Vista laptop running slow, constant hard drive activity

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy the items in red below, and paste them into Zoek.

createsrpoint;
{d8559eb9-20c0-410e-beda-7ed416aecc2a};c
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252};c
getPlusHelper;s
SkypeUpdate;s
MozillaMaintenance;s
AdobeFlashPlayerUpdateSvc;s
C:\Windows\System32\drivers\avipbb.sys;f
C:\Windows\tasks\Adobe Flash Player Updater.job;f
C:\Windows\system32\tasks\Adobe Acrobat Update Task;f
C:\Windows\system32\tasks\Adobe Flash Player Updater;f
C:\Windows\system32\tasks\CrystalDiskInfo;f
C:\Windows\system32\tasks\PCMAgent.exe;f
C:\Windows\system32\tasks{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B};f
C:\Windows\system32\tasks\NCH Software\debutShakeIcon;f
C:\Windows\system32\tasks\Microsoft\Windows Defender;f
C:\Windows\system32\tasks\Microsoft\Windows\Wirele ss\GatherWirelessInfo;f
C:\Windows\system32\tasks\Microsoft\Windows\Remote Assistance;f
C:\Windows\system32\tasks\Microsoft\Windows\Custom er Experience Improvement Program;f
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdat e;f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run];r
“CCleaner Monitoring”=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal!SASCORE];r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network!SASCORE];r
C:\Program Files\Mozilla Maintenance Service;f
ipconfig /flushdns;b
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
netsh winsock reset all;b
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.


ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Check_Browsers_LNK from your Collection log made earlier.
As per picture.
A report on the work as a file ClearLNK- .log
Will be produced, post that log.

https://pchelpforum.net/proxy.php?image=https%3A%2F%2Fup2sha.re%2Fuploads% 2F2015%2F3%2FBPD7B3BAgEQl.gif&hash=f65630ba2178027 f4643224f28999e44

Hijack This Fix.

Locate the HijackThis file within the Autologger folder, Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

R3 - Default URLSearchHook is missing
O4 - HKCU..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner.exe” /MONITOR
O4 - MSConfig\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows ^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup (2017/03/05)
O4 - MSConfig\startupreg: [APSDaemon] (HKLM) (2013/09/25) (no file)
O4 - MSConfig\startupreg: [CLMLServer] “C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe” (HKLM) (2013/09/25)
O4 - MSConfig\startupreg: [GizmoDriveDelegate] “C:\Program Files\Gizmo\gizmo.exe” /RemountStartupImages (HKCU) (2016/11/24)
O4 - MSConfig\startupreg: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup (HKLM) (2013/05/13)
O4 - MSConfig\startupreg: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” (HKLM) (2012/03/01)
O4 - MSConfig\startupreg: [PCMAgent] “C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe” (HKLM) (2012/03/01)

Now click on fix checked.
After the fix is complete, then reboot your machine.

Easy Service Optimizer

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.


https://i.imgur.com/tnkjYlk.png

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

https://i.imgur.com/PO7tPc7.png


Let’s have a fresh look at your system after the above scans please.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked, as well as Shortcut.txt[/li][li]Press Scan button and wait.[/li][li]The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt – & Shortcut.txt[/li][/ul]
Please Copy & Paste them into your next reply. But attach Shortcut.txt

Great, I’ll give it all a go …
I ran Spacesniffer and it shows constant hard drive activity relating to Panda AV Security Protection and Microsoft System Indexer.

Yes, I noticed from the FRST logs that you were getting errors from it, that is why I had you run check disk… We will get to the bottom of things.

[COLOR=rgb(0, 0, 179)]
No…[/color]

