Solved Vista laptop running slow, constant hard drive activity

paulwb · Mar 4, 2017

@Malnutrition
Good day / evening, ( RE: Toshiba Satellite laptop 15" A305-S6841, Vista SP 2, 3GB Ram )

Had this issue before and appears to have returned since running PatchMyPC, which while very handy, does not show if additional software is being offered for the selected update.

Not sure if it's malware or some sort of telemetry.

I've run Zemana, ZHP cleaner, junkware removal tool, adware removal tool, adware cleaner & Windows All in One Repair tool but the problem remains.

Below are FRST & MBR logs ....

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2017 01
Ran by psimoes (administrator) on PS-TOSHIBA (03-03-2017 19:50:31)
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & torrents & Guest)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec Inc.) C:\Windows\System32\TAMSvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAsrv.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AuthenTec, Inc) C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
(Arachnoid Biometrics Identification Group) C:\Program Files\TrueSuite Access Manager\PwdBank.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\TrueSuite Access Manager\CssSvr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FingerPrintNotifer] => C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [671744 2008-01-24] (AuthenTec, Inc)
HKLM\...\Run: [PwdBank] => C:\Program Files\TrueSuite Access Manager\PwdBank.exe [3150848 2008-02-01] (Arachnoid Biometrics Identification Group)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7173848 2016-12-21] (Piriform Ltd)
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellIconOverlayIdentifiers: [IconOvrly1] -> {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll [2007-04-20] (Arachnoid Biometrics Identification Group Corp.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [NameServer] 8.8.8.8,8.8.4.4,192.168.2.1
Tcpip\..\Interfaces\{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
URLSearchHook: [S-1-5-21-3399307451-3074549587-1771456082-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default [2017-03-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @citrixonline.com/appdetectorplugin -> C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/O1DPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=3 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=9 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-07-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en
CHR StartupUrls: Default -> "hxxps://www.startpage.com/","hxxp://google.ca/"
CHR Profile: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (TV) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2017-02-15]
CHR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-02-15]
CHR Extension: (YouTube) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-15]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2017-02-15]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2017-02-15]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfnahhhglp [2017-02-15]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj [2017-02-15]
CHR Extension: (Save to Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-02-15]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegbjmfnfh [2017-02-15]
CHR Extension: (Mailvelope) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2017-02-25]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2017-02-15]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2017-02-15]
CHR Extension: (Vend) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdebajikafa [2017-02-15]
CHR Extension: (Mailtrack for Gmail & Inbox: Email tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2017-02-15]
CHR Extension: (Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-15]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2017-02-15]
CHR Extension: (Streak CRM for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2017-02-15]

