Solved Vista laptop running slow, constant hard drive activity

paulwb · Mar 10, 2017

Any Services you recommend disabling from the attached Autoruns list ???

Malnutrition · Mar 10, 2017

Upload fresh FRST logs.

Also, UVS...

Download uVS English Version To your desktop
Create a new folder on desktop.
Unzip it there.
Right click Start

and run as admin.
Select start under current User.

Then Select File.

The Select: Save Os Image with Checking digitial Signature (Slow)

Allow completion this can take some time.
Then go back to the folder where you Saved -- Unzipped -- UVS
Upload your system image. Here in your next reply.
It will look something similar to this.

paulwb · Mar 10, 2017

Here are the FRST logs ... uVS info to follow in next post

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2017
Ran by psimoes (administrator) on PS-TOSHIBA (09-03-2017 21:49:31)
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & Guest)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec Inc.) C:\Windows\System32\TAMSvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Arachnoid Biometrics Identification Group) C:\Program Files\TrueSuite Access Manager\PwdBank.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\TrueSuite Access Manager\CssSvr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PwdBank] => C:\Program Files\TrueSuite Access Manager\PwdBank.exe [3150848 2008-02-01] (Arachnoid Biometrics Identification Group)
HKLM\...\Run: [FingerPrintNotifer] => C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [671744 2008-01-24] (AuthenTec, Inc)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellIconOverlayIdentifiers: [IconOvrly1] -> {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll [2007-04-20] (Arachnoid Biometrics Identification Group Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [NameServer] 8.8.8.8,8.8.4.4,192.168.2.1
Tcpip\..\Interfaces\{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default [2017-03-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @citrixonline.com/appdetectorplugin -> C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/O1DPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=3 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=9 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-07-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en
CHR Profile: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (TV) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2017-02-15]
CHR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-02-15]
CHR Extension: (YouTube) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-15]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2017-02-15]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2017-02-15]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfnahhhglp [2017-02-15]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj [2017-02-15]
CHR Extension: (Save to Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-02-15]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegbjmfnfh [2017-02-15]
CHR Extension: (Mailvelope) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2017-02-25]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2017-02-15]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2017-02-15]
CHR Extension: (Vend) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdebajikafa [2017-02-15]
CHR Extension: (Mailtrack for Gmail & Inbox: Email tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2017-02-15]
CHR Extension: (Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-15]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2017-02-15]
CHR Extension: (Streak CRM for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2017-02-15]