Zoek stalled for 3 hours while scanning Firefox extensions so a log is N/A.
For ESO, you said Wlansvc should be “automatic across the board” but the screen shot showed Default & Safe fields as Manual. Should they be set to Automatic ?
Below are the FRST logs …
==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec Inc.) C:\Windows\System32\TAMSvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
SIZE=4 C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[/SIZE]
SIZE=4 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe[/SIZE]
SIZE=4 C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[/SIZE]
SIZE=4 C:\Toshiba\IVP\swupdate\swupdtmr.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AuthenTec, Inc) C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
(Arachnoid Biometrics Identification Group) C:\Program Files\TrueSuite Access Manager\PwdBank.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\TrueSuite Access Manager\CssSvr.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAReg.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [FingerPrintNotifer] => C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [671744 2008-01-24] (AuthenTec, Inc)
HKLM...\Run: [PwdBank] => C:\Program Files\TrueSuite Access Manager\PwdBank.exe [3150848 2008-02-01] (Arachnoid Biometrics Identification Group)
HKLM...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellIconOverlayIdentifiers: [IconOvrly1] → {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll [2007-04-20] (Arachnoid Biometrics Identification Group Corp.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [NameServer] 8.8.8.8,8.8.4.4,192.168.2.1
Tcpip..\Interfaces{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKLM → DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 → DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\P rofiles\9yk1vrhk.default [2017-03-05]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_ 194.dll [2017-02-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 → C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 → C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: Adobe Reader → C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @citrixonline.com/appdetectorplugin → C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\ npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/GoogleTalkPlugin → C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\n pgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/O1DPlugin → C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\n po1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=3 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=9 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n patgpc.dll [2013-07-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n pgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n po1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default → hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&co ntinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui %3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=def ault&ltmplcache=2&hl=en
CHR Profile: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default [2017-03-06]
CHR Extension: (TV) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfe mbdimh [2017-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn [2017-02-15]
CHR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhik gbkllg [2017-02-15]
CHR Extension: (YouTube) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-02-15]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabak ieebci [2017-02-15]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmk mefihe [2017-02-15]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfna hhhglp [2017-02-15]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigj hfkhdj [2017-02-15]
CHR Extension: (Save to Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeaba ddhgne [2017-02-15]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegb jmfnfh [2017-02-15]
CHR Extension: (Mailvelope) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambc ijhkke [2017-02-25]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkf gopppd [2017-02-15]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamk jnolhg [2017-02-15]
CHR Extension: (Vend) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdeba jikafa [2017-02-15]
CHR Extension: (Mailtrack for Gmail & Inbox: Email tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkap kpjkkb [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-02-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmede ngocbn [2017-02-15]
CHR Extension: (Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-02-15]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoo cbcmaj [2017-02-15]
CHR Extension: (Streak CRM for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnn jojfik [2017-02-15]

Opera:
=======
OPR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-01-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2007-10-15] (AuthenTec Inc.) [File not signed]
R2 Backupper Service; C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2011-07-02] (Arainia Solutions)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-12] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S3 nosGetPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 TosCoSrv; “C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe”
S4 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
S4 TOSHIBA SMART Log Service; “C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe”
S4 ZAMSvc; “C:\Program Files\Zemana AntiMalware\ZAM.exe” /service

