Vista laptop running slow, constant hard drive activity

Alternative To Format

Alternatively you can use this software, there is a pay if it works option. Even if it works, you can just uninstall it at the end of the process. I tested it out on a machine that was running very badly, and it worked quite well. You do not need to pay, just optional.

I’ll try a new admin profile but a factory reset seems to be the way to go.
Probably try running FRST, SuperRestric etc in Safe Mode to see if they work.

It is a rather old install, and for you to have it function well for this long is actually a good thing. You could try the repair software I mentioned, it takes a while to run, it is mostly unattended you would have to come back from time to time and check on it, I’d suggest that you connect an ethernet cord to the machine to run it though.

We will want to check the condition of your hard drive.

Download HD Tune and save the file. Install HD Tune and restart it after installation. Then go to the tab Error Scan , select the hard drive you want to check and press Start . The check can be quite time consuming take depends on the size of the hard drive check. Take a screen shot of the result and save it. Upload it to IMGUR for us. Post the link here.

Do Not tick the quick scan!!

I’ll definitely try the repair with likenewpc.net.
HD Tune crashed. Ran All In One Windows Repair in Safe Mode and HD Tune is working now.

Here is the HD Tune result.. tried using imgur but photo would not appear.

[ATTACH]1800[/ATTACH]

Gonna try running some of the software that wouldn’t run before, later today.

Alright HDD looks good. Keep me updated with how things go.

The laptop is working better. Apps open quicker, can now create a Restore point.
The constant hard drive activity persists and still cannot run QuickDiag & SuperRestic.
Spacesniffer shows a lot activity from Panda AV & it appears to be corrupted. Panda Product & Panda Protection Service are Disabled & I’m unable to change them to Automatic or Manual in Services.msc, get Access Denied popup. I uninstalled Panda AV using Geek & again with d’Uninstaller but Panda AV still reappears after reboot… STRANGE
I want to remove it before running LikeNewPC.
Should I try to reinstall Panda AV over the existing one or try another uninstall app? thanks for your help

Here are instructions for panda removal.

Use force mode in Geek Uninstaller.

Also you can use Everything search engine, search for Panda within it and delete any thing remaining.

Used force mode in Geek Uninstaller but Panda AV stills shows up in system tray. Panda AV no longer appears in list of installed program in Windows Uninstall or Geek Uninstaller.
It shows up in d’Uninstaller, has been uninstalled there, but still reappears at next reboot.
Some files were deleted in Everything Search Engine but many files are locked or Access Denied.
Panda AV still shows up in System Tray… this thing is possessed !! :X3:
Anything else you can recommend ?

Any Services you recommend disabling from the attached Autoruns list ???

Upload fresh FRST logs.

Also, UVS…

Download uVS English Version To your desktop
Create a new folder on desktop.
Unzip it there.
Right click Start [MEDIA=imgur]L8goZMW[/MEDIA] and run as admin.
Select start under current User.
[MEDIA=imgur]4XlNKga[/MEDIA]
Then Select File. [MEDIA=imgur]iDTfLbb[/MEDIA]
The Select: Save Os Image with Checking digitial Signature (Slow)
[MEDIA=imgur]CRn1knJ[/MEDIA]
Allow completion this can take some time.
Then go back to the folder where you Saved – Unzipped – UVS
Upload your system image. Here in your next reply.
It will look something similar to this.
[MEDIA=imgur]tBCHqxH[/MEDIA]

