1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Husband's Computer Mired in Swamp!

Discussion in 'Virus & Other Malware Removal' started by panamahat, Nov 16, 2016.

Thread Status:
Not open for further replies.
Advertisement
  1. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    340
    Hi:

    My husband's computer is in serious trouble, so much so that I can't run the SysInfo utility and am having to post from my computer. He's an elderly man who visits all kinds of sites (pravda.com anyone?) that may not be good for the system's health. Because he's also quite ill, I haven't had time to police his machine the way I did in the past.

    The biggest problem is when he surfs the web. It takes forever for the most basic sites to open -- google, etc. Running a video or watching a live stream is almost impossible. I've tried to update his anti-virus (microsoft) but it just takes so long the system finally quits on itself. Ditto updating any of the anti-spyware programs that are loaded. Nonetheless, I ran what I could, Ccleaner, Super AntiSpyware, a couple others but obviously didn't do much good as they couldn't update themselves first.

    My husband's computer is a Dell laptop running Windows 7. He uses IE. I've tried to download Firefox and Chrome but can't get them to complete. He basically uses the computer to surf the web and send notes via gmail. It's a very important link to the outside world so I'm hoping someone can help to restore its health. As it is now, it's really not worth turning on.

    Many thanks in advance for some guidance.

    Jane
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya Jane,

    See if you can run the following and post the two produced logs....

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

    • Double-click to run it. When the tool opens click Yes to disclaimer.
      (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
    • Make sure Addition.txt is checkmarked under "Optional scans"
    • Press Scan button to run the tool....
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

    Thank you,

    Kevin...
     
  3. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    340
    Thanks, Kevin. Back at you shortly.
    Jane
     
  4. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    340
    Hi again Kevin:

    Here they are. Many thanks for your help.

    Jane
     
  5. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    340
    Ok, Kevin, here tis. Thank you! Jane

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016

    Ran by laci (administrator) on LACI-PC (18-11-2016 23:15:51)

    Running from C:\Users\laci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZAQQL01

    Loaded Profiles: laci (Available Profiles: laci & Standard)

    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

    Internet Explorer Version 11 (Default browser: IE)

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe

    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

    (SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

    (Microsoft Corporation) C:\Windows\System32\rundll32.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

    (SparkLabs) C:\Program Files\WiTopia\WiTopia.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    (Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe

    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe

    (Farbar) C:\Users\laci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZAQQL01\FRST64 (1).exe



    ==================== Registry (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)

    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)

    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

    HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\Run: [WiTopia] => C:\Program Files\WiTopia\WiTopia.exe [881352 2016-05-11] (SparkLabs)

    HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-11-06] (SUPERAntiSpyware)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-07-15]

    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    Tcpip\..\Interfaces\{386C8704-48B2-4D58-97E6-03DD89260383}: [DhcpNameServer] 192.168.1.1


    Internet Explorer:

    ==================

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

    SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-21-394972508-1588171768-45821406-1001 -> DefaultScope {828F7261-083E-4CA3-8C3C-846663182343} URL = hxxp://www.google.com/search?q={searchTerms}

    SearchScopes: HKU\S-1-5-21-394972508-1588171768-45821406-1001 -> {075604F7-3ECA-4D2C-B853-A89FC8134C63} URL = hxxp://www.google.com/search?q={searchTerms}

    SearchScopes: HKU\S-1-5-21-394972508-1588171768-45821406-1001 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =

    SearchScopes: HKU\S-1-5-21-394972508-1588171768-45821406-1001 -> {828F7261-083E-4CA3-8C3C-846663182343} URL = hxxp://www.google.com/search?q={searchTerms}

    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)

    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)

    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)

    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)

    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)

    BHO-x32: CleanPageBHO Class -> {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} -> C:\Program Files (x86)\Readonweb\CleanPage\CleanPage.dll [2011-05-25] (Readonweb, LLC)

    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)

    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)