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43440 2008-02-03] (Alfa Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-26] (AuthenTec, Inc.)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2011-07-02] (Arainia Solutions LLC)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-03-14] (Acronis)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2011-02-11] (NCH Software)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [971232 2009-03-14] (Acronis)
S3 utkwodcy; C:\Windows\system32\Drivers\utkwodcy.sys [7168 2017-03-06] () [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-02-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-02-16] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
S0 MBAMChameleon; system32\drivers\MBAMChameleon.sys
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Power; no ImagePath
U0 PSBoot;
U2 SppSvc; no ImagePath
U2 srService; no ImagePath
S3 teamviewervpn; system32\DRIVERS\teamviewervpn.sys
S3 USBAAPL; System32\Drivers\usbaapl.sys
U3 Wwansvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 09:09 - 2017-03-06 09:10 - 00020166 _____ C:\Users\psimoes\Desktop\FRST.txt
2017-03-06 09:08 - 2017-03-06 09:08 - 00000000 ____D C:\Users\psimoes\Desktop\FRST-OlderVersion
2017-03-06 08:58 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-03-06 07:52 - 2017-03-06 07:52 - 00007168 _____ C:\Windows\system32\Drivers\utkwodcy.sys
2017-03-05 20:46 - 2017-03-05 20:46 - 00000000 ____D C:\zoek
2017-03-05 20:25 - 2017-03-05 20:48 - 00003140 _____ C:\runcheck.txt
2017-03-05 20:25 - 2017-03-05 20:48 - 00000000 ____D C:\zoek_backup
2017-03-05 20:23 - 2017-03-05 20:23 - 01309184 _____ C:\Users\psimoes\Desktop\zoek.exe
2017-03-05 20:06 - 2017-03-05 20:06 - 00462976 _____ (Alex Dragokas) C:\Users\psimoes\Desktop\clearlnk_2.9.0.11.exe
2017-03-05 19:35 - 2017-03-05 19:36 - 00000000 ____D C:\Users\psimoes\Desktop\spacesniffer_1_3_0_2
2017-03-05 17:02 - 2017-03-05 17:02 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-05 17:01 - 2017-03-05 18:06 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-05 16:59 - 2017-03-06 07:56 - 00000000 ____D C:\Users\psimoes\Desktop\AutoLogger
2017-03-05 16:59 - 2017-03-05 04:33 - 13240747 _____ (Company © regist & Drongo) C:\Users\psimoes\Desktop\AutoLogger.exe
2017-03-05 16:56 - 2017-03-05 16:56 - 21716040 _____ C:\Users\psimoes\Desktop\RogueKiller.exe
2017-03-05 13:57 - 2017-03-05 13:57 - 00002634 _____ C:\Users\psimoes\Desktop\Winmgmt.reg
2017-03-05 13:28 - 2017-03-05 13:28 - 00000739 _____ C:\Users\psimoes\Desktop\ZHPDiag.lnk
2017-03-05 13:20 - 2017-03-05 13:20 - 02707968 _____ C:\Users\psimoes\Desktop\ZHPDiag3.exe
2017-03-05 12:51 - 2017-03-05 12:51 - 00000747 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-03-05 12:51 - 2017-03-05 12:51 - 00000000 ____D C:\Program Files\Speccy
2017-03-05 08:53 - 2017-03-05 08:53 - 06293184 _____ (Piriform Ltd) C:\Users\psimoes\Desktop\spsetup130.exe
2017-03-05 08:52 - 2017-03-05 12:48 - 00197679 _____ C:\Users\psimoes\Desktop\ListChkdskResult.exe
2017-03-03 20:53 - 2017-03-03 20:53 - 00000512 _____ C:\Users\psimoes\Desktop\MBR.dat
2017-03-03 19:48 - 2017-03-06 09:09 - 00000000 ____D C:\FRST
2017-03-03 19:28 - 2017-03-03 19:28 - 05200384 _____ (AVAST Software) C:\Users\psimoes\Desktop\aswmbr.exe
2017-03-03 19:27 - 2017-03-06 09:08 - 01765888 _____ (Farbar) C:\Users\psimoes\Desktop\FRST.exe
2017-03-01 20:37 - 2017-03-01 20:37 - 00079324 _____ C:\Users\psimoes\Desktop\Quantum-Life-Terms-Tools-Themes.pdf
2017-03-01 20:37 - 2017-03-01 20:37 - 00061378 _____ C:\Users\psimoes\Desktop\Emotional-Frequency-Chart.pdf
2017-03-01 20:35 - 2017-03-01 20:36 - 00000000 ____D C:\Users\psimoes\Desktop\Gen.Info
2017-02-26 15:13 - 2017-02-26 15:13 - 00000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000886 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2017-02-19 18:54 - 2017-02-19 18:55 - 00000000 ____D C:\ProgramData\F-Secure
2017-02-19 18:54 - 2017-02-19 18:54 - 00000000 ____D C:\Users\psimoes\AppData\Local\F-Secure
2017-02-19 18:47 - 2017-02-19 18:47 - 00524248 _____ (F-Secure Corporation) C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe
2017-02-19 16:52 - 2017-02-19 16:52 - 00000758 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2017-02-19 16:52 - 2017-02-19 16:52 - 00000734 _____ C:\Users\Public\Desktop\RealtimeSync.lnk
2017-02-19 15:00 - 2014-03-11 09:51 - 00036896 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
2017-02-19 14:32 - 2017-02-19 16:54 - 00000000 ____D C:\Users\psimoes\Desktop\Free.File.Sync
2017-02-16 15:09 - 2017-02-16 15:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PS-TOSHIBA-Windows-Vista-™-Home-Premium-(32-bit).dat
2017-02-16 15:09 - 2017-02-16 15:09 - 00000000 ____D C:\RegBackup
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Videos
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Pictures
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Music
2017-02-16 14:04 - 2017-02-16 14:04 - 00047056 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-16 13:51 - 2017-02-16 13:51 - 00001923 _____ C:\Users\psimoes\Desktop\Tweaking.com - Windows Repair.lnk