Here are the FRST logs … uVS info to follow in next post


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec Inc.) C:\Windows\System32\TAMSvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Arachnoid Biometrics Identification Group) C:\Program Files\TrueSuite Access Manager\PwdBank.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\TrueSuite Access Manager\CssSvr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [PwdBank] => C:\Program Files\TrueSuite Access Manager\PwdBank.exe [3150848 2008-02-01] (Arachnoid Biometrics Identification Group)
HKLM...\Run: [FingerPrintNotifer] => C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [671744 2008-01-24] (AuthenTec, Inc)
HKLM...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellIconOverlayIdentifiers: [IconOvrly1] → {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll [2007-04-20] (Arachnoid Biometrics Identification Group Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [NameServer] 8.8.8.8,8.8.4.4,192.168.2.1
Tcpip..\Interfaces{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\P rofiles\9yk1vrhk.default [2017-03-08]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_ 194.dll [2017-02-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 → C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 → C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: Adobe Reader → C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @citrixonline.com/appdetectorplugin → C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\ npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/GoogleTalkPlugin → C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\n pgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/O1DPlugin → C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\n po1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=3 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=9 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n patgpc.dll [2013-07-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n pgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n po1d.dll [2015-12-08] (Google)
[HEADING=1]Chrome:[/HEADING]
CHR HomePage: Default → hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&co ntinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui %3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=def ault&ltmplcache=2&hl=en
CHR Profile: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (TV) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfe mbdimh [2017-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn [2017-02-15]
CHR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhik gbkllg [2017-02-15]
CHR Extension: (YouTube) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-02-15]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabak ieebci [2017-02-15]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmk mefihe [2017-02-15]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfna hhhglp [2017-02-15]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigj hfkhdj [2017-02-15]
CHR Extension: (Save to Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeaba ddhgne [2017-02-15]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegb jmfnfh [2017-02-15]
CHR Extension: (Mailvelope) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambc ijhkke [2017-02-25]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkf gopppd [2017-02-15]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamk jnolhg [2017-02-15]
CHR Extension: (Vend) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdeba jikafa [2017-02-15]
CHR Extension: (Mailtrack for Gmail & Inbox: Email tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkap kpjkkb [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-02-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmede ngocbn [2017-02-15]
CHR Extension: (Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-02-15]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoo cbcmaj [2017-02-15]
CHR Extension: (Streak CRM for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnn jojfik [2017-02-15]
[HEADING=1]Opera:[/HEADING]
OPR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-01-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2007-10-15] (AuthenTec Inc.) [File not signed]
R2 Backupper Service; C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2011-07-02] (Arainia Solutions)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-12] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S3 nosGetPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
S2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S4 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
S4 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43440 2008-02-03] (Alfa Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-26] (AuthenTec, Inc.)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2011-07-02] (Arainia Solutions LLC)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-03-14] (Acronis)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2011-02-11] (NCH Software)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [971232 2009-03-14] (Acronis)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-02-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-02-16] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 21:47 - 2017-03-09 21:47 - 00000833 _____ C:\Users\psimoes\Desktop\Skype - Shortcut.lnk
