheduled times (the schedule varies depending on the version). The software is designed to connect to the Internet and adds a Windows Firewall exception in order to do so without being interfered with. Is this something that you want connecting to the internet when it decides to? ---------------------------- Drive c: () (Fixed) (Total:222.77 GB) (Free:34.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Approx 15% - 16% left.... not a great deal. May cause system slowdowns. --------------------------- Description: Windows license activation failed. Error 0x80070005. Is this a problem? There's a possible cause and fix here: Windows Activation Error : Error Code 0x80070005 ----------------------- A few BitDefender entries in the report..... but no security software showing in the uninstall list?? Step 1 Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 8 Update 25 and save it to your desktop. Scroll down to where it says "Java SE 8 Update 25". Click the "Download JRE " button. Accept the license agreement. select 'Windows x86'offline or 'Windows x64.exe' (depending on whether you are running a 32 or 64 bit system) from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on downloaded icon to install the newest version.fixlist.txt Quote
mikehende Posted December 4, 2014 Author Posted December 4, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2014 Ran by mike at 2014-12-04 17:20:45 Run:1 Running from C:\Users\mike\Desktop Loaded Profile: mike (Available profiles: mike) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-855852175-3270004835-611297600-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION URLSearchHook: HKLM - (No Name) - {eef3855c-fc2d-41e6-8d91-d368f51b3055} - No File SearchScopes: HKLM -> DefaultScope {4D367D41-2111-4C13-B8A9-8FA3CFE72D27} URL = SearchScopes: HKU\S-1-5-21-855852175-3270004835-611297600-1001 -> DefaultScope {4D367D41-2111-4C13-B8A9-8FA3CFE72D27} URL = BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll No File Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path CHR HKLM\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path CHR HKLM\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - No Path CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [Not Found] S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S3 catchme; \??\C:\Users\mike\AppData\Local\Temp\catchme.sys [X] S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] C:\Users\mike\AppData\Local\temp\avgnt.exe C:\Users\mike\AppData\Local\temp\i4jdel0.exe C:\Users\mike\AppData\Local\temp\oi_{3818E67A-553D-4C2A-939B-2D818A12ACBA}.exe C:\Users\mike\AppData\Local\temp\SamsungAPInstaller_1389549848551.exe C:\Users\mike\AppData\Local\temp\SamsungAPInstaller_1389979349451.exe C:\Users\mike\AppData\Local\temp\SamsungAPInstaller_1411264141087.exe C:\Users\mike\AppData\Local\temp\SetupUtil.exe C:\Users\mike\AppData\Local\temp\SkypeSetup.exe C:\Users\mike\AppData\Local\temp\UNINSTALL.EXE Task: {A06CCE9E-68E0-496A-857D-1B8FC6BDD8B6} - \BackgroundContainer Startup Task No Task File <==== ATTENTION CMD: ipconfig /flushdns EmptyTemp: ***************** "HKU\S-1-5-21-855852175-3270004835-611297600-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{eef3855c-fc2d-41e6-8d91-d368f51b3055} => value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKU\S-1-5-21-855852175-3270004835-611297600-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E}" => Key deleted successfully. "HKCR\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value deleted successfully. "HKCR\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA}" => Key deleted successfully. "HKCR\PROTOCOLS\Handler\vipresg" => Key deleted successfully. "HKCR\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6}" => Key deleted successfully. "HKLM\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully. BCM42RLY => Service deleted successfully. catchme => Service deleted successfully. lmimirr => Service deleted successfully. MBAMSwissArmy => Service deleted successfully. C:\Users\mike\AppData\Local\temp\avgnt.exe => Moved successfully. C:\Users\mike\AppData\Local\temp\i4jdel0.exe => Moved successfully. C:\Users\mike\AppData\Local\temp\oi_{3818E67A-553D-4C2A-939B-2D818A12ACBA}.exe => Moved successfully. C:\Users\mike\AppData\Local\temp\SamsungAPInstaller_1389549848551.exe => Moved successfully. C:\Users\mike\AppData\Local\temp\SamsungAPInstaller_1389979349451.exe => Moved successfully. C:\Users\mike\AppData\Local\temp\SamsungAPInstaller_1411264141087.exe => Moved successfully. C:\Users\mike\AppData\Local\temp\SetupUtil.exe => Moved successfully. C:\Users\mike\AppData\Local\temp\SkypeSetup.exe => Moved successfully. C:\Users\mike\AppData\Local\temp\UNINSTALL.EXE => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A06CCE9E-68E0-496A-857D-1B8FC6BDD8B6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06CCE9E-68E0-496A-857D-1B8FC6BDD8B6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 255.5 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Quote
mikehende Posted December 4, 2014 Author Posted December 4, 2014 Alright, to address all issues Pete: 1] I uninstalled IPswitch, no need for that any longer, was only used when I was making constant website changes a while back from this pc. 2] Looking at my System screen I am not seeing any windows activation issues at all? 3] Since as mentioned this is only my music playback pc which is only used once per week, I never saw any need to have an AV software installed. 4] Now this I think I need to address: Drive c: () (Fixed) (Total:222.77 GB) (Free:34.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Approx 15% - 16% left.... not a great deal. May cause system slowdowns. I had always thought that only when you have under maybe 5% or so of HDD space left then it may cause slow downs, is there a documented % anywhere which can confirm the minimum free space? Quote
starbuck Posted December 5, 2014 Posted December 5, 2014 Hi Mike, Since as mentioned this is only my music playback pc which is only used once per week, I never saw any need to have an AV software installed. I understand. I have one system just for my music that hardly ever goes online.... that has no AV either. I just wondered about the Bitdefender entries. HKLM\...\Run: [installerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters). HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" HKU\S-1-5-18\...\Run: [bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" Seems the uninstall didn't clear everything. Might be best to run the BitDefender removal tool: http://www.bitdefender.com/support/How-to-uninstall-Bitdefender-333.html Just scroll down the page for the removal tool. Looking at my System screen I am not seeing any windows activation issues at all? Ok, just something to watch for then. There are a few recent entries in the Error Logs. I had always thought that only when you have under maybe 5% or so of HDD space left then it may cause slow downs, is there a documented % anywhere which can confirm the minimum free space? I've always been taught that 12% - 18% should be the minimum for ordinary hard drives and about 20% for Solid State Drives. There is a lot of debate on the internet about this, but the figures are there abouts. Quote
mikehende Posted December 9, 2014 Author Posted December 9, 2014 Hey Pete, sorry for the late reply, I have now carried out all of your instructions, thank you very much! I see you're a music guy too? Maybe this Touchscreen jukebox setup might interest you? That is not mine, just one that's online but I have the same setup, if you should need any help with it, i'd be happy to help. Also this is the best dj/radio software on the planet, I have been using it for over 10 years: http://www.otsav.com/ You can use it to play live music or you can customize it to play back music for you any way you want, sort of like having your own private DJ or radio station and it's the most stable music software on the planet. Quote
starbuck Posted December 9, 2014 Posted December 9, 2014 Thanks for that Mike. I'll definitely take a look at that program. :) Quote
mikehende Posted December 9, 2014 Author Posted December 9, 2014 Cool, if you should have any questions at all about any of those 2 softwares, just drop me a line anytime. Quote
Recommended Posts