Opera:
=======
OPR Extension: (Adguard AdBlocker) - C:\Users\psimoes\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-01-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2007-10-15] (AuthenTec Inc.) [File not signed]
R2 Backupper Service; C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2011-07-02] (Arainia Solutions)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-12] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S3 nosGetPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
S2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S4 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
S4 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43440 2008-02-03] (Alfa Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-26] (AuthenTec, Inc.)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2011-07-02] (Arainia Solutions LLC)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-03-14] (Acronis)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2011-02-11] (NCH Software)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [971232 2009-03-14] (Acronis)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-02-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-02-16] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 21:47 - 2017-03-09 21:47 - 00000833 _____ C:\Users\psimoes\Desktop\Skype - Shortcut.lnk
2017-03-09 21:35 - 2017-03-09 21:49 - 00018293 _____ C:\Users\psimoes\Desktop\FRST.txt
2017-03-09 21:35 - 2017-03-09 21:35 - 00000000 ____D C:\Users\psimoes\Desktop\FRST-OlderVersion
2017-03-09 21:20 - 2017-03-09 21:20 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Panda Security
2017-03-09 18:30 - 2017-03-09 19:46 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Everything
2017-03-09 18:30 - 2017-03-09 18:30 - 00000799 _____ C:\Users\psimoes\Desktop\Search Everything.lnk
2017-03-09 18:30 - 2017-03-09 18:30 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2017-03-09 18:29 - 2017-03-09 18:30 - 00000000 ____D C:\Program Files\Everything
2017-03-08 18:25 - 2017-03-08 18:26 - 00001438 _____ C:\QuickDiag.txt
2017-03-08 10:47 - 2017-03-08 10:47 - 00000706 _____ C:\Users\psimoes\Desktop\HD Tune.lnk
2017-03-08 10:47 - 2017-03-08 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2017-03-08 10:47 - 2017-03-08 10:47 - 00000000 ____D C:\Program Files\HD Tune
2017-03-08 06:47 - 2017-03-09 21:39 - 00000000 ____D C:\Users\psimoes\Desktop\Tweaking.com - Win.Repair_V3.9.36_Port
2017-03-08 06:38 - 2017-03-08 18:56 - 00240490 _____ C:\Windows\ntbtlog.txt
2017-03-08 00:17 - 2017-03-08 20:12 - 00001585 _____ C:\Users\psimoes\Desktop\ZHPCleaner.txt
2017-03-07 23:49 - 2017-03-08 19:53 - 00000749 _____ C:\Users\psimoes\Desktop\ZHPCleaner.lnk
2017-03-07 23:46 - 2017-03-07 23:45 - 00642632 _____ (EFD Software ) C:\Users\psimoes\Desktop\hdtune_255.exe
2017-03-07 18:40 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-03-07 18:37 - 2017-03-07 18:37 - 02708480 _____ C:\Users\psimoes\ZHPDiag3.exe
2017-03-07 17:21 - 2017-03-07 17:21 - 00000000 ____D C:\QuickDiag
2017-03-07 16:56 - 2017-03-07 16:56 - 02433448 _____ (SosVirus) C:\Users\psimoes\Desktop\quickdiag_3_31.01.17.1.exe
2017-03-07 16:55 - 2017-03-07 16:55 - 01181184 _____ C:\Users\psimoes\Desktop\SupRestric.exe
2017-03-07 08:16 - 2017-03-07 12:18 - 00000000 ____D C:\Users\psimoes\Desktop\Clean Event .bat
2017-03-07 05:26 - 2017-03-07 05:27 - 00000287 _____ C:\Users\psimoes\Desktop\Clean Event Viewer Log. To Execute Right Click and Run As Administrator Reboot Your Machine After..bat
2017-03-05 20:46 - 2017-03-05 20:46 - 00000000 ____D C:\zoek
2017-03-05 20:25 - 2017-03-05 20:48 - 00003140 _____ C:\runcheck.txt
2017-03-05 20:25 - 2017-03-05 20:48 - 00000000 ____D C:\zoek_backup
2017-03-05 20:23 - 2017-03-05 20:23 - 01309184 _____ C:\Users\psimoes\Desktop\zoek.exe
2017-03-05 20:06 - 2017-03-05 20:06 - 00462976 _____ (Alex Dragokas) C:\Users\psimoes\Desktop\clearlnk_2.9.0.11.exe
2017-03-05 19:35 - 2017-03-05 19:36 - 00000000 ____D C:\Users\psimoes\Desktop\spacesniffer_1_3_0_2
2017-03-05 17:02 - 2017-03-05 17:02 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-05 17:01 - 2017-03-05 18:06 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-05 16:59 - 2017-03-06 07:56 - 00000000 ____D C:\Users\psimoes\Desktop\AutoLogger
2017-03-05 16:59 - 2017-03-05 04:33 - 13240747 _____ (Company © regist & Drongo) C:\Users\psimoes\Desktop\AutoLogger.exe
2017-03-05 16:56 - 2017-03-05 16:56 - 21716040 _____ C:\Users\psimoes\Desktop\RogueKiller.exe
2017-03-05 13:57 - 2017-03-05 13:57 - 00002634 _____ C:\Users\psimoes\Desktop\Winmgmt.reg
2017-03-05 13:28 - 2017-03-07 18:37 - 00000485 _____ C:\Users\psimoes\Desktop\ZHPDiag.lnk
2017-03-05 13:20 - 2017-03-05 13:20 - 02707968 _____ C:\Users\psimoes\Desktop\ZHPDiag3.exe
2017-03-05 12:51 - 2017-03-05 12:51 - 00000747 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-03-05 12:51 - 2017-03-05 12:51 - 00000000 ____D C:\Program Files\Speccy
2017-03-05 08:53 - 2017-03-05 08:53 - 06293184 _____ (Piriform Ltd) C:\Users\psimoes\Desktop\spsetup130.exe
2017-03-05 08:52 - 2017-03-05 12:48 - 00197679 _____ C:\Users\psimoes\Desktop\ListChkdskResult.exe
2017-03-03 20:53 - 2017-03-03 20:53 - 00000512 _____ C:\Users\psimoes\Desktop\MBR.dat
2017-03-03 19:48 - 2017-03-09 21:49 - 00000000 ____D C:\FRST
2017-03-03 19:28 - 2017-03-03 19:28 - 05200384 _____ (AVAST Software) C:\Users\psimoes\Desktop\aswmbr.exe
2017-03-03 19:27 - 2017-03-09 21:35 - 01765888 _____ (Farbar) C:\Users\psimoes\Desktop\FRST.exe
2017-03-01 20:37 - 2017-03-01 20:37 - 00079324 _____ C:\Users\psimoes\Desktop\Quantum-Life-Terms-Tools-Themes.pdf
2017-03-01 20:37 - 2017-03-01 20:37 - 00061378 _____ C:\Users\psimoes\Desktop\Emotional-Frequency-Chart.pdf
2017-03-01 20:35 - 2017-03-01 20:36 - 00000000 ____D C:\Users\psimoes\Desktop\Gen.Info
2017-02-26 15:13 - 2017-02-26 15:13 - 00000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000886 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2017-02-26 15:13 - 2017-02-26 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2017-02-19 16:52 - 2017-02-19 16:52 - 00000758 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2017-02-19 16:52 - 2017-02-19 16:52 - 00000734 _____ C:\Users\Public\Desktop\RealtimeSync.lnk
2017-02-19 15:00 - 2014-03-11 09:51 - 00036896 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
2017-02-19 14:32 - 2017-02-19 16:54 - 00000000 ____D C:\Users\psimoes\Desktop\Free.File.Sync
2017-02-16 15:09 - 2017-02-16 15:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PS-TOSHIBA-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2017-02-16 15:09 - 2017-02-16 15:09 - 00000000 ____D C:\RegBackup
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Videos
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Pictures
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ___DL C:\Users\psimoes\Documents\My Music
2017-02-16 14:04 - 2017-02-16 14:04 - 00047056 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Program Files\Tweaking.com
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-02-16 13:07 - 2017-02-16 13:07 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-02-16 11:15 - 2017-02-16 11:15 - 01663040 _____ (Malwarebytes) C:\Users\psimoes\Desktop\JRT.exe
2017-02-16 11:15 - 2017-02-16 11:14 - 14449600 _____ (Copyright 2017.) C:\Users\psimoes\Desktop\Zemana.AntiMalware.Portable.exe
2017-02-16 11:15 - 2017-02-16 11:13 - 02705920 _____ C:\Users\psimoes\Desktop\ZHPCleaner.exe
2017-02-16 11:13 - 2017-02-16 11:13 - 00000680 _____ C:\Users\psimoes\AppData\Local\d3d9caps.dat
2017-02-16 03:44 - 2017-02-16 03:53 - 00010239 _____ C:\Pre_Scan.txt
2017-02-16 03:41 - 2017-02-16 03:49 - 00000000 ____D C:\Pre_Scan
2017-02-16 02:32 - 2017-02-16 02:32 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-02-16 02:32 - 2017-02-16 02:32 - 00003268 _____ C:\Windows\system32\bootdelete.lst
2017-02-15 20:02 - 2017-02-15 20:00 - 11005320 _____ (SurfRight B.V.) C:\Users\psimoes\Desktop\hitmanpro.exe
2017-02-15 11:50 - 2017-02-27 16:35 - 00000000 ____D C:\AdwCleaner
2017-02-15 11:44 - 2017-02-15 11:44 - 04015056 _____ C:\Users\psimoes\Desktop\adwcleaner_6.043.exe
2017-02-09 15:40 - 2017-02-09 15:40 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2017-02-09 15:34 - 2017-02-09 15:34 - 00752296 _____ C:\Users\psimoes\Desktop\Adware Removal Tool by TSA.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 21:49 - 2016-11-19 00:19 - 00038789 _____ C:\Windows\ZAM.krnl.trace
2017-03-09 21:49 - 2016-11-19 00:19 - 00021651 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-09 21:46 - 2009-02-16 14:28 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Skype
2017-03-09 21:20 - 2016-11-22 05:53 - 00121608 _____ C:\Users\psimoes\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-09 21:19 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-09 21:19 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-09 21:18 - 2016-11-22 05:50 - 00462664 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-09 21:18 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-09 21:18 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-09 21:13 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2017-03-09 21:13 - 2006-11-02 05:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-09 20:10 - 2006-11-02 08:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-09 11:08 - 2013-03-05 22:15 - 00000000 ____D C:\Users\psimoes\Documents\templates word docs
2017-03-08 21:34 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_733
2017-03-08 20:12 - 2016-11-14 14:37 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\ZHP
2017-03-08 19:53 - 2016-11-18 10:20 - 00000000 ____D C:\Users\psimoes\AppData\LocalLow\Mozilla
2017-03-08 18:52 - 2015-06-07 21:38 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-03-08 18:18 - 2011-01-23 23:37 - 00000000 ____D C:\Windows\pss
2017-03-08 10:30 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_816
2017-03-08 00:17 - 2009-02-16 11:17 - 00000000 ____D C:\Users\psimoes
2017-03-06 08:37 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\Online Armor
2017-03-05 20:09 - 2017-01-04 05:21 - 00000000 ____D C:\Users\psimoes\Desktop\eso
2017-03-05 16:37 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_316
2017-03-05 13:38 - 2009-02-16 11:21 - 00000000 ____D C:\Users\psimoes\Desktop\Icons
2017-03-01 20:36 - 2016-02-24 12:59 - 00000000 ____D C:\Users\psimoes\Desktop\FX
2017-02-26 16:55 - 2013-04-04 19:01 - 00000000 ____D C:\Users\psimoes\AppData\Local\Citrix
2017-02-26 15:13 - 2011-02-11 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2017-02-20 18:28 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-02-20 15:24 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_795
2017-02-20 12:18 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_704
2017-02-19 14:40 - 2009-03-15 08:47 - 00000000 ____D C:\Users\psimoes\Downloads\1GOOD_Progs_in_use
2017-02-16 16:50 - 2009-02-16 14:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-16 16:21 - 2015-08-30 23:16 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_763
2017-02-09 21:06 - 2016-11-17 18:41 - 00000993 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-09 21:06 - 2016-11-17 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-09 21:04 - 2011-01-28 11:29 - 00000000 ____D C:\Program Files\Opera
2017-02-09 20:44 - 2010-11-09 23:16 - 00000775 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 20:40 - 2012-09-27 16:53 - 00000817 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 20:39 - 2016-11-15 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-09 20:38 - 2012-05-03 08:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-09 20:38 - 2011-06-21 23:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-09 20:38 - 2008-02-12 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-09 20:37 - 2009-02-16 23:34 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-09 20:30 - 2012-08-17 19:59 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 20:29 - 2014-08-07 20:45 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2017-02-16 11:13 - 2017-02-16 11:13 - 0000680 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat

Files to move or delete:
====================
C:\Users\psimoes\ZHPDiag3.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-09 21:26

==================== End of FRST.txt ============================

Malnutrition · Mar 10, 2017

Uninstall Online Armor 6.0 from your machine for now, until we are done here...

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Malnutrition · Mar 10, 2017

Once you have completed the above, then right click FRST run as admin.
Type Panda into the search field.
Then Click on Search Registry.

An output file will appear on your desktop.
Copy and paste that into your next reply.

File Search With Everything Search Engine.

Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste Panda into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.

paulwb · Mar 10, 2017

Malnutrition said:
Uninstall Online Armor 6.0 from your machine for now, until we are done here...
FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

PC running much quicker now ....Here is the FixLog ....

Fix result of Farbar Recovery Scan Tool (x86) Version: 08-03-2017
Ran by psimoes (09-03-2017 22:56:33) Run:2
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
C:\Program Files\Panda Security
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
S4 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
C:\Program Files\Windows Defender
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
2017-03-09 21:20 - 2017-03-09 21:20 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Panda Security
2017-03-07 18:40 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-02-19 15:00 - 2014-03-11 09:51 - 00036896 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\corpol.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\psimoes\Downloads\39F2.tmp:$CmdTcID [64]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
MSCONFIG\Services: NanoServiceMain => 2
MSCONFIG\Services: PSUAService => 2
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: ipconfig /flushdns
cmd: netsh winsock reset all
reboot:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\@OnlineArmor GUI => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PSUAMain => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} => value removed successfully.
HKCR\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034} => key not found.