Opera:
=======
OPR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-01-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2007-10-15] (AuthenTec Inc.) [File not signed]
R2 Backupper Service; C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 getPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2011-07-02] (Arainia Solutions)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-12] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S3 nosGetPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [X]
S4 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]
S4 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [X]
S4 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43440 2008-02-03] (Alfa Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-26] (AuthenTec, Inc.)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2011-07-02] (Arainia Solutions LLC)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-03-14] (Acronis)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2011-02-11] (NCH Software)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [971232 2009-03-14] (Acronis)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-02-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-02-16] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
S0 MBAMChameleon; system32\drivers\MBAMChameleon.sys [X]
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Power; no ImagePath
U0 PSBoot; [X]
U2 SppSvc; no ImagePath
U2 srService; no ImagePath
S3 teamviewervpn; system32\DRIVERS\teamviewervpn.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 Wwansvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 19:50 - 2017-03-03 19:52 - 00020518 _____ C:\Users\psimoes\Desktop\FRST.txt
2017-03-03 19:48 - 2017-03-03 19:50 - 00000000 ____D C:\FRST
2017-03-03 19:28 - 2017-03-03 19:28 - 05200384 _____ (AVAST Software) C:\Users\psimoes\Desktop\aswmbr.exe
2017-03-03 19:27 - 2017-03-03 19:27 - 01765888 _____ (Farbar) C:\Users\psimoes\Desktop\FRST.exe
2017-03-01 20:37 - 2017-03-01 20:37 - 00079324 _____ C:\Users\psimoes\Desktop\Quantum-Life-Terms-Tools-Themes.pdf
2017-03-01 20:37 - 2017-03-01 20:37 - 00061378 _____ C:\Users\psimoes\Desktop\Emotional-Frequency-Chart.pdf
2017-03-01 20:35 - 2017-03-01 20:36 - 00000000 ____D C:\Users\psimoes\Desktop\Gen.Info
2017-02-28 10:07 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-02-26 15:13 - 2017-02-26 15:13 - 00000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000886 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2017-02-19 18:55 - 2017-02-20 10:25 - 00000000 ____D C:\Users\psimoes\AppData\Local\FSDART
2017-02-19 18:54 - 2017-02-19 18:55 - 00000000 ____D C:\ProgramData\F-Secure
2017-02-19 18:54 - 2017-02-19 18:54 - 00000000 ____D C:\Users\psimoes\AppData\Local\F-Secure
2017-02-19 18:47 - 2017-02-19 18:47 - 00524248 _____ (F-Secure Corporation) C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe
2017-02-19 16:52 - 2017-02-19 16:52 - 00000758 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2017-02-19 16:52 - 2017-02-19 16:52 - 00000734 _____ C:\Users\Public\Desktop\RealtimeSync.lnk
2017-02-19 15:00 - 2014-03-11 09:51 - 00036896 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
2017-02-19 14:32 - 2017-02-19 16:54 - 00000000 ____D C:\Users\psimoes\Desktop\Free.File.Sync
2017-02-16 15:09 - 2017-02-16 15:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PS-TOSHIBA-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2017-02-16 15:09 - 2017-02-16 15:09 - 00000000 ____D C:\RegBackup
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Videos
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Pictures
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Music
2017-02-16 14:04 - 2017-02-16 14:04 - 00047056 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-16 13:51 - 2017-02-16 13:51 - 00001923 _____ C:\Users\psimoes\Desktop\Tweaking.com - Windows Repair.lnk
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Program Files\Tweaking.com
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-02-16 11:16 - 2017-02-27 15:22 - 00000495 _____ C:\Users\psimoes\Desktop\ZHPCleaner.lnk
2017-02-16 11:15 - 2017-02-16 11:15 - 01663040 _____ (Malwarebytes) C:\Users\psimoes\Desktop\JRT.exe
2017-02-16 11:15 - 2017-02-16 11:14 - 14449600 _____ (Copyright 2017.) C:\Users\psimoes\Desktop\Zemana.AntiMalware.Portable.exe
2017-02-16 11:15 - 2017-02-16 11:13 - 02705920 _____ C:\Users\psimoes\Desktop\ZHPCleaner.exe