2017-03-09 21:35 - 2017-03-09 21:49 - 00018293 _____ C:\Users\psimoes\Desktop\FRST.txt
2017-03-09 21:35 - 2017-03-09 21:35 - 00000000 ____D C:\Users\psimoes\Desktop\FRST-OlderVersion
2017-03-09 21:20 - 2017-03-09 21:20 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Panda Security
2017-03-09 18:30 - 2017-03-09 19:46 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Everything
2017-03-09 18:30 - 2017-03-09 18:30 - 00000799 _____ C:\Users\psimoes\Desktop\Search Everything.lnk
2017-03-09 18:30 - 2017-03-09 18:30 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Everything
2017-03-09 18:29 - 2017-03-09 18:30 - 00000000 ____D C:\Program Files\Everything
2017-03-08 18:25 - 2017-03-08 18:26 - 00001438 _____ C:\QuickDiag.txt
2017-03-08 10:47 - 2017-03-08 10:47 - 00000706 _____ C:\Users\psimoes\Desktop\HD Tune.lnk
2017-03-08 10:47 - 2017-03-08 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2017-03-08 10:47 - 2017-03-08 10:47 - 00000000 ____D C:\Program Files\HD Tune
2017-03-08 06:47 - 2017-03-09 21:39 - 00000000 ____D C:\Users\psimoes\Desktop\Tweaking.com - Win.Repair_V3.9.36_Port
2017-03-08 06:38 - 2017-03-08 18:56 - 00240490 _____ C:\Windows\ntbtlog.txt
2017-03-08 00:17 - 2017-03-08 20:12 - 00001585 _____ C:\Users\psimoes\Desktop\ZHPCleaner.txt
2017-03-07 23:49 - 2017-03-08 19:53 - 00000749 _____ C:\Users\psimoes\Desktop\ZHPCleaner.lnk
2017-03-07 23:46 - 2017-03-07 23:45 - 00642632 _____ (EFD Software ) C:\Users\psimoes\Desktop\hdtune_255.exe
2017-03-07 18:40 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-03-07 18:37 - 2017-03-07 18:37 - 02708480 _____ C:\Users\psimoes\ZHPDiag3.exe
2017-03-07 17:21 - 2017-03-07 17:21 - 00000000 ____D C:\QuickDiag
2017-03-07 16:56 - 2017-03-07 16:56 - 02433448 _____ (SosVirus) C:\Users\psimoes\Desktop\quickdiag_3_31.01.17.1.ex e
2017-03-07 16:55 - 2017-03-07 16:55 - 01181184 _____ C:\Users\psimoes\Desktop\SupRestric.exe
2017-03-07 08:16 - 2017-03-07 12:18 - 00000000 ____D C:\Users\psimoes\Desktop\Clean Event .bat
2017-03-07 05:26 - 2017-03-07 05:27 - 00000287 _____ C:\Users\psimoes\Desktop\Clean Event Viewer Log. To Execute Right Click and Run As Administrator Reboot Your Machine After..bat
2017-03-05 20:46 - 2017-03-05 20:46 - 00000000 ____D C:\zoek
2017-03-05 20:25 - 2017-03-05 20:48 - 00003140 _____ C:\runcheck.txt
2017-03-05 20:25 - 2017-03-05 20:48 - 00000000 ____D C:\zoek_backup
2017-03-05 20:23 - 2017-03-05 20:23 - 01309184 _____ C:\Users\psimoes\Desktop\zoek.exe
2017-03-05 20:06 - 2017-03-05 20:06 - 00462976 _____ (Alex Dragokas) C:\Users\psimoes\Desktop\clearlnk_2.9.0.11.exe
2017-03-05 19:35 - 2017-03-05 19:36 - 00000000 ____D C:\Users\psimoes\Desktop\spacesniffer_1_3_0_2
2017-03-05 17:02 - 2017-03-05 17:02 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-05 17:01 - 2017-03-05 18:06 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-05 16:59 - 2017-03-06 07:56 - 00000000 ____D C:\Users\psimoes\Desktop\AutoLogger
2017-03-05 16:59 - 2017-03-05 04:33 - 13240747 _____ (Company © regist & Drongo) C:\Users\psimoes\Desktop\AutoLogger.exe
2017-03-05 16:56 - 2017-03-05 16:56 - 21716040 _____ C:\Users\psimoes\Desktop\RogueKiller.exe
2017-03-05 13:57 - 2017-03-05 13:57 - 00002634 _____ C:\Users\psimoes\Desktop\Winmgmt.reg
2017-03-05 13:28 - 2017-03-07 18:37 - 00000485 _____ C:\Users\psimoes\Desktop\ZHPDiag.lnk
2017-03-05 13:20 - 2017-03-05 13:20 - 02707968 _____ C:\Users\psimoes\Desktop\ZHPDiag3.exe
2017-03-05 12:51 - 2017-03-05 12:51 - 00000747 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-03-05 12:51 - 2017-03-05 12:51 - 00000000 ____D C:\Program Files\Speccy
2017-03-05 08:53 - 2017-03-05 08:53 - 06293184 _____ (Piriform Ltd) C:\Users\psimoes\Desktop\spsetup130.exe
2017-03-05 08:52 - 2017-03-05 12:48 - 00197679 _____ C:\Users\psimoes\Desktop\ListChkdskResult.exe
2017-03-03 20:53 - 2017-03-03 20:53 - 00000512 _____ C:\Users\psimoes\Desktop\MBR.dat
2017-03-03 19:48 - 2017-03-09 21:49 - 00000000 ____D C:\FRST
2017-03-03 19:28 - 2017-03-03 19:28 - 05200384 _____ (AVAST Software) C:\Users\psimoes\Desktop\aswmbr.exe
2017-03-03 19:27 - 2017-03-09 21:35 - 01765888 _____ (Farbar) C:\Users\psimoes\Desktop\FRST.exe
2017-03-01 20:37 - 2017-03-01 20:37 - 00079324 _____ C:\Users\psimoes\Desktop\Quantum-Life-Terms-Tools-Themes.pdf
2017-03-01 20:37 - 2017-03-01 20:37 - 00061378 _____ C:\Users\psimoes\Desktop\Emotional-Frequency-Chart.pdf
2017-03-01 20:35 - 2017-03-01 20:36 - 00000000 ____D C:\Users\psimoes\Desktop\Gen.Info
2017-02-26 15:13 - 2017-02-26 15:13 - 00000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000886 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2017-02-19 16:52 - 2017-02-19 16:52 - 00000758 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2017-02-19 16:52 - 2017-02-19 16:52 - 00000734 _____ C:\Users\Public\Desktop\RealtimeSync.lnk
2017-02-19 15:00 - 2014-03-11 09:51 - 00036896 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
2017-02-19 14:32 - 2017-02-19 16:54 - 00000000 ____D C:\Users\psimoes\Desktop\Free.File.Sync
2017-02-16 15:09 - 2017-02-16 15:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PS-TOSHIBA-Windows-Vista-™-Home-Premium-(32-bit).dat
2017-02-16 15:09 - 2017-02-16 15:09 - 00000000 ____D C:\RegBackup
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Videos
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Pictures