"C:\Program Files\Panda Security" folder move:

Could not move "C:\Program Files\Panda Security" => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value not found.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 => key removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\NanoServiceMain => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\PandaAgent => key removed successfully.
PandaAgent => service removed successfully.
HKLM\System\CurrentControlSet\Services\PSUAService => key could not remove, key could be protected
"C:\Program Files\Windows Defender" => Warning: FRST is scripted not to move this directory.
NNSALPC => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSALPC => key could not remove, key could be protected
NNSHTTP => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSHTTP => key could not remove, key could be protected
NNSHTTPS => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSHTTPS => key could not remove, key could be protected
NNSIDS => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSIDS => key could not remove, key could be protected
NNSNAHSL => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSNAHSL => key removed successfully.
NNSNAHSL => service removed successfully.
NNSPICC => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPICC => key could not remove, key could be protected
NNSPIHSW => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPIHSW => key removed successfully.
NNSPIHSW => service removed successfully.
NNSPOP3 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPOP3 => key could not remove, key could be protected
NNSPROT => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPROT => key could not remove, key could be protected
NNSPRV => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSPRV => key could not remove, key could be protected
NNSSMTP => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSSMTP => key could not remove, key could be protected
NNSSTRM => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSSTRM => key could not remove, key could be protected
NNSTLSC => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\NNSTLSC => key could not remove, key could be protected
PSINAflt => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINAflt => key could not remove, key could be protected
PSINFile => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINFile => key could not remove, key could be protected
PSINKNC => Unable to stop service.
HKLM\System\CurrentControlSet\Services\PSINKNC => key could not remove, key could be protected
PSINProc => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINProc => key could not remove, key could be protected
PSINProt => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINProt => key removed successfully.
PSINProt => service removed successfully.
PSINReg => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\PSINReg => key removed successfully.
PSINReg => service removed successfully.
HKLM\System\CurrentControlSet\Services\PSKMAD => key removed successfully.
PSKMAD => service removed successfully.
C:\Users\psimoes\AppData\Roaming\Panda Security => moved successfully
C:\Windows\system32\Drivers\PSKMAD.sys => moved successfully
C:\Windows\system32\Drivers\PsBoot.sys => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent\\SystemComponent => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62692A64-8661-4040-AC6C-F24E48393E20}\\SystemComponent => value removed successfully.
C:\Windows\notepad.exe => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\basesrv.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\cewmdm.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\clfs.sys => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\clfsw32.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\comctl32.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\corpol.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\dxmasf.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\dxtmsft.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\dxtrans.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\emdmgmt.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\ie4uinit.exe => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\iedkcs32.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\ieframe.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\iepeers.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\iernonce.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\iertutil.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\iesetup.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\iesysprep.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\ieui.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\ieUnatt.exe => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\inetcpl.cpl => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\jsproxy.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\licmgr10.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\msctf.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\msdxm.ocx => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\msfeeds.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\msfeedsbs.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\msfeedssync.exe => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\mshtml.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\mshtmled.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\msi.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\msiexec.exe => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\msmmsp.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\mstime.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\mstscax.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\msv1_0.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\ncsi.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\nlaapi.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\nlasvc.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\notepad.exe => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\occache.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\profsvc.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\scesrv.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\services.exe => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\spwmp.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\url.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\urlmon.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\vbscript.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\WebClnt.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\WindowsCodecs.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\wininet.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\wmp.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\WMPhoto.dll => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\wmploc.DLL => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\Drivers\ecache.sys => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\Drivers\mountmgr.sys => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\Drivers\mrxsmb.sys => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\Drivers\mrxsmb10.sys => ":$CmdTcID" ADS removed successfully..
C:\Windows\system32\Drivers\mrxsmb20.sys => ":$CmdTcID" ADS removed successfully..
C:\Users\psimoes\Downloads\39F2.tmp => ":$CmdTcID" ADS removed successfully..
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PSUAService => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NanoServiceMain => key removed successfully.
HKLM\System\CurrentControlSet\Services\NanoServiceMain => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PSUAService => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSUAService => key removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state Off =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8027451 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1331171 B
Edge => 0 B
Chrome => 41707511 B
Firefox => 6017244 B
Opera => 72050899 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 0 B
NetworkService => 0 B
psimoes => 3283156 B
Guest => 0 B

RecycleBin => 11132788 B
EmptyTemp: => 149 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-03-2017 23:21:49)

C:\Program Files\Panda Security => is moved successfully

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NanoServiceMain => key removed successfully..
HKLM\System\CurrentControlSet\Services\PSUAService => key removed successfully..
HKLM\System\CurrentControlSet\Services\NNSALPC => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSHTTP => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSHTTPS => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSIDS => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSPICC => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSPOP3 => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSPROT => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSPRV => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSSMTP => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSSTRM => key removed successfully.
HKLM\System\CurrentControlSet\Services\NNSTLSC => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSINAflt => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSINFile => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSINKNC => key removed successfully.
HKLM\System\CurrentControlSet\Services\PSINProc => key removed successfully.

==== End of Fixlog 23:21:50 ====

Malnutrition · Mar 10, 2017

Can you run ZHP Diag now? If not, please run UVS..... If neither will run, then go ahead and run the repair...

ZHP Diag Scan

Download ZHP Diag to your desktop.

1. Right Click Run as Admin.
2. Click the Scanner button.

When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

paulwb · Mar 10, 2017

Malnutrition said:
Once you have completed the above, then right click FRST run as admin.
Type Panda into the search field.
Then Click on Search Registry.
View attachment 1809
An output file will appear on your desktop.
Copy and paste that into your next reply.

File Search With Everything Search Engine.

Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste Panda into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.

Below are the FRST & Everything Search logs ....

FRST - Search Panda result
Farbar Recovery Scan Tool (x86) Version: 08-03-2017
Ran by psimoes (09-03-2017 23:43:05)
Running from C:\Users\psimoes\Desktop
Boot Mode: Normal

