• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Vista laptop running slow, constant hard drive activity

Status
Not open for further replies.
Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy the items in red below, and paste them into Zoek.


createsrpoint;
{d8559eb9-20c0-410e-beda-7ed416aecc2a};c
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252};c
getPlusHelper;s
SkypeUpdate;s
MozillaMaintenance;s
AdobeFlashPlayerUpdateSvc;s
C:\Windows\System32\drivers\avipbb.sys;f
C:\Windows\tasks\Adobe Flash Player Updater.job;f
C:\Windows\system32\tasks\Adobe Acrobat Update Task;f
C:\Windows\system32\tasks\Adobe Flash Player Updater;f
C:\Windows\system32\tasks\CrystalDiskInfo;f
C:\Windows\system32\tasks\PCMAgent.exe;f
C:\Windows\system32\tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B};f
C:\Windows\system32\tasks\NCH Software\debutShakeIcon;f
C:\Windows\system32\tasks\Microsoft\Windows Defender;f
C:\Windows\system32\tasks\Microsoft\Windows\Wireless\GatherWirelessInfo;f
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance;f
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program;f
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate;f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"CCleaner Monitoring"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE];r
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE];r
C:\Program Files\Mozilla Maintenance Service;f
ipconfig /flushdns;b
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
netsh winsock reset all;b
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.


ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Check_Browsers_LNK from your Collection log made earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.

BPD7B3BAgEQl.gif


Hijack This Fix.

Locate the HijackThis file within the Autologger folder, Right Click Run as Admin.
Close all other open programs prior to running this tool!!

Click System Scan Only.
Then check mark the items listed below.

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - MSConfig\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup (2017/03/05)
O4 - MSConfig\startupreg: [APSDaemon] (HKLM) (2013/09/25) (no file)
O4 - MSConfig\startupreg: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" (HKLM) (2013/09/25)
O4 - MSConfig\startupreg: [GizmoDriveDelegate] "C:\Program Files\Gizmo\gizmo.exe" /RemountStartupImages (HKCU) (2016/11/24)
O4 - MSConfig\startupreg: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (HKLM) (2013/05/13)
O4 - MSConfig\startupreg: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (HKLM) (2012/03/01)
O4 - MSConfig\startupreg: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" (HKLM) (2012/03/01)


Now click on fix checked.
After the fix is complete, then reboot your machine.

Easy Service Optimizer

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.


tnkjYlk.png


You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.


PO7tPc7.png



Let's have a fresh look at your system after the above scans please.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked, as well as Shortcut.txt
  • Press Scan button and wait.
  • The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt
Please Copy & Paste them into your next reply. But attach Shortcut.txt
Zoek stalled for 3 hours while scanning Firefox extensions so a log is N/A.
For ESO, you said Wlansvc should be "automatic across the board" but the screen shot showed Default & Safe fields as Manual. Should they be set to Automatic ?
Below are the FRST logs .....

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2017
Ran by psimoes (administrator) on PS-TOSHIBA (06-03-2017 09:09:35)
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & Guest)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec Inc.) C:\Windows\System32\TAMSvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AuthenTec, Inc) C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
(Arachnoid Biometrics Identification Group) C:\Program Files\TrueSuite Access Manager\PwdBank.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\TrueSuite Access Manager\CssSvr.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAReg.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FingerPrintNotifer] => C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [671744 2008-01-24] (AuthenTec, Inc)
HKLM\...\Run: [PwdBank] => C:\Program Files\TrueSuite Access Manager\PwdBank.exe [3150848 2008-02-01] (Arachnoid Biometrics Identification Group)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellIconOverlayIdentifiers: [IconOvrly1] -> {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll [2007-04-20] (Arachnoid Biometrics Identification Group Corp.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [NameServer] 8.8.8.8,8.8.4.4,192.168.2.1
Tcpip\..\Interfaces\{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default [2017-03-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @citrixonline.com/appdetectorplugin -> C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/O1DPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=3 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=9 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-07-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en
CHR Profile: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default [2017-03-06]
CHR Extension: (TV) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2017-02-15]
CHR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-02-15]
CHR Extension: (YouTube) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-15]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2017-02-15]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2017-02-15]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfnahhhglp [2017-02-15]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj [2017-02-15]
CHR Extension: (Save to Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-02-15]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegbjmfnfh [2017-02-15]
CHR Extension: (Mailvelope) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2017-02-25]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2017-02-15]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2017-02-15]
CHR Extension: (Vend) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdebajikafa [2017-02-15]
CHR Extension: (Mailtrack for Gmail & Inbox: Email tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2017-02-15]
CHR Extension: (Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-15]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2017-02-15]
CHR Extension: (Streak CRM for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2017-02-15]