2017-02-16 11:13 - 2017-02-16 11:13 - 00000680 _____ C:\Users\psimoes\AppData\Local\d3d9caps.dat
2017-02-16 03:44 - 2017-02-16 03:53 - 00010239 _____ C:\Pre_Scan.txt
2017-02-16 03:41 - 2017-02-16 03:49 - 00000000 ____D C:\Pre_Scan
2017-02-16 02:32 - 2017-02-16 02:32 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-02-16 02:32 - 2017-02-16 02:32 - 00003268 _____ C:\Windows\system32\bootdelete.lst
2017-02-15 20:02 - 2017-02-15 20:00 - 11005320 _____ (SurfRight B.V.) C:\Users\psimoes\Desktop\hitmanpro.exe
2017-02-15 11:50 - 2017-02-27 16:35 - 00000000 ____D C:\AdwCleaner
2017-02-15 11:44 - 2017-02-15 11:44 - 04015056 _____ C:\Users\psimoes\Desktop\adwcleaner_6.043.exe
2017-02-09 15:40 - 2017-02-09 15:40 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2017-02-09 15:34 - 2017-02-09 15:34 - 00752296 _____ C:\Users\psimoes\Desktop\Adware Removal Tool by TSA.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 19:52 - 2016-11-19 00:19 - 00534835 _____ C:\Windows\ZAM.krnl.trace
2017-03-03 19:51 - 2016-11-19 00:19 - 00542682 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-03 19:51 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\Online Armor
2017-03-03 19:46 - 2014-03-06 22:39 - 00000000 ____D C:\Users\psimoes\AppData\Local\CrashDumps
2017-03-03 18:28 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-03 18:28 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-03 08:29 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-03 08:29 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-02 20:22 - 2006-11-02 08:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-01 20:36 - 2016-02-24 12:59 - 00000000 ____D C:\Users\psimoes\Desktop\FX
2017-03-01 20:36 - 2009-02-16 11:17 - 00000000 ____D C:\Users\psimoes
2017-02-28 13:14 - 2016-11-18 10:20 - 00000000 ____D C:\Users\psimoes\AppData\LocalLow\Mozilla
2017-02-27 15:41 - 2016-11-14 14:37 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\ZHP
2017-02-27 15:03 - 2015-06-07 21:38 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-02-26 16:55 - 2013-04-04 19:01 - 00000000 ____D C:\Users\psimoes\AppData\Local\Citrix
2017-02-26 16:54 - 2009-03-19 11:27 - 00000000 ____D C:\Program Files\Citrix
2017-02-26 15:13 - 2011-02-11 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2017-02-26 15:11 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2017-02-20 18:40 - 2016-11-22 05:53 - 00121608 _____ C:\Users\psimoes\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-20 18:36 - 2016-11-22 05:50 - 00462664 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-20 18:29 - 2006-11-02 05:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-20 15:24 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_795
2017-02-20 12:18 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_704
2017-02-19 14:40 - 2009-03-15 08:47 - 00000000 ____D C:\Users\psimoes\Downloads\1GOOD_Progs_in_use
2017-02-16 16:50 - 2009-02-16 14:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-16 16:21 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_763
2017-02-16 16:21 - 2013-03-05 22:15 - 00000000 ____D C:\Users\psimoes\Documents\templates word docs
2017-02-10 08:42 - 2013-03-20 23:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-10 08:40 - 2016-11-17 18:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-09 21:06 - 2016-11-17 18:41 - 00000993 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-09 21:06 - 2016-11-17 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-09 21:04 - 2011-01-28 11:29 - 00000000 ____D C:\Program Files\Opera
2017-02-09 20:44 - 2010-11-09 23:16 - 00000775 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000817 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 20:39 - 2016-11-15 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-09 20:38 - 2012-05-03 08:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-09 20:38 - 2011-06-21 23:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-09 20:38 - 2008-02-12 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-09 20:37 - 2009-02-16 23:34 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-09 20:35 - 2009-02-16 14:28 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Skype
2017-02-09 20:30 - 2012-08-17 19:59 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 20:29 - 2014-08-07 20:45 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2017-02-16 11:13 - 2017-02-16 11:13 - 0000680 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-03 08:35