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Music
2017-02-16 14:04 - 2017-02-16 14:04 - 00047056 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Tweaking.com
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Program Files\Tweaking.com
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-02-16 11:15 - 2017-02-16 11:15 - 01663040 _____ (Malwarebytes) C:\Users\psimoes\Desktop\JRT.exe
2017-02-16 11:15 - 2017-02-16 11:14 - 14449600 _____ (Copyright 2017.) C:\Users\psimoes\Desktop\Zemana.AntiMalware.Portab le.exe
2017-02-16 11:15 - 2017-02-16 11:13 - 02705920 _____ C:\Users\psimoes\Desktop\ZHPCleaner.exe
2017-02-16 11:13 - 2017-02-16 11:13 - 00000680 _____ C:\Users\psimoes\AppData\Local\d3d9caps.dat
2017-02-16 03:44 - 2017-02-16 03:53 - 00010239 _____ C:\Pre_Scan.txt
2017-02-16 03:41 - 2017-02-16 03:49 - 00000000 ____D C:\Pre_Scan
2017-02-16 02:32 - 2017-02-16 02:32 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-02-16 02:32 - 2017-02-16 02:32 - 00003268 _____ C:\Windows\system32\bootdelete.lst
2017-02-15 20:02 - 2017-02-15 20:00 - 11005320 _____ (SurfRight B.V.) C:\Users\psimoes\Desktop\hitmanpro.exe
2017-02-15 11:50 - 2017-02-27 16:35 - 00000000 ____D C:\AdwCleaner
2017-02-15 11:44 - 2017-02-15 11:44 - 04015056 _____ C:\Users\psimoes\Desktop\adwcleaner_6.043.exe
2017-02-09 15:40 - 2017-02-09 15:40 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2017-02-09 15:34 - 2017-02-09 15:34 - 00752296 _____ C:\Users\psimoes\Desktop\Adware Removal Tool by TSA.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 21:49 - 2016-11-19 00:19 - 00038789 _____ C:\Windows\ZAM.krnl.trace
2017-03-09 21:49 - 2016-11-19 00:19 - 00021651 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-09 21:46 - 2009-02-16 14:28 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Skype
2017-03-09 21:20 - 2016-11-22 05:53 - 00121608 _____ C:\Users\psimoes\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-09 21:19 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-09 21:19 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-09 21:18 - 2016-11-22 05:50 - 00462664 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-09 21:18 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-09 21:18 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-09 21:13 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2017-03-09 21:13 - 2006-11-02 05:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-09 20:10 - 2006-11-02 08:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-09 11:08 - 2013-03-05 22:15 - 00000000 ____D C:\Users\psimoes\Documents\templates word docs
2017-03-08 21:34 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_733
2017-03-08 20:12 - 2016-11-14 14:37 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\ZHP
2017-03-08 19:53 - 2016-11-18 10:20 - 00000000 ____D C:\Users\psimoes\AppData\LocalLow\Mozilla
2017-03-08 18:52 - 2015-06-07 21:38 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-03-08 18:18 - 2011-01-23 23:37 - 00000000 ____D C:\Windows\pss
2017-03-08 10:30 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_816
2017-03-08 00:17 - 2009-02-16 11:17 - 00000000 ____D C:\Users\psimoes
2017-03-06 08:37 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\Online Armor
2017-03-05 20:09 - 2017-01-04 05:21 - 00000000 ____D C:\Users\psimoes\Desktop\eso
2017-03-05 16:37 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_316
2017-03-05 13:38 - 2009-02-16 11:21 - 00000000 ____D C:\Users\psimoes\Desktop\Icons
2017-03-01 20:36 - 2016-02-24 12:59 - 00000000 ____D C:\Users\psimoes\Desktop\FX
2017-02-26 16:55 - 2013-04-04 19:01 - 00000000 ____D C:\Users\psimoes\AppData\Local\Citrix
2017-02-26 15:13 - 2011-02-11 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2017-02-20 18:28 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-02-20 15:24 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_795
2017-02-20 12:18 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_704
2017-02-19 14:40 - 2009-03-15 08:47 - 00000000 ____D C:\Users\psimoes\Downloads\1GOOD_Progs_in_use
2017-02-16 16:50 - 2009-02-16 14:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-16 16:21 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_763
2017-02-09 21:06 - 2016-11-17 18:41 - 00000993 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-09 21:06 - 2016-11-17 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-09 21:04 - 2011-01-28 11:29 - 00000000 ____D C:\Program Files\Opera
2017-02-09 20:44 - 2010-11-09 23:16 - 00000775 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000817 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 20:39 - 2016-11-15 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-09 20:38 - 2012-05-03 08:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-09 20:38 - 2011-06-21 23:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-09 20:38 - 2008-02-12 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-09 20:37 - 2009-02-16 23:34 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-09 20:30 - 2012-08-17 19:59 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 20:29 - 2014-08-07 20:45 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2017-02-16 11:13 - 2017-02-16 11:13 - 0000680 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat
[HEADING=1]Files to move or delete:[/HEADING]
C:\Users\psimoes\ZHPDiag3.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-09 21:26