================== Search Registry: "Panda" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\PSUAMain.exe]
"TaskbarGroupIcon"="C:\ProgramData\Panda Security\Panda Security Protection\Res\Current\Images\MainIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}\InprocServer32]
""="C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:
Program Files
Panda Security
Panda Security Protection
msvcm80.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2B8459F343B035449AE25350B650F391]
"Plugins"="PandaDevicesAgentFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2B8459F343B035449AE25350B650F391]
"PandaDevicesAgentFiles"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2B8459F343B035449AE25350B650F391]
"Externals"="PandaDevicesAgentFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\46A2962616680404CAC62FE48493E302]
"PandaDevicesAgent"="Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\46A2962616680404CAC62FE48493E302]
"PandaToolBar"="Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B8459F343B035449AE25350B650F391]
"ProductName"="Panda Devices Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B8459F343B035449AE25350B650F391\SourceList]
"PackageName"="PandaDevicesAgent.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B8459F343B035449AE25350B650F391\SourceList]
"LastUsedSource"="n;1;C:\Users\psimoes\AppData\Local\Temp\7zS814DFE72\Program Files\Panda Security\Panda Cloud Antivirus\Tools\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B8459F343B035449AE25350B650F391\SourceList\Net]
"1"="C:\Users\psimoes\AppData\Local\Temp\7zS814DFE72\Program Files\Panda Security\Panda Cloud Antivirus\Tools\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\46A2962616680404CAC62FE48493E302]
"ProductName"="Panda Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\46A2962616680404CAC62FE48493E302\SourceList]
"PackageName"="PandaCloudAntivirus_x86.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSUAScanner\Scan\Shell\open\command]
""=""C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchAutorunAnalysis /custom:"%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A7DF5BD5-7139-4D75-BEBE-EE785C0AAE24}\1.0\0\win32]
""="C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A7DF5BD5-7139-4D75-BEBE-EE785C0AAE24}\1.0\HELPDIR]
""="C:\Program Files\Panda Security\Panda Security Protection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AA50F6CC-C49D-44DF-B397-ADF57A8DE4EC}\1.0\0\win32]
""="C:\Program Files\Panda Security\Panda Security Protection\PSUAShell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AA50F6CC-C49D-44DF-B397-ADF57A8DE4EC}\1.0\HELPDIR]
""="C:\Program Files\Panda Security\Panda Security Protection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B40BE417-D17C-4382-A8F1-5457C7D04C57}\1.0\0\win32]
""="C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B40BE417-D17C-4382-A8F1-5457C7D04C57}\1.0\HELPDIR]
""="C:\Program Files\Panda Security\Panda Security Protection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message\{096CE0A5-8160-4557-866E-3A80540F34A1}]
"$DLL"="C:\Program Files\Panda Security\Panda Security Protection\PSNCDSEX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}]
"AppPath"="C:\Program Files\pandasecuritytb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC2DE09D-AF76-42f2-80E9-E5FFE623B971}]
"AppPath"="C:\Program Files\pandasecuritytb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\PSUAScanner]
"Provider"="Panda Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\PSUAScanner]
"Action"="Scan with Panda Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\PSUAScanner]
"DefaultIcon"="C:\ProgramData\Panda Security\Panda Security Protection\Res\Current\Images\MainIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Cache\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\CfgData\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\CloudCleaner\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\Download\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\Download\0x04015000\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\NPS\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\PSF\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\Quarantine\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\Res\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\UAData\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Security Protection\Upselling\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\LostandFound\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\PskTmp\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\bul\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\chi\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\chi-tw\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\dan\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\dut\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\eng\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\fin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\fre\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\ger\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\gre\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\hun\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\ita\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\jpn\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\nor\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\pol\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\por\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\por-br\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\rus\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\slo\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\slv\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\spa\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\swe\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Lang\tur\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\DG\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Drivers\NNSNahsL\WVista\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Drivers\NNSNahsL\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Drivers\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Security Protection\Tools\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Devices Agent\Downloads\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Devices Agent\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Devices Agent\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Panda Security\Panda Devices Agent\Queue\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Devices Agent\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Panda Security\Panda Devices Agent\Plugins\"=""
[N1wv!4F!Dk6KNlPT&AgTYSwNk7Ri=Nh]PX]V9@Lx_P)%7-c-q'42@6prx9Zpt=2A8-SO%rWIr^0j39Dbznx_`oNF6T?AZ.k(5=I&ucq3U7Klthp%+`ICB@p82n$=P).RLNMtev%,m8am%xKlNH6%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\Program Files\Panda Security\Panda Devices Agent\Plugins\Plugin_Inventory.dll"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\Program Files\Panda Security\Panda Devices Agent\putczip.dll"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent]
"DisplayName"="Panda Devices Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent]
"InstallLocation"="C:\Program Files\Panda Security\Panda Devices Agent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent]
"Publisher"="Panda Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Security URL Filtering]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Security URL Filtering]
"Publisher"="Panda Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Security URL Filtering]
"InstallLocation"="C:\Program Files\Panda Security URL Filtering"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Security URL Filtering]
"UninstallString"="C:\Program Files\Panda Security URL Filtering\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F9548B2-0B34-4453-A92E-35056B053F19}]
"InstallLocation"="C:\Program Files\Panda Security\Panda Devices Agent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F9548B2-0B34-4453-A92E-35056B053F19}]
"InstallSource"="C:\Users\psimoes\AppData\Local\Temp\7zS814DFE72\Program Files\Panda Security\Panda Cloud Antivirus\Tools\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F9548B2-0B34-4453-A92E-35056B053F19}]
"Publisher"="Panda Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F9548B2-0B34-4453-A92E-35056B053F19}]
"URLInfoAbout"="http://www.PandaSecurity.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F9548B2-0B34-4453-A92E-35056B053F19}]
"DisplayName"="Panda Devices Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62692A64-8661-4040-AC6C-F24E48393E20}]
"InstallLocation"="C:\Program Files\Panda Security\Panda Security Protection\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62692A64-8661-4040-AC6C-F24E48393E20}]
"Publisher"="Panda Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62692A64-8661-4040-AC6C-F24E48393E20}]
"URLInfoAbout"="http://www.pandasecurity.com/redirector/?app=Home&prod=3756&lang=eng&custom=181176"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62692A64-8661-4040-AC6C-F24E48393E20}]
"DisplayName"="Panda Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Live]
"DownloadFolder"="C:\ProgramData\Panda Security\Panda Security Protection\Download\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\00-PSANModNotification]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModNotification.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\01-PSANModCfg]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModCfg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\02-PSANModScheduler]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModScheduler.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\03-PSANModBLA]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModBLA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\04-PSANModRep]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModRep.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\08-PSANModAV]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\10-PSANModADM]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModADM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\12-PSANModProactive]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModProactive.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\14-PSANModShield]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModShield.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\20-PSANModCtrlCfg]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModCtrlCfg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\22-PSANModRol]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModRol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\23-PSANModStats]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModStats.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\26-PSANModUSBVac]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModUSBVac.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\30-PSANModFirewall]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModFirewall.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\33-PSANModProcMon]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModProcMon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\34-PSANModTuneUp]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModTuneUp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\50-PSANModURL]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModURL.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Panda Main Service\Plugins\60-PSANModAdiag]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModAdiag.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Nano Av\Setup]
"Path"="C:\Program Files\Panda Security\Panda Security Protection\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Cloud Cleaner]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Cloud Cleaner]
"CurrentPath"="C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Research]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Plugins\05-PSANModLive]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANModLive.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Plugins\10-PSANMSrvc]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSANMSrvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Plugins\12-PSINUNC]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSINUNC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Plugins\15-PSENKrnl]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSENKrnl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Plugins\25-PSINApAg]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSINApAg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Plugins\30-PSINEnAg]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSINEnAg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Plugins\35-PSINEvAg]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\PSINEvAg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Plugins\50-Nconverter]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\NConv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\Panda Service Host\Plugins\60-NNSManager]
"strPath"="C:\Program Files\Panda Security\Panda Security Protection\NNSManager.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\SetupEx\DMP Agent]
"LProductName"="Panda Devices Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\SetupEx\DMP Agent]
"InitialCompanyName"="Panda Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\SetupEx\DMP Agent]
"InitialProductName"="Panda Devices Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\SetupEx\DMP Agent]
"MProductName"="Panda Devices Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\SetupEx\DMP Agent]
"Path"="C:\Program Files\Panda Security\Panda Devices Agent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\SetupEx\DMP Agent]
"ProductName"="Panda Devices Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\SetupEx\DMP Agent]
"SProductName"="Panda Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"LProductName"="Panda Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"ProductName"="Panda Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"InitialCompanyName"="Panda Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"InitialProductName"="Panda Security Protection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"Path"="C:\Program Files\Panda Security\Panda Security Protection\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"SCompanyName"="Panda"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"UnPath"=""C:\Program Files\Panda Security\Panda Security Protection\Setup.exe" /X{62692A64-8661-4040-AC6C-F24E48393E20} "
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"SProductName"="Panda Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"MProductName"="Panda Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup]
"FirewallName"="Panda Firewall"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DASBOOT\0000]
"DeviceDesc"="Panda AntiMalware Support"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DASBOOTF\0000]
"DeviceDesc"="Panda AntiMalware Support MF"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DASPTCT\0000]
"DeviceDesc"="Panda AntiMalware Dynamic Support"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NANOSERVICEMAIN\0000]
"DeviceDesc"="Panda Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PSUASERVICE\0000]
"DeviceDesc"="Panda Product Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\AnalysisSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\AnalysisSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\ApplicationFirewallSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\ApplicationFirewallSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\AutodiagSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\AutodiagSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\AVSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\AVSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\FirewallSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\FirewallSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\IdentityProtectSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\IdentityProtectSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\KRESource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\KRESource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\MVSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\MVSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\ROLSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\ROLSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\TuneUpSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\TuneUpSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\UpdateSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\UpdateSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\WebProtectionSource]
"EventMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano\WebProtectionSource]
"CategoryMessageFile"="C:\Program Files\Panda Security\Panda Security Protection\PSNEvts.dll"
[HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\pandasecuritytb]
[HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\AppDataLow\Software\panda]
[HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\AppDataLow\Software\pandasecuritytb]
[HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\AppDataLow\Software\pandasecuritytb]
"AutoSearchURL"="http://pandasecurity.mystart.com/re...kt=us&u=259BABCA2EA48B711082DB580A618664&q=%s"
[HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe"="AV Console"
[HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\psimoes\Desktop\PandaCloudCleaner.exe"="Panda Cloud Cleaner Setup "