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-03-2017 01
Ran by psimoes (03-03-2017 19:52:33)
Running from C:\Users\psimoes\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X86) (2009-02-16 07:13:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3399307451-3074549587-1771456082-500 - Administrator - Disabled)
Guest (S-1-5-21-3399307451-3074549587-1771456082-501 - Limited - Enabled) => C:\Users\Guest
psimoes (S-1-5-21-3399307451-3074549587-1771456082-1000 - Administrator - Enabled) => C:\Users\psimoes
torrents (S-1-5-21-3399307451-3074549587-1771456082-1004 - Limited - Enabled) => C:\Users\torrents

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Aiseesoft Blu-ray Ripper (HKLM\...\Aiseesoft Blu-ray Ripper_is1) (Version: - )
Aiseesoft Streaming Video Recorder (HKLM\...\Aiseesoft Streaming Video Recorder_is1) (Version: - )
AOMEI Backupper Standard Edition 2.0.2 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{53BB9294-6E76-4853-4130-1CD0A01EAE45}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0130.1509.26922 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cover Commander 3.0 by Insofta Development (HKLM\...\Cover Commander) (Version: 3.0 - Insofta Development)
CyberLink PowerCinema for TOSHIBA (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.1414 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM\...\Debut) (Version: - NCH Software)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Folder Lock (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\FolderLock6) (Version: - New Sofware.net Inc.)
FXCM Trading Station (Version: 010311 - FXCM) Hidden
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Gizmo Central (HKLM\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
magicJack (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network Recording Player (HKLM\...\{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
Online Armor 6.0 (HKLM\...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.12.0 - Goversoft LLC)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2008.0130.1509.26922 - ATI) Hidden
Skype™ 7.31 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Snagit 11 (HKLM\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
SnagIt 9 (HKLM\...\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TrueSuite Access Manager (HKLM\...\{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}) (Version: 1.1.13.13 - ABIG)
TRW conferencing (HKLM\...\{E23E9487-2B6B-42CA-AE8D-E2369563AB02}) (Version: 7.71 - Digitalweb)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.25 - Tweaking.com)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Video Mover (HKLM\...\Video Mover_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Your monster voice 1 (HKLM\...\Your monster voice 1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {163200AE-D877-4FB2-B862-AB68BEA1F57C} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files\NCH Software\Debut\Debut.exe [2017-02-26] (NCH Software)
Task: {19B6ADC6-F3BD-4A45-9CB2-9DC80C9BA1F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1B2D5FC3-FD37-4F6B-B75D-92A79188796E} - System32\Tasks\PCMAgent.exe_1826580705 => C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [2007-12-13] (CyberLink Corp.)
Task: {35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {3921AC9D-4361-4ECB-8B8E-644734DC37D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {39A77778-D573-41B1-93FF-AC8C83ADBD56} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {5255BE42-F960-4D14-B4BD-AC20C3743812} - System32\Tasks\CrystalDiskInfo => C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_2\DiskInfo.exe [2014-12-19] (Crystal Dew World)
Task: {59C50FF3-0D3B-4CC6-BCBF-2D74EC3778AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {605400B6-8685-48B6-A6B9-A8C5529FC843} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {914710E2-0A42-44A6-AFA4-A6D7EAEDF898} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-09] (Adobe Systems Incorporated)
Task: {91F851E9-2862-44C9-8C32-8FED6D35E5FF} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [2016-11-21] (Goversoft LLC)
Task: {954E1E94-94FD-420B-9725-623FAB68F590} - \{C074CB77-8752-4695-819D-DF00F7AAE9A6} -> No File <==== ATTENTION
Task: {A879EAD0-908D-481B-A17F-06FDB1F79C50} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files\Gizmo\gizmo.exe [2011-07-02] (Arainia Solutions)
Task: {B52E95C6-0FEB-457F-A518-4DE31303C9AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CB05E073-7102-4A84-880A-E9980E1D33D7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {F213A1EB-DBE5-42E2-B226-67CD2359E46D} - System32\Tasks\Opera scheduled Autoupdate 1382066025 => C:\Program Files\Opera\launcher.exe [2016-08-05] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\psimoes\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\psimoes\Favorites\NCH Software Download.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2014-10-18 17:39 - 2014-08-21 10:23 - 00270040 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\UiLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00229080 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\diskmgr.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00265944 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Comn.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00077528 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Ldm.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00061144 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Device.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00257752 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrFat.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00376536 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrNtfs.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00106200 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FuncLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00233176 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Clone.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00335576 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ImgFile.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00028376 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Encrypt.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00073432 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Compress.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00093912 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrVol.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00188120 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\GptBcd.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00147160 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FlBackup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00478936 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\EnumFolder.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00102104 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Backup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00098008 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrLog.dll
2014-10-18 17:39 - 2013-01-17 16:38 - 02403504 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\QtCore4.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00152576 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2013-06-27 00:11 - 2010-02-09 14:55 - 00049152 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2008-02-12 21:22 - 2007-10-23 19:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2011-07-02 10:00 - 2011-07-02 10:00 - 00059304 _____ () C:\Program Files\Gizmo\gshell.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00132608 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2008-01-30 18:30 - 2008-01-30 18:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\corpol.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\psimoes\Downloads\39F2.tmp:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4928 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-30 23:16 - 2017-02-20 18:28 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\1Tomorrow.Is.Too.Late_3840x2160.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: APSDaemon =>
MSCONFIG\startupreg: cdloader => "C:\Users\psimoes\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: GizmoDriveDelegate => "C:\Program Files\Gizmo\gizmo.exe" /RemountStartupImages
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: PCMAgent => "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{B80361C2-AF98-4825-BBCF-C0E2A574CACA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C72261EE-882D-4B3C-992F-5E86E57DF7DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D0F25D2D-B129-467A-B8F7-E969B015C141}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [TCP Query User{2909901C-2D49-49B0-B3D3-D041F1706883}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{DB8298EC-5CBE-4AFA-B8D1-0A65DFA6D728}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2017 01:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application AcroRd32.exe, version 10.1.16.13, time stamp 0x5603fd53, faulting module OLEACC.dll, version 7.0.6002.18508, time stamp 0x4e5674e2, exception code 0xc0000005, fault offset 0x00004158,
process id 0x160c, application start time 0x01d292b7dfbafad6.