    Toolbar: HKLM-x32 - ReadonwebToolbar - {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - C:\Program Files (x86)\Readonweb\CleanPage\ReadonwebToolbar.dll [2011-05-25] (Readonweb, LLC)

    DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)

    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)


    FireFox:

    ========

    FF DefaultProfile: x1kvo6rg.default-1402284565382

    FF ProfilePath: C:\Users\laci\AppData\Roaming\Mozilla\Firefox\Profiles\x1kvo6rg.default-1402284565382 [2016-11-17]

    FF NewTab: Mozilla\Firefox\Profiles\x1kvo6rg.default-1402284565382 ->

    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\x1kvo6rg.default-1402284565382 -> Google

    FF Homepage: Mozilla\Firefox\Profiles\x1kvo6rg.default-1402284565382 -> hxxp://drudgereport.com/

    hxxps://mail.google.com/mail/u/0/#inbox

    hxxp://lucianne.com/

    FF Extension: (Morning Coffee) - C:\Users\laci\AppData\Roaming\Mozilla\Firefox\Profiles\x1kvo6rg.default-1402284565382\Extensions\[email protected] [2016-05-15]

    FF Extension: (ColorfulTabs) - C:\Users\laci\AppData\Roaming\Mozilla\Firefox\Profiles\x1kvo6rg.default-1402284565382\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-09-28]

    FF Extension: (Adblock Plus) - C:\Users\laci\AppData\Roaming\Mozilla\Firefox\Profiles\x1kvo6rg.default-1402284565382\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-16]

    FF Extension: (Multi-process staged rollout) - C:\Users\laci\AppData\Roaming\Mozilla\Firefox\Profiles\x1kvo6rg.default-1402284565382\features\{5fc92404-2aab-4c7c-8bfd-5edf137020d6}\[email protected] [2016-10-13]

    FF SearchPlugin: C:\Users\laci\AppData\Roaming\Mozilla\Firefox\Profiles\x1kvo6rg.default-1402284565382\searchplugins\dogpile.xml [2014-06-21]

    FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-10-19] [not signed]

    FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-10-19] [not signed]

    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-07-15] [not signed]

    FF HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-28] ()

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-28] ()

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-17] (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-17] (Google Inc.)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)


    Chrome:

    =======

    CHR DefaultProfile: Default

    CHR Profile: C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default [2016-11-17]

    CHR Extension: (Google Slides) - C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-13]

    CHR Extension: (Google Docs) - C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-13]

    CHR Extension: (Google Drive) - C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-13]

    CHR Extension: (YouTube) - C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-13]

    CHR Extension: (Google Sheets) - C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-13]

    CHR Extension: (Google Docs Offline) - C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-14]

    CHR Extension: (Chrome Web Store Payments) - C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-13]

    CHR Extension: (Gmail) - C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-13]

    CHR Extension: (Chrome Media Router) - C:\Users\laci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)

    R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]

    R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]

    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]

    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]

    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)

    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-26] (IObit)

    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)

    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]

    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)

    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]

    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [106696 2016-05-11] (SparkLabs)


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S3 ebdrv; C:\windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

    S3 IntcDAud; C:\windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation) [File not signed]

    R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)

    R2 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [106256 2013-07-04] (Oracle Corporation)

    S3 visctap0901; C:\windows\System32\DRIVERS\visctap0901.sys [50416 2016-05-09] (The OpenVPN Project)

    S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-11-18 23:15 - 2016-11-18 23:15 - 00000000 ____D C:\FRST

    2016-11-18 23:01 - 2016-11-18 23:01 - 00060015 _____ C:\Users\laci\Documents\techguy help.htm

    2016-11-18 23:00 - 2016-11-18 23:01 - 00000000 ____D C:\Users\laci\Documents\techguy help_files

    2016-11-18 12:25 - 2016-11-18 12:25 - 00411688 _____ C:\windows\system32\FNTCACHE.DAT