Opera:
=======
OPR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-01-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2007-10-15] (AuthenTec Inc.) [File not signed]
R2 Backupper Service; C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2011-07-02] (Arainia Solutions)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-12] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S3 nosGetPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [X]
S4 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]
S4 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [X]
S4 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43440 2008-02-03] (Alfa Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-26] (AuthenTec, Inc.)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2011-07-02] (Arainia Solutions LLC)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-03-14] (Acronis)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2011-02-11] (NCH Software)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [971232 2009-03-14] (Acronis)
S3 utkwodcy; C:\Windows\system32\Drivers\utkwodcy.sys [7168 2017-03-06] () [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-02-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-02-16] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
S0 MBAMChameleon; system32\drivers\MBAMChameleon.sys [X]
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Power; no ImagePath
U0 PSBoot; [X]
U2 SppSvc; no ImagePath
U2 srService; no ImagePath
S3 teamviewervpn; system32\DRIVERS\teamviewervpn.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 Wwansvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 09:09 - 2017-03-06 09:10 - 00020166 _____ C:\Users\psimoes\Desktop\FRST.txt
2017-03-06 09:08 - 2017-03-06 09:08 - 00000000 ____D C:\Users\psimoes\Desktop\FRST-OlderVersion
2017-03-06 08:58 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-03-06 07:52 - 2017-03-06 07:52 - 00007168 _____ C:\Windows\system32\Drivers\utkwodcy.sys
2017-03-05 20:46 - 2017-03-05 20:46 - 00000000 ____D C:\zoek
2017-03-05 20:25 - 2017-03-05 20:48 - 00003140 _____ C:\runcheck.txt
2017-03-05 20:25 - 2017-03-05 20:48 - 00000000 ____D C:\zoek_backup
2017-03-05 20:23 - 2017-03-05 20:23 - 01309184 _____ C:\Users\psimoes\Desktop\zoek.exe
2017-03-05 20:06 - 2017-03-05 20:06 - 00462976 _____ (Alex Dragokas) C:\Users\psimoes\Desktop\clearlnk_2.9.0.11.exe
2017-03-05 19:35 - 2017-03-05 19:36 - 00000000 ____D C:\Users\psimoes\Desktop\spacesniffer_1_3_0_2
2017-03-05 17:02 - 2017-03-05 17:02 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-05 17:01 - 2017-03-05 18:06 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-05 16:59 - 2017-03-06 07:56 - 00000000 ____D C:\Users\psimoes\Desktop\AutoLogger
2017-03-05 16:59 - 2017-03-05 04:33 - 13240747 _____ (Company © regist & Drongo) C:\Users\psimoes\Desktop\AutoLogger.exe
2017-03-05 16:56 - 2017-03-05 16:56 - 21716040 _____ C:\Users\psimoes\Desktop\RogueKiller.exe
2017-03-05 13:57 - 2017-03-05 13:57 - 00002634 _____ C:\Users\psimoes\Desktop\Winmgmt.reg
2017-03-05 13:28 - 2017-03-05 13:28 - 00000739 _____ C:\Users\psimoes\Desktop\ZHPDiag.lnk
2017-03-05 13:20 - 2017-03-05 13:20 - 02707968 _____ C:\Users\psimoes\Desktop\ZHPDiag3.exe
2017-03-05 12:51 - 2017-03-05 12:51 - 00000747 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-03-05 12:51 - 2017-03-05 12:51 - 00000000 ____D C:\Program Files\Speccy
2017-03-05 08:53 - 2017-03-05 08:53 - 06293184 _____ (Piriform Ltd) C:\Users\psimoes\Desktop\spsetup130.exe
2017-03-05 08:52 - 2017-03-05 12:48 - 00197679 _____ C:\Users\psimoes\Desktop\ListChkdskResult.exe
2017-03-03 20:53 - 2017-03-03 20:53 - 00000512 _____ C:\Users\psimoes\Desktop\MBR.dat
2017-03-03 19:48 - 2017-03-06 09:09 - 00000000 ____D C:\FRST
2017-03-03 19:28 - 2017-03-03 19:28 - 05200384 _____ (AVAST Software) C:\Users\psimoes\Desktop\aswmbr.exe
2017-03-03 19:27 - 2017-03-06 09:08 - 01765888 _____ (Farbar) C:\Users\psimoes\Desktop\FRST.exe
2017-03-01 20:37 - 2017-03-01 20:37 - 00079324 _____ C:\Users\psimoes\Desktop\Quantum-Life-Terms-Tools-Themes.pdf
2017-03-01 20:37 - 2017-03-01 20:37 - 00061378 _____ C:\Users\psimoes\Desktop\Emotional-Frequency-Chart.pdf
2017-03-01 20:35 - 2017-03-01 20:36 - 00000000 ____D C:\Users\psimoes\Desktop\Gen.Info
2017-02-26 15:13 - 2017-02-26 15:13 - 00000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000886 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2017-02-19 18:54 - 2017-02-19 18:55 - 00000000 ____D C:\ProgramData\F-Secure
2017-02-19 18:54 - 2017-02-19 18:54 - 00000000 ____D C:\Users\psimoes\AppData\Local\F-Secure
2017-02-19 18:47 - 2017-02-19 18:47 - 00524248 _____ (F-Secure Corporation) C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe
2017-02-19 16:52 - 2017-02-19 16:52 - 00000758 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2017-02-19 16:52 - 2017-02-19 16:52 - 00000734 _____ C:\Users\Public\Desktop\RealtimeSync.lnk
2017-02-19 15:00 - 2014-03-11 09:51 - 00036896 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
2017-02-19 14:32 - 2017-02-19 16:54 - 00000000 ____D C:\Users\psimoes\Desktop\Free.File.Sync
2017-02-16 15:09 - 2017-02-16 15:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PS-TOSHIBA-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2017-02-16 15:09 - 2017-02-16 15:09 - 00000000 ____D C:\RegBackup