Error: (02/28/2017 06:49:46 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index metadata cannot be read. (0xc0041801)

Error: (02/28/2017 06:49:45 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. (0xc0041801)

Error: (02/28/2017 06:49:45 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (0x80070490)

Error: (02/28/2017 06:49:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. (0xc0041801)

Error: (02/28/2017 06:49:41 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
0x%08x (0xc0041800 - The content index cannot be read. )

Error: (02/28/2017 06:49:41 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index metadata cannot be read. (0xc0041801)

Error: (02/28/2017 06:49:41 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
The content index cannot be read. (0xc0041800)

Error: (02/28/2017 06:49:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3052) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS07017.log.

Error: (02/20/2017 06:29:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

System errors:
=============
Error: (03/03/2017 08:59:41 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/03/2017 08:30:07 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/03/2017 08:28:43 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.3 for the Network Card with network address 001E333EFAE9 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/02/2017 08:22:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (03/02/2017 08:12:32 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/02/2017 07:52:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/01/2017 10:14:36 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/01/2017 10:05:45 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/28/2017 08:14:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (02/28/2017 06:49:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

CodeIntegrity:
===================================
Date: 2017-03-03 19:52:23.834
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PsBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-03 19:52:23.268
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PsBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-03 19:52:22.734
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PsBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-03 19:52:22.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PsBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-03 19:51:56.354
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-03 19:51:55.803
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-03 19:51:55.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-03 19:51:54.703
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-03 19:51:53.972
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-03 19:51:53.351
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 30%
Total physical RAM: 3069.21 MB
Available physical RAM: 2145.2 MB
Total Virtual: 6346.66 MB
Available Virtual: 5272.04 MB

==================== Drives ================================

Drive c: (SQ004710V01) (Fixed) (Total:184.85 GB) (Free:64.98 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:186.31 GB) (Free:25.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 9C9CF735)
Partition 1: (Not Active) - (Size=800 MB) - (Type=27)
Partition 2: (Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=698 MB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 33D68AE6)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-03 19:59:39
-----------------------------
19:59:39.867 OS Version: Windows 6.0.6002 Service Pack 2
19:59:39.868 Number of processors: 2 586 0xF0D
19:59:39.870 ComputerName: PS-TOSHIBA UserName: psimoes
19:59:41.778 Initialize success
19:59:41.840 VM: initialized successfully
19:59:41.841 VM: Intel CPU virtualization not supported
20:02:38.536 AVAST engine defs: 17030301
20:06:09.253 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:06:09.256 Disk 0 Vendor: Hitachi_ BBDO Size: 190782MB BusType: 3
20:06:09.260 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
20:06:09.262 Disk 1 Vendor: TOSHIBA_ DK02 Size: 190782MB BusType: 3
20:06:09.414 Disk 0 MBR read successfully
20:06:09.417 Disk 0 MBR scan
20:06:09.437 Disk 0 unknown MBR code
20:06:10.069 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 800 MB offset 64
20:06:10.090 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 189281 MB offset 1638632
20:06:10.098 Disk 0 Partition - 00 0F Extended LBA 698 MB offset 389287080
20:06:10.129 Disk 0 Partition 3 00 BC BOOTWIZ0 698 MB offset 389287143
20:06:10.168 Disk 0 scanning sectors +390716865
20:06:10.372 Disk 0 scanning C:\Windows\system32\drivers
20:06:25.422 Service scanning
20:07:03.803 Modules scanning
20:07:03.810 Disk 0 trace - called modules:
20:07:03.816
20:07:05.303 AVAST engine scan C:\Windows
20:07:09.836 AVAST engine scan C:\Windows\system32
20:11:51.292 AVAST engine scan C:\Windows\system32\drivers
20:12:14.669 AVAST engine scan C:\Users\psimoes
20:42:10.878 AVAST engine scan C:\ProgramData
20:49:59.013 Disk 0 statistics 4420260/0/0 @ 1.10 MB/s
20:49:59.021 Scan finished successfully
20:53:13.575 Disk 0 MBR has been saved successfully to "C:\Users\psimoes\Desktop\MBR.dat"
20:53:13.581 The log file has been saved successfully to "C:\Users\psimoes\Desktop\2017.03.03_aswMBR.txt"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PC Specs