    2016-11-17 21:54 - 2016-11-18 22:43 - 00000000 ____D C:\Users\laci\AppData\LocalLow\Adblock Plus for IE

    2016-11-17 21:54 - 2016-11-17 21:54 - 00000000 ____D C:\Program Files\Adblock Plus for IE

    2016-11-17 18:28 - 2016-11-18 22:33 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    2016-11-17 18:28 - 2016-11-18 21:39 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    2016-11-17 18:28 - 2016-11-17 18:28 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

    2016-11-17 18:28 - 2016-11-17 18:28 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

    2016-11-17 17:43 - 2016-11-17 17:43 - 00107848 _____ C:\Users\laci\AppData\Local\GDIPFONTCACHEV1.DAT

    2016-11-17 17:16 - 2016-11-17 17:16 - 00003008 _____ C:\windows\System32\Tasks\SlimCleaner Run

    2016-11-17 17:16 - 2016-11-17 17:16 - 00000000 ____D C:\Users\laci\AppData\Local\SlimWare Utilities Inc

    2016-11-07 13:24 - 2016-11-07 13:24 - 00046317 _____ C:\Users\laci\Downloads\8011841900002016091.pdf

    2016-11-06 18:06 - 2016-11-16 17:35 - 00000000 ____D C:\Users\laci\AppData\Local\ESET

    2016-10-19 18:53 - 2016-10-19 18:53 - 00000000 ____D C:\Users\laci\AppData\Roaming\SUPERAntiSpyware.com


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-11-18 22:12 - 2011-11-01 13:10 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{98D2754B-196C-4BF0-BC19-C9F9AA896971}

    2016-11-18 21:43 - 2013-09-01 21:06 - 00686116 _____ C:\windows\system32\perfh00E.dat

    2016-11-18 21:43 - 2013-09-01 21:06 - 00172396 _____ C:\windows\system32\perfc00E.dat

    2016-11-18 21:43 - 2009-07-14 00:13 - 00854014 _____ C:\windows\system32\PerfStringBackup.INI

    2016-11-18 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf

    2016-11-18 21:42 - 2016-07-10 17:58 - 02359328 _____ C:\windows\ntbtlog.txt

    2016-11-18 12:53 - 2009-07-13 23:45 - 00025168 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2016-11-18 12:53 - 2009-07-13 23:45 - 00025168 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2016-11-18 12:25 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

    2016-11-17 18:28 - 2013-01-09 13:50 - 00000000 ____D C:\Users\laci\AppData\Local\Deployment

    2016-11-17 18:11 - 2016-09-10 00:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    2016-11-17 17:42 - 2013-11-17 11:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

    2016-11-17 17:24 - 2015-12-18 14:34 - 00000000 ____D C:\Program Files (x86)\SlimCleaner

    2016-11-17 16:43 - 2013-09-25 11:18 - 00002802 _____ C:\windows\System32\Tasks\CCleanerSkipUAC

    2016-11-16 18:45 - 2012-04-01 17:54 - 00000000 ____D C:\Users\laci\AppData\Local\Mozilla

    2016-11-16 17:37 - 2016-08-25 10:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

    2016-11-16 17:37 - 2016-03-23 06:40 - 00000000 ____D C:\Users\laci\AppData\Roaming\ProductData

    2016-11-16 17:37 - 2015-12-18 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

    2016-11-16 17:37 - 2013-09-12 18:35 - 00000000 ____D C:\Users\Standard

    2016-11-16 17:37 - 2012-01-04 19:09 - 00000000 ____D C:\Users\laci\AppData\Roaming\Skype

    2016-11-16 17:37 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF

    2016-11-16 17:37 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache

    2016-11-16 17:37 - 2009-07-13 22:20 - 00000000 ____D C:\windows\AppCompat

    2016-11-16 17:36 - 2013-07-22 20:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

    2016-11-16 17:36 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration

    2016-11-16 16:42 - 2011-07-29 13:42 - 00000000 ____D C:\Users\laci

    2016-11-10 10:06 - 2016-05-16 18:15 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