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Videos
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Pictures
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Music
2017-02-16 14:04 - 2017-02-16 14:04 - 00047056 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-16 13:51 - 2017-02-16 13:51 - 00001923 _____ C:\Users\psimoes\Desktop\Tweaking.com - Windows Repair.lnk
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Program Files\Tweaking.com
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-02-16 11:15 - 2017-02-16 11:15 - 01663040 _____ (Malwarebytes) C:\Users\psimoes\Desktop\JRT.exe
2017-02-16 11:15 - 2017-02-16 11:14 - 14449600 _____ (Copyright 2017.) C:\Users\psimoes\Desktop\Zemana.AntiMalware.Portable.exe
2017-02-16 11:15 - 2017-02-16 11:13 - 02705920 _____ C:\Users\psimoes\Desktop\ZHPCleaner.exe
2017-02-16 11:13 - 2017-02-16 11:13 - 00000680 _____ C:\Users\psimoes\AppData\Local\d3d9caps.dat
2017-02-16 03:44 - 2017-02-16 03:53 - 00010239 _____ C:\Pre_Scan.txt
2017-02-16 03:41 - 2017-02-16 03:49 - 00000000 ____D C:\Pre_Scan
2017-02-16 02:32 - 2017-02-16 02:32 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-02-16 02:32 - 2017-02-16 02:32 - 00003268 _____ C:\Windows\system32\bootdelete.lst
2017-02-15 20:02 - 2017-02-15 20:00 - 11005320 _____ (SurfRight B.V.) C:\Users\psimoes\Desktop\hitmanpro.exe
2017-02-15 11:50 - 2017-02-27 16:35 - 00000000 ____D C:\AdwCleaner
2017-02-15 11:44 - 2017-02-15 11:44 - 04015056 _____ C:\Users\psimoes\Desktop\adwcleaner_6.043.exe
2017-02-09 15:40 - 2017-02-09 15:40 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2017-02-09 15:34 - 2017-02-09 15:34 - 00752296 _____ C:\Users\psimoes\Desktop\Adware Removal Tool by TSA.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 09:10 - 2016-11-19 00:19 - 00038600 _____ C:\Windows\ZAM.krnl.trace
2017-03-06 09:10 - 2016-11-19 00:19 - 00021118 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-06 08:58 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-06 08:58 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-06 08:57 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-06 08:57 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-06 08:54 - 2006-11-02 08:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-06 08:37 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\Online Armor
2017-03-06 08:33 - 2011-01-23 23:37 - 00000000 ____D C:\Windows\pss
2017-03-05 20:09 - 2017-01-04 05:21 - 00000000 ____D C:\Users\psimoes\Desktop\eso
2017-03-05 16:51 - 2016-11-22 05:53 - 00121608 _____ C:\Users\psimoes\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-05 16:44 - 2016-11-22 05:50 - 00462664 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-05 16:38 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2017-03-05 16:38 - 2006-11-02 05:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-05 15:24 - 2015-06-07 21:38 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-03-05 15:21 - 2016-11-14 14:37 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\ZHP
2017-03-05 13:38 - 2009-02-16 11:21 - 00000000 ____D C:\Users\psimoes\Desktop\Icons
2017-03-01 20:36 - 2016-02-24 12:59 - 00000000 ____D C:\Users\psimoes\Desktop\FX
2017-03-01 20:36 - 2009-02-16 11:17 - 00000000 ____D C:\Users\psimoes
2017-02-28 13:14 - 2016-11-18 10:20 - 00000000 ____D C:\Users\psimoes\AppData\LocalLow\Mozilla
2017-02-26 16:55 - 2013-04-04 19:01 - 00000000 ____D C:\Users\psimoes\AppData\Local\Citrix
2017-02-26 15:13 - 2011-02-11 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2017-02-20 18:28 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-02-20 15:24 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_795
2017-02-20 12:18 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_704
2017-02-19 14:40 - 2009-03-15 08:47 - 00000000 ____D C:\Users\psimoes\Downloads\1GOOD_Progs_in_use
2017-02-16 16:50 - 2009-02-16 14:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-16 16:21 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_763
2017-02-16 16:21 - 2013-03-05 22:15 - 00000000 ____D C:\Users\psimoes\Documents\templates word docs
2017-02-09 21:06 - 2016-11-17 18:41 - 00000993 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-09 21:06 - 2016-11-17 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-09 21:04 - 2011-01-28 11:29 - 00000000 ____D C:\Program Files\Opera
2017-02-09 20:44 - 2010-11-09 23:16 - 00000775 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000817 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 20:39 - 2016-11-15 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-09 20:38 - 2012-05-03 08:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-09 20:38 - 2011-06-21 23:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-09 20:38 - 2008-02-12 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-09 20:37 - 2009-02-16 23:34 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-09 20:35 - 2009-02-16 14:28 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Skype
2017-02-09 20:30 - 2012-08-17 19:59 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 20:29 - 2014-08-07 20:45 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2017-02-16 11:13 - 2017-02-16 11:13 - 0000680 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat

Some files in TEMP:
====================
2017-03-05 20:25 - 2017-03-05 20:25 - 0476672 _____ () C:\Users\psimoes\AppData\Local\Temp\7za.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0020480 _____ (E Dev) C:\Users\psimoes\AppData\Local\Temp\DaS_21.exe
2017-03-05 17:01 - 2016-03-21 17:57 - 1208568 _____ (Microsoft Corporation) C:\Users\psimoes\AppData\Local\Temp\dllnt_dump.dll
2017-03-05 20:25 - 2017-03-05 20:25 - 0388608 _____ (Trend Micro Inc.) C:\Users\psimoes\AppData\Local\Temp\hijackthis.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0030720 _____ (NirSoft) C:\Users\psimoes\AppData\Local\Temp\NirCmd.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0256512 _____ () C:\Users\psimoes\AppData\Local\Temp\PEVZ.EXE
2017-03-05 20:25 - 2017-03-05 20:25 - 0069632 _____ () C:\Users\psimoes\AppData\Local\Temp\remove.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0098816 _____ () C:\Users\psimoes\AppData\Local\Temp\sed.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0057344 _____ (Optimum X) C:\Users\psimoes\AppData\Local\Temp\shortcut.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0161792 _____ (SteelWerX) C:\Users\psimoes\AppData\Local\Temp\swreg.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0217088 _____ (SteelWerX) C:\Users\psimoes\AppData\Local\Temp\swxcacls.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0154232 _____ (Noël Danjou) C:\Users\psimoes\AppData\Local\Temp\wget.exe
2017-03-05 20:25 - 2017-03-05 20:25 - 0024064 _____ () C:\Users\psimoes\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-06 09:07

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2017
Ran by psimoes (06-03-2017 09:10:38)
Running from C:\Users\psimoes\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X86) (2009-02-16 07:13:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3399307451-3074549587-1771456082-500 - Administrator - Disabled)
Guest (S-1-5-21-3399307451-3074549587-1771456082-501 - Limited - Enabled) => C:\Users\Guest
psimoes (S-1-5-21-3399307451-3074549587-1771456082-1000 - Administrator - Enabled) => C:\Users\psimoes