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Tweaking.com
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Program Files\Tweaking.com
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-02-16 11:15 - 2017-02-16 11:15 - 01663040 _____ (Malwarebytes) C:\Users\psimoes\Desktop\JRT.exe
2017-02-16 11:15 - 2017-02-16 11:14 - 14449600 _____ (Copyright 2017.) C:\Users\psimoes\Desktop\Zemana.AntiMalware.Portab le.exe
2017-02-16 11:15 - 2017-02-16 11:13 - 02705920 _____ C:\Users\psimoes\Desktop\ZHPCleaner.exe
2017-02-16 11:13 - 2017-02-16 11:13 - 00000680 _____ C:\Users\psimoes\AppData\Local\d3d9caps.dat
2017-02-16 03:44 - 2017-02-16 03:53 - 00010239 _____ C:\Pre_Scan.txt
2017-02-16 03:41 - 2017-02-16 03:49 - 00000000 ____D C:\Pre_Scan
2017-02-16 02:32 - 2017-02-16 02:32 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-02-16 02:32 - 2017-02-16 02:32 - 00003268 _____ C:\Windows\system32\bootdelete.lst
2017-02-15 20:02 - 2017-02-15 20:00 - 11005320 _____ (SurfRight B.V.) C:\Users\psimoes\Desktop\hitmanpro.exe
2017-02-15 11:50 - 2017-02-27 16:35 - 00000000 ____D C:\AdwCleaner
2017-02-15 11:44 - 2017-02-15 11:44 - 04015056 _____ C:\Users\psimoes\Desktop\adwcleaner_6.043.exe
2017-02-09 15:40 - 2017-02-09 15:40 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2017-02-09 15:34 - 2017-02-09 15:34 - 00752296 _____ C:\Users\psimoes\Desktop\Adware Removal Tool by TSA.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 09:10 - 2016-11-19 00:19 - 00038600 _____ C:\Windows\ZAM.krnl.trace
2017-03-06 09:10 - 2016-11-19 00:19 - 00021118 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-06 08:58 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-06 08:58 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-06 08:57 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-06 08:57 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-06 08:54 - 2006-11-02 08:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-06 08:37 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\Online Armor
2017-03-06 08:33 - 2011-01-23 23:37 - 00000000 ____D C:\Windows\pss
2017-03-05 20:09 - 2017-01-04 05:21 - 00000000 ____D C:\Users\psimoes\Desktop\eso
2017-03-05 16:51 - 2016-11-22 05:53 - 00121608 _____ C:\Users\psimoes\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-05 16:44 - 2016-11-22 05:50 - 00462664 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-05 16:38 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2017-03-05 16:38 - 2006-11-02 05:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-05 15:24 - 2015-06-07 21:38 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-03-05 15:21 - 2016-11-14 14:37 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\ZHP
2017-03-05 13:38 - 2009-02-16 11:21 - 00000000 ____D C:\Users\psimoes\Desktop\Icons
2017-03-01 20:36 - 2016-02-24 12:59 - 00000000 ____D C:\Users\psimoes\Desktop\FX
2017-03-01 20:36 - 2009-02-16 11:17 - 00000000 ____D C:\Users\psimoes
2017-02-28 13:14 - 2016-11-18 10:20 - 00000000 ____D C:\Users\psimoes\AppData\LocalLow\Mozilla
2017-02-26 16:55 - 2013-04-04 19:01 - 00000000 ____D C:\Users\psimoes\AppData\Local\Citrix
2017-02-26 15:13 - 2011-02-11 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2017-02-20 18:28 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-02-20 15:24 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_795
2017-02-20 12:18 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_704
2017-02-19 14:40 - 2009-03-15 08:47 - 00000000 ____D C:\Users\psimoes\Downloads\1GOOD_Progs_in_use
2017-02-16 16:50 - 2009-02-16 14:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-16 16:21 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_763
2017-02-16 16:21 - 2013-03-05 22:15 - 00000000 ____D C:\Users\psimoes\Documents\templates word docs
2017-02-09 21:06 - 2016-11-17 18:41 - 00000993 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-09 21:06 - 2016-11-17 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-09 21:04 - 2011-01-28 11:29 - 00000000 ____D C:\Program Files\Opera
2017-02-09 20:44 - 2010-11-09 23:16 - 00000775 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000817 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 20:39 - 2016-11-15 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-09 20:38 - 2012-05-03 08:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-09 20:38 - 2011-06-21 23:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-09 20:38 - 2008-02-12 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-09 20:37 - 2009-02-16 23:34 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-09 20:35 - 2009-02-16 14:28 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Skype
2017-02-09 20:30 - 2012-08-17 19:59 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 20:29 - 2014-08-07 20:45 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2017-02-16 11:13 - 2017-02-16 11:13 - 0000680 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat

Some files in TEMP:
====================
2017-03-05 20:25 - 2017-03-05 20:25 - 0476672 _____ () C:\Users\psimoes\AppData\Local\Temp\7za.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0020480 _____ (E Dev) C:\Users\psimoes\AppData\Local\Temp\DaS_21.exe
2017-03-05 17:01 - 2016-03-21 17:57 - 1208568 _____ (Microsoft Corporation) C:\Users\psimoes\AppData\Local\Temp\dllnt_dump.dll
2017-03-05 20:25 - 2017-03-05 20:25 - 0388608 _____ (Trend Micro Inc.) C:\Users\psimoes\AppData\Local\Temp\hijackthis.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0030720 _____ (NirSoft) C:\Users\psimoes\AppData\Local\Temp\NirCmd.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0256512 _____ () C:\Users\psimoes\AppData\Local\Temp\PEVZ.EXE
2017-03-05 20:25 - 2017-03-05 20:25 - 0069632 _____ () C:\Users\psimoes\AppData\Local\Temp\remove.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0098816 _____ () C:\Users\psimoes\AppData\Local\Temp\sed.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0057344 _____ (Optimum X) C:\Users\psimoes\AppData\Local\Temp\shortcut.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0161792 _____ (SteelWerX) C:\Users\psimoes\AppData\Local\Temp\swreg.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0217088 _____ (SteelWerX) C:\Users\psimoes\AppData\Local\Temp\swxcacls.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0154232 _____ (Noël Danjou) C:\Users\psimoes\AppData\Local\Temp\wget.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0024064 _____ () C:\Users\psimoes\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-06 09:07