====== End of Search ======

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Search Everything - Registry Panda

C:\FRST\Quarantine\C\Program Files\Panda Security\Panda Devices Agent
C:\ProgramData\Panda Security\Panda Devices Agent
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
C:\FRST\Quarantine\C\Program Files\Panda Security
C:\FRST\Quarantine\C\Users\psimoes\AppData\Roaming\Panda Security
C:\ProgramData\Panda Security
C:\FRST\Quarantine\C\Program Files\Panda Security\Panda Security Protection
C:\FRST\Quarantine\C\Users\psimoes\AppData\Roaming\Panda Security\Panda Security Protection
C:\ProgramData\Panda Security\Panda Security Protection
C:\Users\psimoes\Downloads\1GOOD_Progs_in_use\zSecurity.Software\1AntiVirus\Panda.AV
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner
C:\Users\psimoes\Desktop\LOGS\2017.03.09__Panda.Sec.files_Search.Every.JPG
C:\Users\psimoes\Desktop\LOGS\2017.03.09_AutoRuns_Panda.JPG
C:\ProgramData\Panda Security\Panda Security Protection\Res\115\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\3657\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\3756\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\4002\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\4251\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\Common\images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\Current\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\115\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\3657\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\3756\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\4002\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\Common\images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\Current\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus\Panda Free Antivirus.lnk
C:\Users\Public\Desktop\Panda Free Antivirus.lnk
C:\ProgramData\Panda Security\PSLogs\Panda Free Antivirus_MSI_4F28.Log
C:\ProgramData\Panda Security\PSLogs\Panda Free Antivirus_MSI_8141.Log
C:\AdwCleaner\quarantine\files\gvhwumfytdkopqkkblfljpuxuhijhygw\2.0.43_0\images\Panda-logo.png
C:\AdwCleaner\quarantine\files\gvhwumfytdkopqkkblfljpuxuhijhygw\2.0.43_0\images\Panda-watermask.png
C:\Users\psimoes\Downloads\1GOOD_Progs_in_use\zSecurity.Software\1AntiVirus\Panda.AV\Panda_15.1.0_FREEAV.exe
C:\Users\psimoes\Desktop\PandaCloudCleaner.exe
C:\Users\psimoes\Documents\1PS Docs\PC_Info\PC Tech Support\PC Help Forum\1portable antivirus and antimalware\PandaCloudCleaner.exe
C:\Users\psimoes\Downloads\1GOOD_Progs_in_use\zSecurity.Software\PandaCloudCleaner.exe
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner\PandaCloudCleaner.ini
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner.zip
C:\ProgramData\Panda Security\PSLogs\PandaDevicesAgent_MSI_70C1.Log
C:\FRST\Quarantine\C\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe

Malnutrition · Mar 10, 2017

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

paulwb · Mar 10, 2017

Malnutrition said:
Can you run ZHP Diag now? If not, please run UVS..... If neither will run, then go ahead and run the repair...

ZHP Diag Scan

Download ZHP Diag to your desktop.

1. Right Click Run as Admin.
2. Click the Scanner button.

When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

ZHPDiag failed to run. Here is the error pop up ...

uVS did run ... but I'm unable to upload the image file ... extension is not allowed

Malnutrition · Mar 10, 2017

Upload it to sendspace.com, send me the link.

paulwb · Mar 10, 2017

Malnutrition said:
Upload it to sendspace.com, send me the link.

uVS image file link ...
https://www.sendspace.com/file/66x87n

Malnutrition · Mar 10, 2017

Go ahead and run the last FRST fix then the repair. This log takes Days to go over... I will look at it a while tonight then a while tomorrow. Too much information to go over in one sitting...

paulwb · Mar 10, 2017

Malnutrition said:
FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Apps definitely open much quicker. Panda AV is finally gone.

FRST Fix log ..

Fix result of Farbar Recovery Scan Tool (x86) Version: 08-03-2017
Ran by psimoes (10-03-2017 00:27:43) Run:3
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
C:\ProgramData\Panda Security\Panda Devices Agent
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
C:\ProgramData\Panda Security
C:\ProgramData\Panda Security\Panda Security Protection
C:\Users\psimoes\Downloads\1GOOD_Progs_in_use\zSecurity.Software\1AntiVirus\Panda.AV
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner
C:\Users\psimoes\Desktop\LOGS\2017.03.09__Panda.Sec.files_Search.Every.JPG
C:\Users\psimoes\Desktop\LOGS\2017.03.09_AutoRuns_Panda.JPG
C:\ProgramData\Panda Security\Panda Security Protection\Res\115\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\3657\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\3756\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\4002\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\4251\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\Common\images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\Current\Images\LOGO_PANDA.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\115\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\3657\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\3756\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\4002\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\Common\images\LOGO_PANDA_negativo.png
C:\ProgramData\Panda Security\Panda Security Protection\Res\Current\Images\LOGO_PANDA_negativo.png
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus\Panda Free Antivirus.lnk
C:\Users\Public\Desktop\Panda Free Antivirus.lnk
C:\ProgramData\Panda Security\PSLogs\Panda Free Antivirus_MSI_4F28.Log
C:\ProgramData\Panda Security\PSLogs\Panda Free Antivirus_MSI_8141.Log
C:\AdwCleaner\quarantine\files\gvhwumfytdkopqkkblfljpuxuhijhygw\2.0.43_0\images\Panda-logo.png
C:\AdwCleaner\quarantine\files\gvhwumfytdkopqkkblfljpuxuhijhygw\2.0.43_0\images\Panda-watermask.png
C:\Users\psimoes\Downloads\1GOOD_Progs_in_use\zSecurity.Software\1AntiVirus\Panda.AV\Panda_15.1.0_FREEAV.exe
C:\Users\psimoes\Desktop\PandaCloudCleaner.exe
C:\Users\psimoes\Documents\1PS Docs\PC_Info\PC Tech Support\PC Help Forum\1portable antivirus and antimalware\PandaCloudCleaner.exe
C:\Users\psimoes\Downloads\1GOOD_Progs_in_use\zSecurity.Software\PandaCloudCleaner.exe
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner\PandaCloudCleaner.ini
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner.zip
C:\ProgramData\Panda Security\PSLogs\PandaDevicesAgent_MSI_70C1.Log
DeleteKey: HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\AppDataLow\Software\pandasecuritytb
DeleteKey: HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\AppDataLow\Software\panda
DeleteKey: HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\pandasecuritytb
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PSUASERVICE
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NANOSERVICEMAIN
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DASPTCT
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DASBOOTF
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62692A64-8661-4040-AC6C-F24E48393E20}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F9548B2-0B34-4453-A92E-35056B053F19}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Security URL Filtering
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\PSUAScanner
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\PSUAMain.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSUAScanner
reboot:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\ProgramData\Panda Security\Panda Devices Agent => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus => moved successfully
C:\ProgramData\Panda Security => moved successfully
"C:\ProgramData\Panda Security\Panda Security Protection" => not found.
C:\Users\psimoes\Downloads\1GOOD_Progs_in_use\zSecurity.Software\1AntiVirus\Panda.AV => moved successfully
C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable => moved successfully
"C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner" => not found.
C:\Users\psimoes\Desktop\LOGS\2017.03.09__Panda.Sec.files_Search.Every.JPG => moved successfully
C:\Users\psimoes\Desktop\LOGS\2017.03.09_AutoRuns_Panda.JPG => moved successfully
"C:\ProgramData\Panda Security\Panda Security Protection\Res\115\Images\LOGO_PANDA.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\3657\Images\LOGO_PANDA.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\3756\Images\LOGO_PANDA.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\4002\Images\LOGO_PANDA.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\4251\Images\LOGO_PANDA.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\Common\images\LOGO_PANDA.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\Current\Images\LOGO_PANDA.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\115\Images\LOGO_PANDA_negativo.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\3657\Images\LOGO_PANDA_negativo.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\3756\Images\LOGO_PANDA_negativo.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\4002\Images\LOGO_PANDA_negativo.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\Common\images\LOGO_PANDA_negativo.png" => not found.
"C:\ProgramData\Panda Security\Panda Security Protection\Res\Current\Images\LOGO_PANDA_negativo.png" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus\Panda Free Antivirus.lnk" => not found.
C:\Users\Public\Desktop\Panda Free Antivirus.lnk => moved successfully
"C:\ProgramData\Panda Security\PSLogs\Panda Free Antivirus_MSI_4F28.Log" => not found.
"C:\ProgramData\Panda Security\PSLogs\Panda Free Antivirus_MSI_8141.Log" => not found.
C:\AdwCleaner\quarantine\files\gvhwumfytdkopqkkblfljpuxuhijhygw\2.0.43_0\images\Panda-logo.png => moved successfully
C:\AdwCleaner\quarantine\files\gvhwumfytdkopqkkblfljpuxuhijhygw\2.0.43_0\images\Panda-watermask.png => moved successfully
"C:\Users\psimoes\Downloads\1GOOD_Progs_in_use\zSecurity.Software\1AntiVirus\Panda.AV\Panda_15.1.0_FREEAV.exe" => not found.
C:\Users\psimoes\Desktop\PandaCloudCleaner.exe => moved successfully
C:\Users\psimoes\Documents\1PS Docs\PC_Info\PC Tech Support\PC Help Forum\1portable antivirus and antimalware\PandaCloudCleaner.exe => moved successfully
C:\Users\psimoes\Downloads\1GOOD_Progs_in_use\zSecurity.Software\PandaCloudCleaner.exe => moved successfully
"C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner\PandaCloudCleaner.ini" => not found.
"C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable\PandaCloudCleaner.zip" => not found.
"C:\ProgramData\Panda Security\PSLogs\PandaDevicesAgent_MSI_70C1.Log" => not found.
HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\AppDataLow\Software\pandasecuritytb => key removed successfully.
HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\AppDataLow\Software\panda => key removed successfully.
HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\pandasecuritytb => key removed successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Nano => key removed successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PSUASERVICE => key removed successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NANOSERVICEMAIN => key removed successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DASPTCT => key removed successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DASBOOTF => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62692A64-8661-4040-AC6C-F24E48393E20} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F9548B2-0B34-4453-A92E-35056B053F19} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Security URL Filtering => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\PSUAScanner => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\PSUAMain.exe => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSUAScanner => key removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7290831 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1855199 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 11132716 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 0 B
NetworkService => 0 B
psimoes => 3279414 B
Guest => 0 B