Laptop: Toshiba Satellite laptop 15" A305-S6841
CPU: Intel Core 2 Duo CPU T5550 @ 1.83GHz
Ram: 3 GB
Hard drive: 400GB ( 2 X 200GB )
OS: Windows Vista 2007 Home Premium, 32bit, SP2
Internet connection: DSL
ATI Mobility Radeon HD 3470 with 256MB
Intel Wireless WiFi link 4965AGN
Realtek TRL8102E Family PCI-E Ethernet NIC (NDIS 6.0)
Browsers ( latest versions ) : Chrome, FireFox, Opera
Firewall and security software: Online Armor Firewall, Panda Antivirus

Malnutrition · Mar 5, 2017

Run Check Disk

Run chkdsk /f /r from elevated command prompt.

After the checkdisk....

Scan with ListChkDskResult

Please download ListChkDskResult by SleepyDude and save it to your desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
A message about checking Windows Event Log will pop-up. Click OK.
Wait patiently until a notepad window will open. This won't take long.
The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.

Please include the content of this file in your next reply.

Speccy Scan.

Please go here and download Speccy.
Install and run the program.
Upon Completion:
Hit File
Publish Snap Shot
A link will appear, post that link.

paulwb · Mar 5, 2017

Hi Malnutrition, thanks for the quick reply.
I got the following error message with LstChkDskResult, which also appears in Speccy ...

Here is the Speccy snapshot
http://speccy.piriform.com/results/WzJfTYrufFA56IC3fvh7WTW

Malnutrition · Mar 5, 2017

ZHP Diag Scan

Download ZHP Diag to your desktop.

1. Right Click Run as Admin.
2. Click the Scanner button.

When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

Malnutrition · Mar 5, 2017

Also, do you have your windows vista disk? Might be time for a repair install after we remove the trash from your machine.

Malnutrition · Mar 5, 2017

I'd like you to backup your registry with this tool.

Save the file below to your desktop, right click it select merge then reboot your machine. Then try and run speccy again, see if the error persist.

Winmgmt.reg

paulwb · Mar 5, 2017

Malnutrition said:
ZHP Diag Scan
Same error as before so ZHPDiag won't run ....

Download ZHP Diag to your desktop.

1. Right Click Run as Admin.
2. Click the Scanner button.

When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

paulwb · Mar 5, 2017

Malnutrition said:
Also, do you have your windows vista disk? Might be time for a repair install after we remove the trash from your machine.

Yes, I have the Vista disks ....

Malnutrition · Mar 5, 2017

paulwb said:
Yes, I have the Vista disks ....

Time for a repair install.
There is no malware on your machine, so lets do the repair install then run ZHP diag, we will then remove any remaining trash.
We could use other tools, but I see this as the best way forward.
Like I say the repair install is not the end of this thread, just the next best logical step in my mind.

paulwb · Mar 5, 2017

Malnutrition said:
I'd like you to backup your registry with this tool.

Save the file below to your desktop, right click it select merge then reboot your machine. Then try and run speccy again, see if the error persist.

Winmgmt.reg

Ran Speccy after above instructions, did not get error message but program stalled while "Analyzing" .... will do Vista repair install as suggested.

Malnutrition · Mar 5, 2017

paulwb said:
Ran Speccy after above instructions, did not get error message but program stalled while "Analyzing"

If you can run ZHP diag now then do so if it will work. Either way go ahead with the repair install.

paulwb · Mar 5, 2017

Malnutrition said:
If you can run ZHP diag now then do so if it will work. Either way go ahead with the repair install.

ZHP diag wouldn't run so ran Start Up Repair. Pop up said "Start Up Repair could not detect a problem"
Tried Speccy & ZHP diag, got same error

Malnutrition · Mar 5, 2017

paulwb said:
"Start Up Repair could not detect a problem"

Ok, go ahead with the repair install.

paulwb · Mar 5, 2017

Malnutrition said:
Ok, go ahead with the repair install.