==================== End of FRST.txt ============================[/SIZE]
==================== Accounts: =============================

Administrator (S-1-5-21-3399307451-3074549587-1771456082-500 - Administrator - Disabled)
Guest (S-1-5-21-3399307451-3074549587-1771456082-501 - Limited - Enabled) => C:\Users\Guest
psimoes (S-1-5-21-3399307451-3074549587-1771456082-1000 - Administrator - Enabled) => C:\Users\psimoes

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM...\7-Zip) (Version: - )
7-Zip 9.20 (HKLM...{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1 702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM...{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Aiseesoft Blu-ray Ripper (HKLM...\Aiseesoft Blu-ray Ripper_is1) (Version: - )
Aiseesoft Streaming Video Recorder (HKLM...\Aiseesoft Streaming Video Recorder_is1) (Version: - )
AOMEI Backupper Standard Edition 2.0.2 (HKLM...{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Mobile Device Support (HKLM...{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM...{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM...{53BB9294-6E76-4853-4130-1CD0A01EAE45}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Belkin Setup and Router Monitor (HKLM...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM...{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Bonjour (HKLM...{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM...{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM...{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0130.1509.26922 - ATI) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.26 - Piriform)
Cisco WebEx Meetings (HKLM...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM...{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cover Commander 3.0 by Insofta Development (HKLM...\Cover Commander) (Version: 3.0 - Insofta Development)
CyberLink PowerCinema for TOSHIBA (HKLM...\InstallShield{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.1414 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM...\Debut) (Version: - NCH Software)
DVD MovieFactory for TOSHIBA (HKLM...{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
FileASSASSIN (HKLM...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Folder Lock (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\FolderLock6) (Version: - New Sofware.net Inc.)
FXCM Trading Station (Version: 010311 - FXCM) Hidden
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Gizmo Central (HKLM...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM...\Google Desktop) (Version: - - Google)
Google Talk Plugin (HKLM...{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HTC BMP USB Driver (HKLM...{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM...{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
ImgBurn (HKLM...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) PROSet/Wireless Software (HKLM...\ProInst) (Version: 11.5.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM...{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
IPTInstaller (HKLM...{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM...\Logitech Unifying) (Version: 2.50.25 - Logitech)
magicJack (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM...{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM...{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM...{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM...{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM...{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM...{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM...{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM...{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM...{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network Recording Player (HKLM...{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Nokia Connectivity Cable Driver (HKLM...{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
Online Armor 6.0 (HKLM...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
Opera Stable 36.0.2130.80 (HKLM...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
PC Connectivity Solution (HKLM...{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
Picasa 3 (HKLM...\Picasa 3) (Version: 3.9 - Google, Inc.)
PrivaZer (HKLM...\PrivaZer) (Version: 3.0.12.0 - Goversoft LLC)
QuickTime (HKLM...{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM...{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM...{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2008.0130.1509.26922 - ATI) Hidden
Skype™ 7.31 (HKLM...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Snagit 11 (HKLM...{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
SnagIt 9 (HKLM...{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
Speccy (HKLM...\Speccy) (Version: 1.30 - Piriform)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM...{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Software Upgrades (HKLM...{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM...{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM...{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM...{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM...{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM...\InstallShield{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TrueSuite Access Manager (HKLM...{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}) (Version: 1.1.13.13 - ABIG)
TRW conferencing (HKLM...{E23E9487-2B6B-42CA-AE8D-E2369563AB02}) (Version: 7.71 - Digitalweb)
Tweaking.com - Windows Repair (HKLM...\Tweaking.com - Windows Repair) (Version: 3.9.25 - Tweaking.com)
Unlocker 1.9.0 (HKLM...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Video Mover (HKLM...\Video Mover_is1) (Version: - )
VLC media player (HKLM...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.2 (HKLM...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Your monster voice 1 (HKLM...\Your monster voice 1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 → C:\Program Files\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistan ceTask → No File <==== ATTENTION
Task: {163200AE-D877-4FB2-B862-AB68BEA1F57C} - \NCH Software\debutShakeIcon → No File <==== ATTENTION
Task: {19B6ADC6-F3BD-4A45-9CB2-9DC80C9BA1F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1B2D5FC3-FD37-4F6B-B75D-92A79188796E} - System32\Tasks\PCMAgent.exe_1826580705 => C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [2007-12-13] (CyberLink Corp.)
Task: {35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} - \Adobe Acrobat Update Task → No File <==== ATTENTION
Task: {3921AC9D-4361-4ECB-8B8E-644734DC37D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {39A77778-D573-41B1-93FF-AC8C83ADBD56} - \Apple\AppleSoftwareUpdate → No File <==== ATTENTION
Task: {5255BE42-F960-4D14-B4BD-AC20C3743812} - \CrystalDiskInfo → No File <==== ATTENTION
Task: {59C50FF3-0D3B-4CC6-BCBF-2D74EC3778AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe [2015-08-30] (Google Inc.)
Task: {605400B6-8685-48B6-A6B9-A8C5529FC843} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {67F4081D-FFCA-4214-ABDF-3E10C51EB9F9} - \Microsoft\Windows Defender\MP Scheduled Scan → No File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator → No File <==== ATTENTION
Task: {914710E2-0A42-44A6-AFA4-A6D7EAEDF898} - \Adobe Flash Player Updater → No File <==== ATTENTION
Task: {91F851E9-2862-44C9-8C32-8FED6D35E5FF} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [2016-11-21] (Goversoft LLC)
Task: {954E1E94-94FD-420B-9725-623FAB68F590} - {C074CB77-8752-4695-819D-DF00F7AAE9A6} → No File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification → No File <==== ATTENTION
Task: {A879EAD0-908D-481B-A17F-06FDB1F79C50} - {EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} → No File <==== ATTENTION
Task: {B52E95C6-0FEB-457F-A518-4DE31303C9AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe [2015-08-30] (Google Inc.)
Task: {D9700C27-0477-45F2-9A91-42411E7B3919} - \Microsoft\Windows Defender\MP Scheduled Signature Update → No File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo → No File <==== ATTENTION
Task: {F213A1EB-DBE5-42E2-B226-67CD2359E46D} - System32\Tasks\Opera scheduled Autoupdate 1382066025 => C:\Program Files\Opera\launcher.exe [2016-08-05] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\psimoes\Favorites\NCH Software Download Site.lnk → hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\psimoes\Favorites\NCH Software Download.lnk → hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2014-10-18 17:39 - 2014-08-21 10:23 - 00270040 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\UiLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00229080 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\diskmgr.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00265944 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Comn.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00077528 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Ldm.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00061144 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Device.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00257752 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrFat.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00376536 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrNtfs.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00106200 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FuncLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00233176 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Clone.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00335576 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ImgFile.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00028376 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Encrypt.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00073432 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Compress.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00093912 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrVol.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00188120 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\GptBcd.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00147160 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FlBackup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00478936 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\EnumFolder.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00102104 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Backup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00098008 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrLog.dll
2014-10-18 17:39 - 2013-01-17 16:38 - 02403504 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\QtCore4.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00152576 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2013-06-27 00:11 - 2010-02-09 14:55 - 00049152 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2008-02-12 21:22 - 2007-10-23 19:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2011-07-02 10:00 - 2011-07-02 10:00 - 00059304 _____ () C:\Program Files\Gizmo\gshell.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00132608 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2008-01-30 18:30 - 2008-01-30 18:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\corpol.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\psimoes\Downloads\39F2.tmp:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppXSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BFE => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BITS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ClipSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MpsSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\msiserver => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NanoServiceMain => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PSUAService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SharedAccess => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TweakingRemoveSafeBoot => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vss => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WSService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppXSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BITS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ClipSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\msiserver => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NanoServiceMain => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PSUAService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SamSs => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv2 => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srvnet => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TweakingRemoveSafeBoot => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vss => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WSService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\008i.com → 008i.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\008k.com → 008k.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\00hq.com → 00hq.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0190-dialers.com → 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\01i.info → 01i.info
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\02pmnzy5eo29bfk4.com → 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\05p.com → 05p.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\07ic5do2myz3vzpk.com → 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\08nigbmwk43i01y6.com → 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\093qpeuqpmz6ebfa.com → 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0calories.net → 0calories.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0cj.net → 0cj.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0scan.com → 0scan.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1-britney-spears-nude.com → 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1-domains-registrations.com → 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1-se.com → 1-se.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1001movie.com → 1001movie.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1001night.biz → 1001night.biz
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\100gal.net → 100gal.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\100sexlinks.com → 100sexlinks.com