    2016-11-07 03:28 - 2016-05-16 18:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    2016-11-02 15:16 - 2011-07-23 00:51 - 00000000 ____D C:\ProgramData\Sonic

    2016-10-31 11:12 - 2015-11-21 15:04 - 00000000 ____D C:\Users\laci\AppData\Local\ElevatedDiagnostics

    2016-10-27 20:22 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

    2016-10-19 18:46 - 2016-08-25 10:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com


    ==================== Files in the root of some directories =======


    2014-06-18 23:07 - 2014-06-18 23:07 - 0000024 _____ () C:\Users\laci\AppData\Roaming\temp.ini

    2013-08-19 11:58 - 2013-08-19 11:58 - 0000851 _____ () C:\Users\laci\AppData\Local\recently-used.xbel

    2015-12-18 15:27 - 2016-09-28 16:30 - 0007614 _____ () C:\Users\laci\AppData\Local\resmon.resmoncfg

    2014-10-01 16:03 - 2014-10-01 16:03 - 0000000 _____ () C:\Users\laci\AppData\Local\{11B87ED2-04C3-4C45-BBC7-6D312BA6B070}

    2014-09-13 19:46 - 2014-09-13 19:46 - 0000000 _____ () C:\Users\laci\AppData\Local\{4C7B3009-E2AB-43CC-A4C2-A44CF2C776D6}

    2014-09-16 10:02 - 2014-09-16 10:02 - 0000000 _____ () C:\Users\laci\AppData\Local\{8B7F4CDE-0448-42CD-AC20-CB7527C37663}

    2014-08-04 09:28 - 2014-08-04 09:28 - 0000000 _____ () C:\Users\laci\AppData\Local\{BA39BC16-D7A1-404E-A674-86954629DAE7}

    2015-07-15 10:53 - 2016-04-10 12:44 - 0003293 _____ () C:\ProgramData\hpzinstall.log


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\windows\system32\winlogon.exe => File is digitally signed

    C:\windows\system32\wininit.exe => File is digitally signed

    C:\windows\SysWOW64\wininit.exe => File is digitally signed

    C:\windows\explorer.exe => File is digitally signed

    C:\windows\SysWOW64\explorer.exe => File is digitally signed

    C:\windows\system32\svchost.exe => File is digitally signed

    C:\windows\SysWOW64\svchost.exe => File is digitally signed

    C:\windows\system32\services.exe => File is digitally signed

    C:\windows\system32\User32.dll => File is digitally signed

    C:\windows\SysWOW64\User32.dll => File is digitally signed

    C:\windows\system32\userinit.exe => File is digitally signed

    C:\windows\SysWOW64\userinit.exe => File is digitally signed

    C:\windows\system32\rpcss.dll => File is digitally signed

    C:\windows\system32\dnsapi.dll => File is digitally signed

    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed

    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



    LastRegBack: 2016-11-16 18:17


    ==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016

    Ran by laci (18-11-2016 23:17:42)

    Running from C:\Users\laci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZAQQL01

    Windows 7 Ultimate Service Pack 1 (X64) (2011-07-29 18:42:41)

    Boot Mode: Normal

    ==========================================================



    ==================== Accounts: =============================


    Administrator (S-1-5-21-394972508-1588171768-45821406-500 - Administrator - Disabled)

    Guest (S-1-5-21-394972508-1588171768-45821406-501 - Limited - Disabled)

    HomeGroupUser$ (S-1-5-21-394972508-1588171768-45821406-1002 - Limited - Enabled)

    laci (S-1-5-21-394972508-1588171768-45821406-1001 - Administrator - Enabled) => C:\Users\laci

    Standard (S-1-5-21-394972508-1588171768-45821406-1004 - Limited - Enabled) => C:\Users\Standard


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden

    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)

    Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)

    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)

    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)

    Adobe PhotoDeluxe Home Edition 4.0 (HKLM-x32\...\Adobe PhotoDeluxe Home Edition 4.0) (Version: 4.0 - Adobe Systems, Inc.)