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Aiseesoft Blu-ray Ripper (HKLM\...\Aiseesoft Blu-ray Ripper_is1) (Version: - )
Aiseesoft Streaming Video Recorder (HKLM\...\Aiseesoft Streaming Video Recorder_is1) (Version: - )
AOMEI Backupper Standard Edition 2.0.2 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{53BB9294-6E76-4853-4130-1CD0A01EAE45}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0130.1509.26922 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cover Commander 3.0 by Insofta Development (HKLM\...\Cover Commander) (Version: 3.0 - Insofta Development)
CyberLink PowerCinema for TOSHIBA (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.1414 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM\...\Debut) (Version: - NCH Software)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Folder Lock (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\FolderLock6) (Version: - New Sofware.net Inc.)
FXCM Trading Station (Version: 010311 - FXCM) Hidden
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Gizmo Central (HKLM\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
magicJack (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network Recording Player (HKLM\...\{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
Online Armor 6.0 (HKLM\...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.12.0 - Goversoft LLC)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2008.0130.1509.26922 - ATI) Hidden
Skype™ 7.31 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Snagit 11 (HKLM\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
SnagIt 9 (HKLM\...\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TrueSuite Access Manager (HKLM\...\{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}) (Version: 1.1.13.13 - ABIG)
TRW conferencing (HKLM\...\{E23E9487-2B6B-42CA-AE8D-E2369563AB02}) (Version: 7.71 - Digitalweb)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.25 - Tweaking.com)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Video Mover (HKLM\...\Video Mover_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Your monster voice 1 (HKLM\...\Your monster voice 1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {163200AE-D877-4FB2-B862-AB68BEA1F57C} - \NCH Software\debutShakeIcon -> No File <==== ATTENTION
Task: {19B6ADC6-F3BD-4A45-9CB2-9DC80C9BA1F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1B2D5FC3-FD37-4F6B-B75D-92A79188796E} - System32\Tasks\PCMAgent.exe_1826580705 => C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [2007-12-13] (CyberLink Corp.)
Task: {35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {3921AC9D-4361-4ECB-8B8E-644734DC37D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {39A77778-D573-41B1-93FF-AC8C83ADBD56} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {5255BE42-F960-4D14-B4BD-AC20C3743812} - \CrystalDiskInfo -> No File <==== ATTENTION
Task: {59C50FF3-0D3B-4CC6-BCBF-2D74EC3778AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {605400B6-8685-48B6-A6B9-A8C5529FC843} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {67F4081D-FFCA-4214-ABDF-3E10C51EB9F9} - \Microsoft\Windows Defender\MP Scheduled Scan -> No File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {914710E2-0A42-44A6-AFA4-A6D7EAEDF898} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {91F851E9-2862-44C9-8C32-8FED6D35E5FF} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [2016-11-21] (Goversoft LLC)
Task: {954E1E94-94FD-420B-9725-623FAB68F590} - \{C074CB77-8752-4695-819D-DF00F7AAE9A6} -> No File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification -> No File <==== ATTENTION
Task: {A879EAD0-908D-481B-A17F-06FDB1F79C50} - \{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} -> No File <==== ATTENTION
Task: {B52E95C6-0FEB-457F-A518-4DE31303C9AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D9700C27-0477-45F2-9A91-42411E7B3919} - \Microsoft\Windows Defender\MP Scheduled Signature Update -> No File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo -> No File <==== ATTENTION
Task: {F213A1EB-DBE5-42E2-B226-67CD2359E46D} - System32\Tasks\Opera scheduled Autoupdate 1382066025 => C:\Program Files\Opera\launcher.exe [2016-08-05] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\psimoes\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\psimoes\Favorites\NCH Software Download.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2014-10-18 17:39 - 2014-08-21 10:23 - 00270040 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\UiLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00229080 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\diskmgr.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00265944 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Comn.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00077528 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Ldm.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00061144 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Device.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00257752 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrFat.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00376536 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrNtfs.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00106200 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FuncLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00233176 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Clone.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00335576 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ImgFile.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00028376 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Encrypt.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00073432 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Compress.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00093912 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrVol.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00188120 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\GptBcd.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00147160 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FlBackup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00478936 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\EnumFolder.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00102104 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Backup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00098008 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrLog.dll
2014-10-18 17:39 - 2013-01-17 16:38 - 02403504 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\QtCore4.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00152576 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2013-06-27 00:11 - 2010-02-09 14:55 - 00049152 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2008-02-12 21:22 - 2007-10-23 19:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2011-07-02 10:00 - 2011-07-02 10:00 - 00059304 _____ () C:\Program Files\Gizmo\gshell.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00132608 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2008-01-30 18:30 - 2008-01-30 18:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\corpol.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\psimoes\Downloads\39F2.tmp:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4928 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-30 23:16 - 2017-03-05 16:37 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\1Tomorrow.Is.Too.Late_3840x2160.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: cdloader => "C:\Users\psimoes\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{B80361C2-AF98-4825-BBCF-C0E2A574CACA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C72261EE-882D-4B3C-992F-5E86E57DF7DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D0F25D2D-B129-467A-B8F7-E969B015C141}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [TCP Query User{2909901C-2D49-49B0-B3D3-D041F1706883}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{DB8298EC-5CBE-4AFA-B8D1-0A65DFA6D728}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2017 08:27:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32)
at System.Management.ManagementScope.InitializeGuts(System.Object)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObject.Initialize(Boolean)
at System.Management.ManagementObject.Get()
at DriverAndServicesOut.GetProcess.StartMode(System.String)
at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
at DriverAndServicesOut.Program.Main(System.String[])

Error: (03/05/2017 04:44:37 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (03/05/2017 04:39:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (03/05/2017 04:39:40 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (03/05/2017 04:39:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Error: (03/05/2017 04:39:20 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (03/05/2017 04:38:37 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (03/05/2017 04:35:35 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\FW.MOF while recovering .MOF file marked with autorecover.

Error: (03/05/2017 04:35:35 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\AS.MOF while recovering .MOF file marked with autorecover.

Error: (03/05/2017 04:33:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.


System errors:
=============
Error: (03/06/2017 09:10:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/06/2017 08:59:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/06/2017 08:54:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (03/06/2017 08:38:21 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/06/2017 08:34:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (03/06/2017 07:55:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/06/2017 07:45:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/05/2017 06:53:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/05/2017 06:44:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (03/05/2017 06:39:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-03-06 09:10:28.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PsBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-06 09:10:27.675
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PsBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-06 09:10:26.986
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PsBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-06 09:10:26.279
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PsBoot.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:15:01.919
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:15:01.341
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:15:00.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:15:00.153
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:14:59.550
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-05 18:14:58.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 36%
Total physical RAM: 3069.21 MB
Available physical RAM: 1957.03 MB
Total Virtual: 6342.7 MB
Available Virtual: 5358.41 MB

==================== Drives ================================

Drive c: (SQ004710V01) (Fixed) (Total:184.85 GB) (Free:64.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:186.31 GB) (Free:25.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 9C9CF735)
Partition 1: (Not Active) - (Size=800 MB) - (Type=27)
Partition 2: (Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=698 MB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 33D68AE6)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Attachments

  • 2017.03.06_Shortcut.txt
    528.1 KB · Views: 6
Check "winmgmt" service or repair WMI. ------------------ To fix Click Here.

Should they be set to Automatic ?