There are 4928 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-30 23:16 - 2017-03-05 16:37 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Control Panel\Desktop\Wallpaper → C:\Users\Public\Pictures\Sample Pictures\1Tomorrow.Is.Too.Late_3840x2160.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows ^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: cdloader => “C:\Users\psimoes\AppData\Roaming\mjusbsp\cdloader 2.exe” MAGICJACK

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{B80361C2-AF98-4825-BBCF-C0E2A574CACA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C72261EE-882D-4B3C-992F-5E86E57DF7DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D0F25D2D-B129-467A-B8F7-E969B015C141}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [TCP Query User{2909901C-2D49-49B0-B3D3-D041F1706883}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{DB8298EC-5CBE-4AFA-B8D1-0A65DFA6D728}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Could not list restore points
Check “winmgmt” service or repair WMI.

==================== Faulty Device Manager Devices =============

Could not list Devices. Check “winmgmt” service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2017 08:27:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
at System.Runtime.InteropServices.Marshal.ThrowExcept ionForHRInternal(Int32, IntPtr)
at System.Runtime.InteropServices.Marshal.ThrowExcept ionForHR(Int32)
at System.Management.ManagementScope.InitializeGuts(S ystem.Object)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObject.Initialize(Bool ean)
at System.Management.ManagementObject.Get()
at DriverAndServicesOut.GetProcess.StartMode(System.S tring)
at DriverAndServicesOut.GetProcess.GetAllServices(Sys tem.String)
at DriverAndServicesOut.Program.Main(System.String)

Error: (03/05/2017 04:44:37 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsyst emobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (03/05/2017 04:39:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (03/05/2017 04:39:40 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsyst emobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (03/05/2017 04:39:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (03/05/2017 04:39:20 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsyst emobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (03/05/2017 04:38:37 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsyst emobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (03/05/2017 04:35:35 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\FW.MOF while recovering .MOF file marked with autorecover.

Error: (03/05/2017 04:35:35 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\AS.MOF while recovering .MOF file marked with autorecover.

Error: (03/05/2017 04:33:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

System errors:
=============
Error: (03/06/2017 09:10:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1083” attempting to start the service winmgmt with arguments “” in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/06/2017 08:59:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1083” attempting to start the service winmgmt with arguments “” in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/06/2017 08:54:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (03/06/2017 08:38:21 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1083” attempting to start the service winmgmt with arguments “” in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/06/2017 08:34:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (03/06/2017 07:55:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1083” attempting to start the service winmgmt with arguments “” in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/06/2017 07:45:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1083” attempting to start the service winmgmt with arguments “” in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/05/2017 06:53:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1083” attempting to start the service winmgmt with arguments “” in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/05/2017 06:44:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1083” attempting to start the service winmgmt with arguments “” in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/05/2017 06:39:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
Date: 2017-03-06 09:10:28.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P sBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-06 09:10:27.675
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P sBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-06 09:10:26.986
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P sBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-06 09:10:26.279
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P sBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:15:01.919
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:15:01.341
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:15:00.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:15:00.153
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:14:59.550
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:14:58.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINProt.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 36%
Total physical RAM: 3069.21 MB
Available physical RAM: 1957.03 MB
Total Virtual: 6342.7 MB
Available Virtual: 5358.41 MB