    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    D2600 (x32 Version: 130.0.406.000 - Hewlett-Packard) Hidden

    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

    Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)

    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)

    Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)

    Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)

    Dell System Detect - 1 (HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)

    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)

    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.)

    Dell VideoStage (x32 Version: 1.2.0.1719 - CyberLink Corp.) Hidden

    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)

    DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden

    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

    DJ_SF_05_D2600_Software_Min (x32 Version: 130.0.406.000 - Hewlett-Packard) Hidden

    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)

    HP Deskjet D2600 Printer Driver Software 13.0 Rel .5 (HKLM\...\{80D3CFFD-4CB5-47A1-8779-11A720A9ADB2}) (Version: 13.0 - HP)

    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

    HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

    HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)

    HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)

    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)

    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

    HP Support Solutions Framework (HKLM-x32\...\{81E14A67-42ED-4DD0-AE08-366FE3D3102E}) (Version: 11.50.0012 - Hewlett-Packard Company)

    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)

    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

    hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden

    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden

    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)

    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)

    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)

    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)

    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)

    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)

    Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)

    Jacquie Lawson Edwardian Advent Calendar (HKLM-x32\...\JLAdventCalendarEdwardian2013) (Version: 1.0.1 - MicroCourt Limited)

    Jacquie Lawson Edwardian Advent Calendar (x32 Version: 1.0.1 - MicroCourt Limited) Hidden

    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

    Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)

    Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)

    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

    Readonweb CleanPage (HKLM-x32\...\{2646027E-3FE7-45FB-B894-4394AB161B14}) (Version: 1.4.0002 - Readonweb, LLC)

    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)

    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)

    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)

    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden

    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)

    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

    Scrivener Update (HKLM-x32\...\Scrivener 1030) (Version: 1610 - Literature and Latte)

    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)

    Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)

    SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)

    SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

    Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

    SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)

    Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)

    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

    TouchFreeze (HKLM-x32\...\{D031E017-2434-40A7-A352-4DDD0199170D}) (Version: 1.0.2 - Ivan Zhakov)

    TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

    WiTopia (HKLM\...\{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1) (Version: 2.3.7.239 - WiTopia)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {06637872-16A8-4110-B7B1-4B65DE4BDF8C} - System32\Tasks\{4C2A83C0-76A7-4ACE-A092-7BE85785DAE8} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116&LastError=12002

    Task: {240D5E1C-9AEA-44E3-9ECD-AFB6636E5CE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-17] (Google Inc.)

    Task: {2EED4E06-65BC-4F0D-A749-A468AA9EBEAB} - System32\Tasks\{CEA097FE-8DB7-4530-B2A2-C0414DEA4D6F} => C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe

    Task: {49454757-0914-47D2-856A-251249F63090} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

    Task: {5008C088-5365-40FA-9E67-3A55A620A8EA} - System32\Tasks\{2E35A73F-B8D7-44F7-952C-3C39E5B38DAA} => C:\Program Files\Adobe Photodeluxe 4.0\AUTOPLAY.EXE [1998-08-14] (Adobe Systems, Incorporated)

    Task: {52DE2E43-F4AF-4437-AC2F-3DB715A1C14A} - System32\Tasks\{5896FBB4-8F03-40BC-81E3-EDC22F62603C} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsProgressBar

    Task: {5835217F-F559-4BA7-BBD7-F3994C9805C6} - System32\Tasks\{B034E6A6-8244-45D0-9871-92248C41DA43} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.27.0.101&LastError=12002

    Task: {5D1D4D8C-BEF5-4333-829D-6F872F644F41} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)

    Task: {66C2D665-4CD5-42BE-A1AF-D9349E418DCF} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.)