==================== End of FRST.txt ============================

Uninstall Online Armor 6.0 from your machine for now, until we are done here…

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Once you have completed the above, then right click FRST run as admin.
Type Panda into the search field.
Then Click on Search Registry.
[ATTACH]1809[/ATTACH]
An output file will appear on your desktop.
Copy and paste that into your next reply.

File Search With Everything Search Engine.

Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste Panda into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.

[COLOR=rgb(255, 0, 0)]

PC running much quicker now …Here is the FixLog …

==============================================

fixlist content:

---

Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
HKLM...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
C:\Program Files\Panda Security
HKLM...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
S4 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
C:\Program Files\Windows Defender
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
2017-03-09 21:20 - 2017-03-09 21:20 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Panda Security
2017-03-07 18:40 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-02-19 15:00 - 2014-03-11 09:51 - 00036896 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\corpol.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\psimoes\Downloads\39F2.tmp:$CmdTcID [64]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NanoServiceMain => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PSUAService => “”=“Service”
MSCONFIG\Services: NanoServiceMain => 2
MSCONFIG\Services: PSUAService => 2
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: ipconfig /flushdns
cmd: netsh winsock reset all
reboot:
end

---

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \@OnlineArmor GUI => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \PSUAMain => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\EnableShellExecuteHooks => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\LogonHoursAction => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\DontDisplayLogonHoursWarnings => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\exp lorer\ShellExecuteHooks\{4F07DA45-8170-4859-9B5F-037EF2970034} => value removed successfully.
HKCR\CLSID{4F07DA45-8170-4859-9B5F-037EF2970034} => key not found.

“C:\Program Files\Panda Security” folder move:

Could not move “C:\Program Files\Panda Security” => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\EnableShellExecuteHooks => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\LogonHoursAction => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\DontDisplayLogonHoursWarnings => value not found.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00011 => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00012 => key removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\NanoService Main => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\PandaAgent => key removed successfully.
PandaAgent => service removed successfully.
HKLM\System\CurrentControlSet\Services\PSUAService => key could not remove, key could be protected
“C:\Program Files\Windows Defender” => Warning: FRST is scripted not to move this directory.
NNSALPC => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSALPC => key could not remove, key could be protected
NNSHTTP => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSHTTP => key could not remove, key could be protected
NNSHTTPS => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSHTTPS => key could not remove, key could be protected
NNSIDS => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSIDS => key could not remove, key could be protected
NNSNAHSL => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSNAHSL => key removed successfully.
NNSNAHSL => service removed successfully.
NNSPICC => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPICC => key could not remove, key could be protected
NNSPIHSW => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPIHSW => key removed successfully.
NNSPIHSW => service removed successfully.
NNSPOP3 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPOP3 => key could not remove, key could be protected
NNSPROT => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPROT => key could not remove, key could be protected
NNSPRV => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPRV => key could not remove, key could be protected
NNSSMTP => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSSMTP => key could not remove, key could be protected
NNSSTRM => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSSTRM => key could not remove, key could be protected
NNSTLSC => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSTLSC => key could not remove, key could be protected
PSINAflt => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINAflt => key could not remove, key could be protected
PSINFile => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINFile => key could not remove, key could be protected
PSINKNC => Unable to stop service.
HKLM\System\CurrentControlSet\Services\PSINKNC => key could not remove, key could be protected
PSINProc => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINProc => key could not remove, key could be protected
PSINProt => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINProt => key removed successfully.
PSINProt => service removed successfully.
PSINReg => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINReg => key removed successfully.
PSINReg => service removed successfully.
HKLM\System\CurrentControlSet\Services\PSKMAD => key removed successfully.
PSKMAD => service removed successfully.
C:\Users\psimoes\AppData\Roaming\Panda Security => moved successfully
C:\Windows\system32\Drivers\PSKMAD.sys => moved successfully
C:\Windows\system32\Drivers\PsBoot.sys => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Panda Devices Agent\SystemComponent => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Panda Devices Agent\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{62692A64-8661-4040-AC6C-F24E48393E20}\SystemComponent => value removed successfully.
C:\Windows\notepad.exe => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\basesrv.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\cewmdm.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\clfs.sys => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\clfsw32.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\comctl32.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\corpol.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\dxmasf.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\dxtmsft.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\dxtrans.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\emdmgmt.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\ie4uinit.exe => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\iedkcs32.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\ieframe.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\iepeers.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\iernonce.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\iertutil.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\iesetup.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\iesysprep.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\ieui.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\ieUnatt.exe => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\inetcpl.cpl => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\jsproxy.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\licmgr10.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\msctf.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\msdxm.ocx => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\msfeeds.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\msfeedsbs.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\msfeedssync.exe => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\mshtml.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\mshtmled.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\msi.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\msiexec.exe => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\msmmsp.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\mstime.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\mstscax.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\msv1_0.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\ncsi.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\nlaapi.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\nlasvc.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\notepad.exe => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\occache.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\profsvc.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\scesrv.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\services.exe => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\spwmp.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\url.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\urlmon.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\vbscript.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\WebClnt.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\WindowsCodecs.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\wininet.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\wmp.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\WMPhoto.dll => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\wmploc.DLL => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\Drivers\ecache.sys => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\Drivers\mountmgr.sys => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\Drivers\mrxsmb.sys => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\Drivers\mrxsmb10.sys => “:$CmdTcID” ADS removed successfully..
C:\Windows\system32\Drivers\mrxsmb20.sys => “:$CmdTcID” ADS removed successfully..
C:\Users\psimoes\Downloads\39F2.tmp => “:$CmdTcID” ADS removed successfully..
HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\NanoServiceMain => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\PSUAService => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NanoServiceMain => key removed successfully.
HKLM\System\CurrentControlSet\Services\NanoService Main => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PSUAService => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSUAService => key removed successfully.

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully.
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state Off =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8027451 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1331171 B
Edge => 0 B
Chrome => 41707511 B
Firefox => 6017244 B
Opera => 72050899 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 0 B
NetworkService => 0 B
psimoes => 3283156 B
Guest => 0 B

RecycleBin => 11132788 B
EmptyTemp: => 149 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-03-2017 23:21:49)

C:\Program Files\Panda Security => is moved successfully

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NanoService Main => key removed successfully..
HKLM\System\CurrentControlSet\Services\PSUAService => key removed successfully..
HKLM\System\CurrentControlSet\Services\NNSALPC => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSHTTP => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSHTTPS => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSIDS => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSPICC => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSPOP3 => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSPROT => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSPRV => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSSMTP => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSSTRM => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSTLSC => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSINAflt => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSINFile => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSINKNC => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSINProc => key removed successfully.

==== End of Fixlog 23:21:50 ====

[/color]