I've read through the link and just now noticed that I have the Toshiba OEM Recovery disk which only allows for cloning or a clean reinstall.
A clean reinstall would be in order but should be done when I have more time.
Any other suggestions ? Right now I'm running Windows All In One Repair in Safe Mode.....

Malnutrition · Mar 5, 2017

Lets check with a different set of tools.

Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all other the running programs
Disable ALL Antivirus -- Antimalware -- Applications.
Right Click Rogue Killer and Run as Administrator.
Click the Start Scan button.
Allow the scan to run -- it can take ten minutes or more.
Once the scan is complete check All items for removal.
After All items are checked then press Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on open report -- then open txt
Copy the content of the report and paste it here in your next reply.

Auto logger scan!

Disable your Antivirus & Anti spyware applications!!
Download Autologger to your desktop.
Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
Right click Autologger and run as admin. (Xp user double click)
AVZ4 will open and scan your machine, allow this to complete.
Upload Collectionlog.zip to your next reply.

paulwb · Mar 6, 2017

Malnutrition said:
Lets check with a different set of tools.

Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all other the running programs

Disable ALL Antivirus -- Antimalware -- Applications.

Right Click Rogue Killer and Run as Administrator.

Click the Start Scan button.

Allow the scan to run -- it can take ten minutes or more.

Once the scan is complete check All items for removal.

After All items are checked then press Remove Selected.

Wait until the Status box shows Deleting Finished.

Click on open report -- then open txt

Copy the content of the report and paste it here in your next reply.

Auto logger scan!

Disable your Antivirus & Anti spyware applications!!

Download Autologger to your desktop.

Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----

Right click Autologger and run as admin. (Xp user double click)

AVZ4 will open and scan your machine, allow this to complete.

Upload Collectionlog.zip to your next reply.

Options in Autologger scan to select the C or D drive and to enable malware removal mode were all unselected.
Should any of them been selected ?

2017.03.05_Autolog.Collector.screenshot.JPG

RogueKiller V12.9.9.0 [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : psimoes [Administrator]
Started from : C:\Users\psimoes\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/05/2017 17:02:54 (Duration : 00:45:52)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.SEH] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | EnableShellExecuteHooks : 1 -> Deleted
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://www.startpage.com/|http://google.ca/] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 26f549703a84d3c0f65960eaf84ecec8
[BSP] 853a919cccceca93e422c6c69ce3e4bd : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 64 | Size: 800 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 1638632 | Size: 189281 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 389287080 | Size: 698 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] a3b5d0673c14e80d57c6e74354f5f774
[BSP] dc70a101a6187ff4470703ac584b9fce : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 190780 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Malnutrition · Mar 6, 2017

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy the items in red below, and paste them into Zoek.

createsrpoint;
{d8559eb9-20c0-410e-beda-7ed416aecc2a};c
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252};c
getPlusHelper;s
SkypeUpdate;s
MozillaMaintenance;s
AdobeFlashPlayerUpdateSvc;s
C:\Windows\System32\drivers\avipbb.sys;f
C:\Windows\tasks\Adobe Flash Player Updater.job;f
C:\Windows\system32\tasks\Adobe Acrobat Update Task;f
C:\Windows\system32\tasks\Adobe Flash Player Updater;f
C:\Windows\system32\tasks\CrystalDiskInfo;f
C:\Windows\system32\tasks\PCMAgent.exe;f
C:\Windows\system32\tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B};f
C:\Windows\system32\tasks\NCH Software\debutShakeIcon;f
C:\Windows\system32\tasks\Microsoft\Windows Defender;f
C:\Windows\system32\tasks\Microsoft\Windows\Wireless\GatherWirelessInfo;f
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance;f
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program;f
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate;f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"CCleaner Monitoring"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE];r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE];r
C:\Program Files\Mozilla Maintenance Service;f
ipconfig /flushdns;b
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
netsh winsock reset all;b
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Check_Browsers_LNK from your Collection log made earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.

Hijack This Fix.