Yes.

FRST Fix.

Click Here To Download Fixlist.




Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Full Virus Scan AVZ

Disable your Antivirus prior to this scan.

Download AVZ if you have deleted it.
Right click on AVZ Run as Admin.
Update the program by pressing the
7M4aWtt.png
button.
Make sure all settings are the same in the pic below.
RRq8bFM.png


Next:
Under File Types Make sure the settings are the same as below.

upload_2017-3-6_22-13-45.png


Next:
Under Search Parameters Make sure the settings are the same as below.

3J7dRcY.png


Now click the Start Button.

9FH7a0c.png


When the scan is complete then click on Save Log.

7PyGiQq.png


Save the log to the desktop -- Copy it and paste it here in your next reply.

Clean The Event Viewer Logs.



Download the attached Batch File below.
Save it to your desktop.
Right Click and Run as Administrator.
 

Attachments

  • Clean Event .bat.zip
    530 bytes · Views: 8
  • fixlist.txt
    5.3 KB · Views: 17
Last edited:
  • Like
Reactions: paulwb
Check "winmgmt" service or repair WMI. ------------------ To fix Click Here.



Yes.

FRST Fix.

Click Here To Download Fixlist.




Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Full Virus Scan AVZ

Disable your Antivirus prior to this scan.

Download AVZ if you have deleted it.
Right click on AVZ Run as Admin.
Update the program by pressing the
7M4aWtt.png
button.
Make sure all settings are the same in the pic below.
RRq8bFM.png


Next:
Under File Types Make sure the settings are the same as below.

View attachment 1787

Next:
Under Search Parameters Make sure the settings are the same as below.

3J7dRcY.png


Now click the Start Button.

9FH7a0c.png


When the scan is complete then click on Save Log.

7PyGiQq.png


Save the log to the desktop -- Copy it and paste it here in your next reply.

Clean The Event Viewer Logs.



Download the attached Batch File below.
Save it to your desktop.
Right Click and Run as Administrator.
OK, here are the results ....
1 > WMI repository was consistent
1a > ESO service settings, Default & Safe set to Automatic
2 > FRST Fix log text below

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-03-2017
Ran by psimoes (07-03-2017 08:51:09) Run:1
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
S2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [X]
S4 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]
S4 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [X]
S4 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
S0 MBAMChameleon; system32\drivers\MBAMChameleon.sys [X]
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Power; no ImagePath
U0 PSBoot; [X]
U2 SppSvc; no ImagePath
U2 srService; no ImagePath
S3 teamviewervpn; system32\DRIVERS\teamviewervpn.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 Wwansvc; no ImagePath
2017-02-19 18:54 - 2017-02-19 18:55 - 00000000 ____D C:\ProgramData\F-Secure
2017-02-19 18:54 - 2017-02-19 18:54 - 00000000 ____D C:\Users\psimoes\AppData\Local\F-Secure
2017-02-19 18:47 - 2017-02-19 18:47 - 00524248 _____ (F-Secure Corporation) C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll => No File
C:\Windows\System32\drivers\avipbb.sys
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\system32\tasks\Adobe Acrobat Update Task
C:\Windows\system32\tasks\Adobe Flash Player Updater
C:\Windows\system32\tasks\CrystalDiskInfo
C:\Windows\system32\tasks\PCMAgent.exe
C:\Windows\system32\tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}
C:\Windows\system32\tasks\NCH Software\debutShakeIcon
C:\Windows\system32\tasks\Microsoft\Windows Defender
C:\Windows\system32\tasks\Microsoft\Windows\Wireless\GatherWirelessInfo
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program
C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {163200AE-D877-4FB2-B862-AB68BEA1F57C} - \NCH Software\debutShakeIcon -> No File <==== ATTENTION
Task: {35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {39A77778-D573-41B1-93FF-AC8C83ADBD56} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {5255BE42-F960-4D14-B4BD-AC20C3743812} - \CrystalDiskInfo -> No File <==== ATTENTION
Task: {67F4081D-FFCA-4214-ABDF-3E10C51EB9F9} - \Microsoft\Windows Defender\MP Scheduled Scan -> No File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {914710E2-0A42-44A6-AFA4-A6D7EAEDF898} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {954E1E94-94FD-420B-9725-623FAB68F590} - \{C074CB77-8752-4695-819D-DF00F7AAE9A6} -> No File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification -> No File <==== ATTENTION
Task: {A879EAD0-908D-481B-A17F-06FDB1F79C50} - \{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} -> No File <==== ATTENTION
Task: {D9700C27-0477-45F2-9A91-42411E7B3919} - \Microsoft\Windows Defender\MP Scheduled Signature Update -> No File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo -> No File <==== ATTENTION
MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: cdloader => "C:\Users\psimoes\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
StartBatch:
sc config nosGetPlusHelper start= demand
sc config pinger start= demand
sc config Swupdtmr start= demand
sc config WinDefend start= demand
sc config SkypeUpdate start= demand
sc config AdobeFlashPlayerUpdateSvc start= demand
netsh advfirewall reset
netsh advfirewall set allprofiles state On
EndBatch:
RemoveProxy:
reboot:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => key removed successfully.
HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key removed successfully.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
HKLM\System\CurrentControlSet\Services\TosCoSrv => key removed successfully.
TosCoSrv => service removed successfully.
HKLM\System\CurrentControlSet\Services\TOSHIBA Bluetooth Service => key removed successfully.
TOSHIBA Bluetooth Service => service removed successfully.
HKLM\System\CurrentControlSet\Services\TOSHIBA SMART Log Service => key removed successfully.
TOSHIBA SMART Log Service => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAMSvc => key removed successfully.
ZAMSvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\ERSvc => key removed successfully.
ERSvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\IAStorDataMgrsvc => key removed successfully.
IAStorDataMgrsvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\MBAMChameleon => key removed successfully.
MBAMChameleon => service removed successfully.
HKLM\System\CurrentControlSet\Services\NIHardwareService => key removed successfully.
NIHardwareService => service removed successfully.
HKLM\System\CurrentControlSet\Services\NVSvc => key removed successfully.
NVSvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\Power => key removed successfully.
Power => service removed successfully.
HKLM\System\CurrentControlSet\Services\PSBoot => key removed successfully.
PSBoot => service removed successfully.
HKLM\System\CurrentControlSet\Services\SppSvc => key removed successfully.
SppSvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\srService => key removed successfully.
srService => service removed successfully.
HKLM\System\CurrentControlSet\Services\teamviewervpn => key removed successfully.
teamviewervpn => service removed successfully.
HKLM\System\CurrentControlSet\Services\USBAAPL => key removed successfully.
USBAAPL => service removed successfully.
HKLM\System\CurrentControlSet\Services\Wwansvc => key removed successfully.
Wwansvc => service removed successfully.
C:\ProgramData\F-Secure => moved successfully
C:\Users\psimoes\AppData\Local\F-Secure => moved successfully
C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe => moved successfully
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => key removed successfully.
"C:\Windows\System32\drivers\avipbb.sys" => not found.
"C:\Windows\tasks\Adobe Flash Player Updater.job" => not found.
"C:\Windows\system32\tasks\Adobe Acrobat Update Task" => not found.
"C:\Windows\system32\tasks\Adobe Flash Player Updater" => not found.
"C:\Windows\system32\tasks\CrystalDiskInfo" => not found.
"C:\Windows\system32\tasks\PCMAgent.exe" => not found.
"C:\Windows\system32\tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}" => not found.
"C:\Windows\system32\tasks\NCH Software\debutShakeIcon" => not found.
C:\Windows\system32\tasks\Microsoft\Windows Defender => moved successfully
"C:\Windows\system32\tasks\Microsoft\Windows\Wireless\GatherWirelessInfo" => not found.
"C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance" => not found.
"C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program" => not found.
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AF200-FADC-49E5-880E-DEE192C8B79A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AF200-FADC-49E5-880E-DEE192C8B79A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{163200AE-D877-4FB2-B862-AB68BEA1F57C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{163200AE-D877-4FB2-B862-AB68BEA1F57C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software\debutShakeIcon => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39A77778-D573-41B1-93FF-AC8C83ADBD56} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39A77778-D573-41B1-93FF-AC8C83ADBD56} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5255BE42-F960-4D14-B4BD-AC20C3743812} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5255BE42-F960-4D14-B4BD-AC20C3743812} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CrystalDiskInfo => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67F4081D-FFCA-4214-ABDF-3E10C51EB9F9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F4081D-FFCA-4214-ABDF-3E10C51EB9F9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89194558-47E7-4A9E-B507-6C91CE4E6504} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89194558-47E7-4A9E-B507-6C91CE4E6504} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{914710E2-0A42-44A6-AFA4-A6D7EAEDF898} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{914710E2-0A42-44A6-AFA4-A6D7EAEDF898} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{954E1E94-94FD-420B-9725-623FAB68F590} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{954E1E94-94FD-420B-9725-623FAB68F590} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C074CB77-8752-4695-819D-DF00F7AAE9A6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61555D3-7840-45C1-A5A9-0D49851DE37A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61555D3-7840-45C1-A5A9-0D49851DE37A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A879EAD0-908D-481B-A17F-06FDB1F79C50} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A879EAD0-908D-481B-A17F-06FDB1F79C50} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9700C27-0477-45F2-9A91-42411E7B3919} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9700C27-0477-45F2-9A91-42411E7B3919} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Signature Update => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => key removed successfully.
C:\Windows\pss\MagicDisc.lnk.Startup => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cdloader => key removed successfully.