==================== Drives ================================

Drive c: (SQ004710V01) (Fixed) (Total:184.85 GB) (Free:64.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:186.31 GB) (Free:25.09 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 186.3 GB) (Disk ID: 9C9CF735)
Partition 1: (Not Active) - (Size=800 MB) - (Type=27)
Partition 2: (Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=698 MB) - (Type=OF Extended)

================================================== ======
Disk: 1 (Size: 186.3 GB) (Disk ID: 33D68AE6)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Check “winmgmt” service or repair WMI. ------------------ To fix Click Here.
Yes.

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Full Virus Scan AVZ

Disable your Antivirus prior to this scan.
Download AVZ if you have deleted it.
Right click on AVZ Run as Admin.
Update the program by pressing the [MEDIA=imgur]7M4aWtt[/MEDIA] button.
Make sure all settings are the same in the pic below.
[MEDIA=imgur]RRq8bFM[/MEDIA]

Next:
Under File Types Make sure the settings are the same as below.

[ATTACH]1787[/ATTACH]

Next:
Under Search Parameters Make sure the settings are the same as below.

[MEDIA=imgur]3J7dRcY[/MEDIA]

Now click the Start Button.

[MEDIA=imgur]9FH7a0c[/MEDIA]

When the scan is complete then click on Save Log.

[MEDIA=imgur]7PyGiQq[/MEDIA]

Save the log to the desktop – Copy it and paste it here in your next reply.

Clean The Event Viewer Logs.

Download the attached Batch File below.
Save it to your desktop.
Right Click and Run as Administrator.

[/QUOTE]

How is the machine running now?

Eliminate Bad Settings with this nice tool.
[ul]
[li]Download SupRestric.exe save to your desktop.[/li][li]Close all running programs.[/li][li]Temporarily disable the antivirus[/li][li]Double click the file to launch it.[/li][li]Windows: 7/8/10 Vista and run as administrator[/li][li]Click Yes at any prompt.[/li]
[li]The analysis takes only a few moments.[/li][li]The report is on the desktop ( CTR.txt )[/li][li]Copy paste report in next reply.[/li][li]A reboot is needed to complete the repairs.[/li][/ul]

Still getting constant hd activity / flickering. I’ll give SupRestric a go …

Quick Diag Scan.
Downloads - QuickDiag - Download Now - ToolsLib’]

Download Quick Diag to your desktop.[/URL]
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select [ATTACH]1793[/ATTACH] scan.
Post the log that is generated in your next post.

I clicked YES & got the following error …
[ATTACH]1794[/ATTACH]

The following Pop Up asks …
Reset & activate Windows fire wall ?
Do no accept if you have another active fire wall.

[ATTACH]1795[/ATTACH]

Clicking NO yields the following log …
Rapport de Contrôle restrictions Pierre13 (CTR version 2.5.0.0 ) du 07\03\2017 à 17:02:41
PC de psimoes
Windows Vista ™ Home Premium (32 bits) [6002]

Réparation erreur 2203 effectuée.

Contrôle présence restrictions

[BKDR_BLACKEN.A] clé PhishingFilter corrigée.
PC vacciné contre sponsor Java.
Service Pare feu Windows activé.

236 restrictions contrôlées.

1 restriction(s) réparée(s).
Re démarrer le PC pour prendre en compte la ou les réparations.

Le rapport est sur le bureau (C:\Users\psimoes\Desktop\CTR.txt)

Quick Diag crashed when Extended scan was selected, showing the error below …
[ATTACH]1796[/ATTACH]

Perform a clean boot and tell me how the machine responds.

Tried to create a System Restore point before Clean Boot and got error message below …
[ATTACH]1798[/ATTACH]
PC started up OK after Clean Boot. Programs, browsers open quicker than before. Non-stop HD activity still present

You installed this copy of vista on 2009-02-16 We are dealing with a 7 year old install. I think it is just time to format the machine… Last thing before a format, would be to create a new admin profile and see how things are from it…