Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2017 Ran by Samsung (16-10-2017 14:39:32) Running from C:\Users\Samsung\Desktop Microsoft Windows 7 Starter Service Pack 1 (X86) (2013-12-19 16:53:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-409347219-1046054017-3112550873-500 - Administrator - Disabled) Guest (S-1-5-21-409347219-1046054017-3112550873-501 - Limited - Disabled) Samsung (S-1-5-21-409347219-1046054017-3112550873-1000 - Administrator - Enabled) => C:\Users\Samsung ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated) Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.) Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.22.5 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2567 - Intel Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.28.5.4848 - Enigma Software Group, LLC) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-409347219-1046054017-3112550873-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Users\Samsung\AppData\Roaming\Microsoft\MSXML2\msxml4.dll (Microsoft Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-12-20] (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B914D5C-A0DA-47D8-A65C-3176835F148C} - System32\Tasks\couponsupport-S-649636217 => c:\support\couponsupport.exe <==== ATTENTION Task: {30354309-720F-4E0A-878F-0D62CFDB081F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {D0DB9821-3FB3-479A-A357-05349A8701BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.) Task: {E18FBD4B-3BED-4976-B3FE-4F8B76109743} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-13] (Adobe Systems Incorporated) Task: {F9E06A59-1C4C-464D-9085-A3AFDEE57A48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\couponsupport-S-649636217.job => c:\support\couponsupport.exe./schedule /profile c:\support\649636217.ini <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-01-12 11:55 - 2013-12-04 03:47 - 000702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2014-01-12 11:55 - 2013-12-04 03:47 - 000099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll 2014-01-12 11:55 - 2013-12-04 03:48 - 004055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll 2014-01-12 11:56 - 2013-12-04 03:48 - 000399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2014-01-12 11:55 - 2013-12-04 03:47 - 001619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-409347219-1046054017-3112550873-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 10.237.128.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 13-02-2015 17:33:21 Windows Update 15-02-2015 08:48:57 Windows Update 22-02-2015 13:24:02 Windows Update 27-02-2015 05:53:55 Windows Update 30-06-2015 15:59:54 Windows Update 03-06-2017 11:36:09 Windows Update 13-10-2017 23:09:13 Windows Update 13-10-2017 23:17:53 Windows Update 14-10-2017 03:03:16 Windows Update 16-10-2017 13:49:45 Removed Easy Display Manager 16-10-2017 14:11:49 Removed Easy SpeedUp Manager 16-10-2017 14:15:02 Removed Skype Click to Call 16-10-2017 14:15:48 Removed Skype™ 7.1 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/16/2017 02:22:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/16/2017 02:16:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error: (10/16/2017 02:16:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error: (10/16/2017 02:16:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . Error: (10/16/2017 02:15:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error: (10/16/2017 02:15:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error: (10/16/2017 02:15:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . Error: (10/16/2017 02:11:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error: (10/16/2017 02:11:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error: (10/16/2017 02:11:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . System errors: ============= Error: (10/16/2017 02:21:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/16/2017 02:21:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Search Protect by Conduit Service service failed to start due to the following error: The system cannot find the file specified. Error: (10/16/2017 02:21:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Update BrowseSmart service failed to start due to the following error: The system cannot find the file specified. Error: (10/16/2017 01:48:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Event-ID 2001 Error: (10/16/2017 01:48:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Event-ID 2001 Error: (10/16/2017 01:48:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Event-ID 2001 Error: (10/16/2017 01:48:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Event-ID 2001 Error: (10/16/2017 01:38:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/16/2017 01:37:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Search Protect by Conduit Service service failed to start due to the following error: The system cannot find the file specified. Error: (10/16/2017 01:37:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Update BrowseSmart service failed to start due to the following error: The system cannot find the file specified. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz Percentage of memory in use: 83% Total physical RAM: 1013.3 MB Available physical RAM: 166.18 MB Total Virtual: 2037.3 MB Available Virtual: 904.41 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:205.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00047F67) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================