========= Batch: =========
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

Ok.

Ok.

========= End of Batch: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8059022 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 1336816 B
Edge => 0 B
Chrome => 40930828 B
Firefox => 11393798 B
Opera => 155999757 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 66228 B
NetworkService => 66228 B
psimoes => 732212338 B
Guest => 0 B

RecycleBin => 544 B
EmptyTemp: => 918.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:06:58 ====

3 > AVZ log
AVZ Antiviral Toolkit log; AVZ version is 4.46
Scanning started at 07.03.2017 10:30:53
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 07.03.2017 16:00
Heuristic microprograms loaded: 413
PVS microprograms loaded: 10
Digital signatures of system files loaded: 859220
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: enabled
Windows version is: 6.0.6002, Service Pack 2 "Windows Vista (TM) Home Premium", install date 16.02.2009 02:13:03 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=137B00)
Kernel ntkrnlpa.exe found in memory at address 8323E000
SDT = 83375B00
KiST = 832EA754 (391)
Function NtAllocateVirtualMemory (12) intercepted (83486CE7->95477464), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtAlpcConnectPort (15) intercepted (83428B39->95475AC2), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtAlpcCreatePort (16) intercepted (833F8AB3->95475594), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtAssignProcessToJobObject (2A) intercepted (833FBC45->9547695E), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtConnectPort (36) intercepted (8340BCA6->95475682), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateFile (3C) intercepted (834809BD->9547C3A6), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreatePort (47) intercepted (833C3A5B->954754A0), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateSection (4B) intercepted (8347043F->954734BA), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThread (4E) intercepted (834D0F00->95474662), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDebugActiveProcess (74) intercepted (834A352C->95474D54), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDuplicateObject (81) intercepted (834368E9->95475362), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadDriver (A5) intercepted (833A9E12->95476386), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenFile (BA) intercepted (834448EB->9547C724), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenProcess (C2) intercepted (8345F567->94732104), hook C:\Windows\System32\drivers\zamguard32.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenSection (C5) intercepted (8344FBAA->9547377C), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenThread (C9) intercepted (8345AA63->954748DE), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtProtectVirtualMemory (D2) intercepted (8345881A->95476710), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueueApcThread (FF) intercepted (833EF97D->95476A7A), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRequestPort (113) intercepted (8344A7A4->95475CE6), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRequestWaitReplyPort (114) intercepted (8348260E->9547604E), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRestoreKey (118) intercepted (834915C2->9547C19E), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtResumeThread (11A) intercepted (8345A082->95475102), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSecureConnectPort (11E) intercepted (8340B86E->954758A4), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetContextThread (121) intercepted (834D239F->95474BFC), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetSystemInformation (13D) intercepted (83425157->95477118), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtShutdownSystem (146) intercepted (834F2A4D->954762C0), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSuspendProcess (14A) intercepted (834D282F->95475234), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSuspendThread (14B) intercepted (833D8945->95474FAC), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSystemDebugControl (14C) intercepted (83437259->95474E72), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateProcess (14E) intercepted (8342F4DB->954744A0), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtTerminateThread (14F) intercepted (8345AA98->95474A94), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtUnloadDriver (156) intercepted (834AEB34->9547654E), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtWriteVirtualMemory (166) intercepted (8344BE46->9547683A), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateThreadEx (17E) intercepted (8345A54D->95474796), hook C:\Windows\system32\drivers\OADriver.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Functions checked: 391, intercepted: 34, restored: 34
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
CmpCallCallBacks = 00000000
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Driver loaded successfully
Checking - complete
2. Scanning RAM
Number of processes found: 52
Extended process analysis: 860 C:\Windows\system32\TAMSvr.exe
[ES]:program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
Extended process analysis: 2980 C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
[ES]:program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 3392 C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
[ES]:program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
Extended process analysis: 2460 C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
[ES]:program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 3936 C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
[ES]:program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 5664 C:\Program Files\Online Armor\OAreg.exe
[ES]:Application has no visible windows
Number of modules loaded: 459
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Boot\BCD
Direct reading: C:\Boot\BCD.LOG
Direct reading: C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
Direct reading: C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.8.gthr
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wsb
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010029.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002E.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010033.wid
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy16.gthr
Direct reading: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
Direct reading: C:\Users\psimoes\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
Direct reading: C:\Users\psimoes\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Direct reading: C:\Users\psimoes\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017030720170308\index.dat
Direct reading: C:\Users\psimoes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Direct reading: C:\Users\psimoes\AppData\Local\Microsoft\Windows\UsrClass.dat
Direct reading: C:\Users\psimoes\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
Direct reading: C:\Users\psimoes\AppData\Local\Microsoft\Windows\UsrClass.dat{dd363a5b-5405-11e5-b118-001e333efae9}.TM.blf
Direct reading: C:\Users\psimoes\AppData\Local\Microsoft\Windows\UsrClass.dat{dd363a5b-5405-11e5-b118-001e333efae9}.TMContainer00000000000000000001.regtrans-ms
Direct reading: C:\Users\psimoes\AppData\Local\Microsoft\Windows\UsrClass.dat{dd363a5b-5405-11e5-b118-001e333efae9}.TMContainer00000000000000000002.regtrans-ms
Direct reading: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner\PCTool.com - PE file with modified extension that still lets run it (it is often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner\PCTool.com)
Direct reading: C:\Users\psimoes\ntuser.dat
Direct reading: C:\Users\psimoes\ntuser.dat.LOG1
Direct reading: C:\Users\psimoes\ntuser.dat{7e68ffc0-53ff-11e5-88e4-001e333efae9}.TM.blf
Direct reading: C:\Users\psimoes\ntuser.dat{7e68ffc0-53ff-11e5-88e4-001e333efae9}.TMContainer00000000000000000001.regtrans-ms
Direct reading: C:\Users\psimoes\ntuser.dat{7e68ffc0-53ff-11e5-88e4-001e333efae9}.TMContainer00000000000000000002.regtrans-ms
Direct reading: C:\Windows\ServiceProfiles\LocalService\ntuser.dat
Direct reading: C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
Direct reading: C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf
Direct reading: C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
Direct reading: C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
Direct reading: C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
Direct reading: C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
Direct reading: C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf
Direct reading: C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
Direct reading: C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
Direct reading: C:\Windows\System32\catroot2\edb.log
Direct reading: C:\Windows\System32\config\COMPONENTS.LOG1
Direct reading: C:\Windows\System32\config\default
Direct reading: C:\Windows\System32\config\DEFAULT.LOG1
Direct reading: C:\Windows\System32\config\RegBack\DEFAULT
Direct reading: C:\Windows\System32\config\RegBack\SAM
Direct reading: C:\Windows\System32\config\RegBack\SECURITY
Direct reading: C:\Windows\System32\config\sam
Direct reading: C:\Windows\System32\config\SAM.LOG1
Direct reading: C:\Windows\System32\config\security
Direct reading: C:\Windows\System32\config\SECURITY.LOG1
Direct reading: C:\Windows\System32\config\SOFTWARE.LOG1
Direct reading: C:\Windows\System32\config\SYSTEM.LOG1
Direct reading: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Direct reading: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Direct reading: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Direct reading: C:\Windows\System32\config\TxR\{e697ec9a-2143-11e6-9352-001e333efae9}.TM.blf
Direct reading: C:\Windows\System32\config\TxR\{e697ec9a-2143-11e6-9352-001e333efae9}.TMContainer00000000000000000001.regtrans-ms
Direct reading: C:\Windows\System32\config\TxR\{e697ec9a-2143-11e6-9352-001e333efae9}.TMContainer00000000000000000002.regtrans-ms
Direct reading: C:\Windows\System32\LogFiles\Scm\SCM.EVM
Direct reading: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Direct reading: C:\Windows\System32\LogFiles\WMI\WdiContextLog.etl.001
Direct reading: C:\Windows\System32\Msdtc\KtmRmTm.blf
Direct reading: C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001
Direct reading: C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002
Direct reading: C:\Windows\System32\spool\SpoolerETW.etl
Direct reading: C:\Windows\System32\wfp\wfpdiag.etl
Direct reading: C:\Windows\System32\winevt\Logs\ACEEventLog.evtx
Direct reading: C:\Windows\System32\winevt\Logs\COMODO Internet Security.evtx
Direct reading: C:\Windows\System32\winevt\Logs\DFS Replication.evtx
Direct reading: C:\Windows\System32\winevt\Logs\HardwareEvents.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Internet Explorer.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Key Management Service.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Media Center.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Nano.evtx
Direct reading: C:\Windows\System32\winevt\Logs\ODiag.evtx
Direct reading: C:\Windows\System32\winevt\Logs\OSession.evtx
Direct reading: C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx
Direct reading: C:\Windows\Tasks\SCHEDLGU.TXT
Direct reading: C:\Windows\WindowsUpdate.log
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP NameSpace error: Number of namespaces 6 doesn't correspond to real 7
Attention ! SPI/LSP errors detected. Number of errors - 1
Errors in SPI/LSP settings corrected automatically
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
In the database 317 port descriptions
Opened at this PC: 10 TCP ports and 10 UDP ports
Checking - complete; no suspicious ports detected
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 385453, extracted from archives: 200697, malicious software found 0, suspicions - 0
Scanning finished at 07.03.2017 11:51:27
!!! Attention !!! Restored 34 KiST functions during Anti-Rootkit operation
This may affect execution of certain software, so it is strongly recommended to reboot
Time of scanning: 01:20:38
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
 
How is the machine running now?