RecycleBin => 4475973 B
EmptyTemp: => 38.8 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 00:29:10 ====

Malnutrition · Mar 10, 2017

Alright, let me know how the repair goes....

paulwb · Mar 10, 2017

Malnutrition said:
Alright, let me know how the repair goes....

Apps definitely open much quicker. Panda AV is finally gone.
HD icon still flickers constantly and cannot install some applications due to "Variable must be of type "Object" or "Variable used without being declared" error

Malnutrition · Mar 11, 2017

There was nothing of concern in the UVS logs, what else can I help you with?

"Variable must of type "Object" or "Variable used without being declared" error

Have you tried a new admin account? I suspect profile corruption, this along with many other errors....

Malnutrition · Mar 11, 2017

Open Elevated Command Prompt.
Copy and paste reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s > "%userprofile%\Desktop\Export.txt"
Hit enter.
A notepad named export.txt will appear, copy and paste that in your next reply.

paulwb · Mar 13, 2017

Malnutrition said:
Open Elevated Command Prompt.
Copy and paste reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s > "%userprofile%\Desktop\Export.txt"
Hit enter.
A notepad named export.txt will appear, copy and paste that in your next reply.

Here's the text ....

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
FP_NO_HOST_CHECK REG_SZ NO
OS REG_SZ Windows_NT
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\PC Connectivity Solution;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Windows Live\Shared;C:\Program Files\Skype\Phone;C:\Program Files\Skype\Phone\
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE REG_SZ x86
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
USERNAME REG_SZ SYSTEM
windir REG_EXPAND_SZ %SystemRoot%
PROCESSOR_LEVEL REG_SZ 6
PROCESSOR_IDENTIFIER REG_SZ x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_REVISION REG_SZ 0f0d
NUMBER_OF_PROCESSORS REG_SZ 2
TRACE_FORMAT_SEARCH_PATH REG_EXPAND_SZ \\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
DFSTRACINGON REG_EXPAND_SZ FALSE
PSModulePath REG_EXPAND_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
CLASSPATH REG_SZ .;C:\Program Files\Java\jre7\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre7\lib\ext\QTJava.zip
asl.log REG_SZ Destination=file

paulwb · Mar 13, 2017

Hi M, I appreciate your continued help on this.
I'm going to review my first thread back in Nov 2016 which reported similar issues with executables not working and find out what the fix was.
As mentioned, PC applications & boot times are much quicker.
The remaining issues are constant HD activity, System Restore & some .exe files won't run.

paulwb

Attachments

Malnutrition

Malnurished Admin

paulwb

Attachments

Malnutrition

Malnurished Admin

Attachments

Malnutrition

Malnurished Admin

paulwb

Malnutrition

Malnurished Admin

paulwb

Malnutrition

Malnurished Admin

Attachments

paulwb

Malnutrition

Malnurished Admin

paulwb

Malnutrition

Malnurished Admin

paulwb

Malnutrition

Malnurished Admin

paulwb

Malnutrition

Malnurished Admin

Malnutrition

Malnurished Admin

paulwb

paulwb

Search

Search

Solved Vista laptop running slow, constant hard drive activity

We value your privacy