Locate the HijackThis file within the Autologger folder, Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - MSConfig\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup (2017/03/05)
O4 - MSConfig\startupreg: [APSDaemon] (HKLM) (2013/09/25) (no file)
O4 - MSConfig\startupreg: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" (HKLM) (2013/09/25)
O4 - MSConfig\startupreg: [GizmoDriveDelegate] "C:\Program Files\Gizmo\gizmo.exe" /RemountStartupImages (HKCU) (2016/11/24)
O4 - MSConfig\startupreg: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (HKLM) (2013/05/13)
O4 - MSConfig\startupreg: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (HKLM) (2012/03/01)
O4 - MSConfig\startupreg: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" (HKLM) (2012/03/01)

Now click on fix checked.
After the fix is complete, then reboot your machine.

Easy Service Optimizer

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

Let's have a fresh look at your system after the above scans please.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Right-click on FRST icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked, as well as Shortcut.txt
Press Scan button and wait.
The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt

Please Copy & Paste them into your next reply. But attach Shortcut.txt

paulwb · Mar 6, 2017

Malnutrition said:
Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy the items in red below, and paste them into Zoek.

createsrpoint;
{d8559eb9-20c0-410e-beda-7ed416aecc2a};c
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252};c
getPlusHelper;s
SkypeUpdate;s
MozillaMaintenance;s
AdobeFlashPlayerUpdateSvc;s
C:\Windows\System32\drivers\avipbb.sys;f
C:\Windows\tasks\Adobe Flash Player Updater.job;f
C:\Windows\system32\tasks\Adobe Acrobat Update Task;f
C:\Windows\system32\tasks\Adobe Flash Player Updater;f
C:\Windows\system32\tasks\CrystalDiskInfo;f
C:\Windows\system32\tasks\PCMAgent.exe;f
C:\Windows\system32\tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B};f
C:\Windows\system32\tasks\NCH Software\debutShakeIcon;f
C:\Windows\system32\tasks\Microsoft\Windows Defender;f
C:\Windows\system32\tasks\Microsoft\Windows\Wireless\GatherWirelessInfo;f
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance;f
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program;f
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate;f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"CCleaner Monitoring"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE];r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE];r
C:\Program Files\Mozilla Maintenance Service;f
ipconfig /flushdns;b
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
netsh winsock reset all;b
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Check_Browsers_LNK from your Collection log made earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.

Hijack This Fix.

Locate the HijackThis file within the Autologger folder, Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - MSConfig\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup (2017/03/05)
O4 - MSConfig\startupreg: [APSDaemon] (HKLM) (2013/09/25) (no file)
O4 - MSConfig\startupreg: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" (HKLM) (2013/09/25)
O4 - MSConfig\startupreg: [GizmoDriveDelegate] "C:\Program Files\Gizmo\gizmo.exe" /RemountStartupImages (HKCU) (2016/11/24)
O4 - MSConfig\startupreg: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (HKLM) (2013/05/13)
O4 - MSConfig\startupreg: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (HKLM) (2012/03/01)
O4 - MSConfig\startupreg: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" (HKLM) (2012/03/01)

Now click on fix checked.
After the fix is complete, then reboot your machine.

Easy Service Optimizer

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

Let's have a fresh look at your system after the above scans please.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Right-click on FRST icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).

Make sure that Addition option is checked, as well as Shortcut.txt

Press Scan button and wait.

The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt

Please Copy & Paste them into your next reply. But attach Shortcut.txt

Great, I'll give it all a go ...
I ran Spacesniffer and it shows constant hard drive activity relating to Panda AV Security Protection and Microsoft System Indexer.

Malnutrition · Mar 6, 2017

paulwb said:
constant hard drive activity relating to Panda AV Security

Yes, I noticed from the FRST logs that you were getting errors from it, that is why I had you run check disk.... We will get to the bottom of things.

Malnutrition · Mar 6, 2017

paulwb said:
Should any of them been selected ?

No....

paulwb

Malnutrition

Malnurished Mod

paulwb

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

paulwb

paulwb

Malnutrition

Malnurished Mod

paulwb

Malnutrition

Malnurished Mod

paulwb

Malnutrition

Malnurished Mod

paulwb

Malnutrition

Malnurished Mod

paulwb

Attachments

Malnutrition

Malnurished Mod

paulwb

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Search

Search

Solved Vista laptop running slow, constant hard drive activity