Eliminate Bad Settings with this nice tool.
  • Download SupRestric.exe save to your desktop.
  • Close all running programs.
  • Temporarily disable the antivirus
  • Double click the file to launch it.
  • Windows: 7/8/10 Vista and run as administrator
  • Click Yes at any prompt.
  • The analysis takes only a few moments.
  • The report is on the desktop ( CTR.txt )
  • Copy paste report in next reply.
  • A reboot is needed to complete the repairs.
 
How is the machine running now?

Eliminate Bad Settings with this nice tool.
  • Download SupRestric.exe save to your desktop.
  • Close all running programs.
  • Temporarily disable the antivirus
  • Double click the file to launch it.
  • Windows: 7/8/10 Vista and run as administrator
  • Click Yes at any prompt.
  • The analysis takes only a few moments.
  • The report is on the desktop ( CTR.txt )
  • Copy paste report in next reply.
  • A reboot is needed to complete the repairs.
Still getting constant hd activity / flickering. I'll give SupRestric a go .....
 
How is the machine running now?

Eliminate Bad Settings with this nice tool.
  • Download SupRestric.exe save to your desktop.
  • Close all running programs.
  • Temporarily disable the antivirus
  • Double click the file to launch it.
  • Windows: 7/8/10 Vista and run as administrator
  • Click Yes at any prompt.
  • The analysis takes only a few moments.
  • The report is on the desktop ( CTR.txt )
  • Copy paste report in next reply.
  • A reboot is needed to complete the repairs.
I clicked YES & got the following error ...
2017.03.07_SuperRestric_.click.Yes_Popup-Error.JPG


The following Pop Up asks ...
Reset & activate Windows fire wall ?
Do no accept if you have another active fire wall.

2017.03.07_SuperRestric_Popup.JPG


Clicking NO yields the following log ....
Rapport de Contrôle restrictions Pierre13 (CTR version 2.5.0.0 ) du 07\03\2017 à 17:02:41
PC de psimoes
Windows Vista (TM) Home Premium (32 bits) [6002]

Réparation erreur 2203 effectuée.

Contrôle présence restrictions

[BKDR_BLACKEN.A] clé PhishingFilter corrigée.
PC vacciné contre sponsor Java.
Service Pare feu Windows activé.

236 restrictions contrôlées.

1 restriction(s) réparée(s).
Re démarrer le PC pour prendre en compte la ou les réparations.


Le rapport est sur le bureau (C:\Users\psimoes\Desktop\CTR.txt)

 
You installed this copy of vista on 2009-02-16 We are dealing with a 7 year old install. I think it is just time to format the machine.... Last thing before a format, would be to create a new admin profile and see how things are from it...
 
Alternative To Format

Alternatively you can use this software, there is a pay if it works option. Even if it works, you can just uninstall it at the end of the process. I tested it out on a machine that was running very badly, and it worked quite well. You do not need to pay, just optional.
 
You installed this copy of vista on 2009-02-16 We are dealing with a 7 year old install. I think it is just time to format the machine.... Last thing before a format, would be to create a new admin profile and see how things are from it...
I'll try a new admin profile but a factory reset seems to be the way to go.
Probably try running FRST, SuperRestric etc in Safe Mode to see if they work.
 
I'll try a new admin profile but a factory reset seems to be the way to go.

It is a rather old install, and for you to have it function well for this long is actually a good thing. You could try the repair software I mentioned, it takes a while to run, it is mostly unattended you would have to come back from time to time and check on it, I'd suggest that you connect an ethernet cord to the machine to run it though.

We will want to check the condition of your hard drive.


Download HD Tune and save the file. Install HD Tune and restart it after installation. Then go to the tab Error Scan , select the hard drive you want to check and press Start . The check can be quite time consuming take depends on the size of the hard drive check. Take a screen shot of the result and save it. Upload it to IMGUR for us. Post the link here.


Do Not tick the quick scan!!
 
It is a rather old install, and for you to have it function well for this long is actually a good thing. You could try the repair software I mentioned, it takes a while to run, it is mostly unattended you would have to come back from time to time and check on it, I'd suggest that you connect an ethernet cord to the machine to run it though.

We will want to check the condition of your hard drive.


Download HD Tune and save the file. Install HD Tune and restart it after installation. Then go to the tab Error Scan , select the hard drive you want to check and press Start . The check can be quite time consuming take depends on the size of the hard drive check. Take a screen shot of the result and save it. Upload it to IMGUR for us. Post the link here.


Do Not tick the quick scan!!
I'll definitely try the repair with likenewpc.net.
HD Tune crashed. Ran All In One Windows Repair in Safe Mode and HD Tune is working now.
 
Alright HDD looks good. Keep me updated with how things go. :)
The laptop is working better. Apps open quicker, can now create a Restore point.
The constant hard drive activity persists and still cannot run QuickDiag & SuperRestic.
Spacesniffer shows a lot activity from Panda AV & it appears to be corrupted. Panda Product & Panda Protection Service are Disabled & I'm unable to change them to Automatic or Manual in Services.msc, get Access Denied popup. I uninstalled Panda AV using Geek & again with d'Uninstaller but Panda AV still reappears after reboot.... STRANGE
I want to remove it before running LikeNewPC.
Should I try to reinstall Panda AV over the existing one or try another uninstall app? thanks for your help
 
Here are instructions for panda removal.

Use force mode in Geek Uninstaller.

Also you can use Everything search engine, search for Panda within it and delete any thing remaining.
Used force mode in Geek Uninstaller but Panda AV stills shows up in system tray. Panda AV no longer appears in list of installed program in Windows Uninstall or Geek Uninstaller.
It shows up in d'Uninstaller, has been uninstalled there, but still reappears at next reboot.
Some files were deleted in Everything Search Engine but many files are locked or Access Denied.
Panda AV still shows up in System Tray.... this thing is possessed !! :X3: :confused:
Anything else you can recommend ?

 
Status
Not open for further replies.