    Task: {6954C4A0-E116-462D-BB7B-EF524150673A} - System32\Tasks\CCleanerSkipUAC => C:\Users\laci\Documents\COMPUTER\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

    Task: {6D9880B0-3598-4027-9352-4CB7F09D063B} - System32\Tasks\{89E7F0F2-6630-45FE-AA66-D41513BE415D} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.27.0.101&LastError=12002

    Task: {6E5F2650-CD3E-4733-B7D1-8462B1AFDC30} - System32\Tasks\{8B17298D-F830-4C38-B378-1769267FEA31} => C:\Program Files\Adobe Photodeluxe 4.0\AUTOPLAY.EXE [1998-08-14] (Adobe Systems, Incorporated)

    Task: {7DF330A3-0C99-423E-848B-ED7D7CE9E7D1} - System32\Tasks\{9ACA841D-83C1-4C2F-996C-F73E48ED77A9} => C:\Program Files\Adobe Photodeluxe 4.0\AUTOPLAY.EXE [1998-08-14] (Adobe Systems, Incorporated)

    Task: {8673789C-983E-4E62-94C4-6C3B5294F015} - System32\Tasks\{2C7B82DE-AE61-4447-B484-7EBFA631CD0C} => C:\Program Files\Adobe Photodeluxe 4.0\AUTOPLAY.EXE [1998-08-14] (Adobe Systems, Incorporated)

    Task: {8A3548B7-25D2-42B4-AB91-79BBAD02FF13} - System32\Tasks\{F36972D8-E625-4048-886A-7B9A007C72B3} => C:\Program Files\Adobe Photodeluxe 4.0\AUTOPLAY.EXE [1998-08-14] (Adobe Systems, Incorporated)

    Task: {8C9D81BD-0967-40E0-B8AE-4C01988649F1} - System32\Tasks\{D8371469-2852-4C29-8B6E-377E5AF28F13} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.27.0.101&LastError=12002

    Task: {90881D8B-A7AE-41BC-9F94-B1B6F968774E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)

    Task: {9470F2B5-9A32-4593-81E8-CBE3DD097EB0} - System32\Tasks\{43DC4C38-4B4E-43C0-BF2D-AD00F507D67F} => C:\Program Files\Adobe Photodeluxe 4.0\AUTOPLAY.EXE [1998-08-14] (Adobe Systems, Incorporated)

    Task: {A0EEF1EA-049A-4DC6-8648-9FDD9EFBE044} - System32\Tasks\{2894A55B-9888-43DC-B54C-1B2979DE71BC} => C:\Program Files\Adobe Photodeluxe 4.0\AUTOPLAY.EXE [1998-08-14] (Adobe Systems, Incorporated)

    Task: {A937D673-3BBD-4839-8447-2F80134F600F} - System32\Tasks\{E6C337ED-3663-40F3-8F31-A6EB39805FB9} => C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe

    Task: {BBDC94AE-A793-4910-971E-1AA3273A1831} - System32\Tasks\{C088EF0D-F4B8-4A92-996D-91CA631738B5} => C:\Program Files (x86)\Adobe\PhotoDeluxe Home Edition 4.0\PD4.exe [2016-03-30] (Adobe Systems, Inc.)

    Task: {D10F0E09-84FE-44C8-B578-4BFE728993CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-17] (Google Inc.)

    Task: {E876091E-1E70-4D18-ACDF-0E05927DB313} - System32\Tasks\{D26E2E96-7BBE-495F-938F-9056918BEA35} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.27.0.101&LastError=12002

    Task: {F2879D50-7F38-44E8-BE34-D61750FE171A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-394972508-1588171768-45821406-1004


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\laci\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com


    ==================== Loaded Modules (Whitelisted) ==============


    2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

    2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll

    2016-09-12 09:49 - 2016-09-12 09:49 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e527dba01c95d651b386222ed2e67d8e\IsdiInterop.ni.dll

    2011-07-23 00:17 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)


    AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [256]


    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)



    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)


    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com


    There are 7864 more sites.


    IE trusted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\dell.com -> dell.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\007guard.com -> install.007guard.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\008i.com -> 008i.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\008k.com -> www.008k.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\00hq.com -> www.00hq.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\010402.com -> 010402.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\0190-dialers.com -> 0190-dialers.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\01i.info -> 01i.info

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\0411dd.com -> 0411dd.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\0511zfhl.com -> 0511zfhl.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\05p.com -> 05p.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\0632qyw.com -> 0632qyw.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\0calories.net -> 0calories.net

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\0cj.net -> 0cj.net

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\0scan.com -> www.0scan.com

    IE restricted site: HKU\S-1-5-21-394972508-1588171768-45821406-1001\...\1-2005-search.com -> www.1-2005-search.com


    There are 12681 more sites.



    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2009-07-13 21:34 - 2016-03-23 05:46 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts



    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-394972508-1588171768-45821406-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\laci\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    DNS Servers: 192.168.1.1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartup


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe

    FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe

    FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe

    FirewallRules: [{C08A54CA-46D8-4452-AF67-F42B7BFD2995}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

    FirewallRules: [{4AB73AAA-0799-4258-9E0C-138366CA9502}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe


    ==================== Restore Points =========================


    30-10-2016 12:08:35 Windows Update

    31-10-2016 11:04:47 Windows Backup

    31-10-2016 12:05:03 Restore Operation

    31-10-2016 12:21:30 Windows Backup

    31-10-2016 13:32:37 Windows Update

    04-11-2016 12:22:14 Windows Update

    06-11-2016 19:00:38 Windows Backup

    07-11-2016 12:35:20 Windows Update

    11-11-2016 13:00:36 Windows Update

    14-11-2016 13:13:02 Windows Backup

    15-11-2016 12:12:08 Windows Update

    16-11-2016 18:39:25 Restore Operation

    17-11-2016 21:53:58 Installed Adblock Plus for IE (32-bit and 64-bit)

    18-11-2016 13:48:33 Windows Update


    ==================== Faulty Device Manager Devices =============


    Name: Viscosity Virtual Adapter V9.1

    Description: Viscosity Virtual Adapter V9.1

    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

    Manufacturer: SparkLabs Pty Ltd

    Service: visctap0901

    Problem: : This device is disabled. (Code 22)

    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.



    ==================== Event log errors: =========================


    Application errors:

    ==================

    Error: (11/18/2016 09:43:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


    Error: (11/18/2016 12:36:04 PM) (Source: CVHSVC) (EventID: 100) (User: )

    Description: Information only.

    (Stream product id=0x0066): Streaming Failed


    Error: (11/18/2016 12:32:57 PM) (Source: CVHSVC) (EventID: 100) (User: )

    Description: Information only.

    Too many failures while downloading ranges: 2


    Error: (11/18/2016 12:30:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


    Error: (11/18/2016 12:26:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

    Description: The index cannot be initialized.


    Details:

    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    Error: (11/18/2016 12:26:24 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

    Description: The application cannot be initialized.


    Context: Windows Application


    Details:

    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    Error: (11/18/2016 12:26:24 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

    Description: The gatherer object cannot be initialized.


    Context: Windows Application, SystemIndex Catalog


    Details:

    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    Error: (11/18/2016 12:26:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.


    Context: Windows Application, SystemIndex Catalog


    Details:

    Element not found. (HRESULT : 0x80070490) (0x80070490)


    Error: (11/18/2016 12:26:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

    Description: The plug-in in <Search.JetPropStore> cannot be initialized.


    Context: Windows Application, SystemIndex Catalog


    Details:

    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    Error: (11/18/2016 12:26:22 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

    Description: The Windows Search Service cannot load the property store information.


    Context: Windows Application, SystemIndex Catalog


    Details:

    The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)



    System errors:

    =============

    Error: (11/18/2016 10:46:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

    Description: The following fatal alert was received: 70.


    Error: (11/18/2016 09:49:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

    Description: The following fatal alert was received: 70.


    Error: (11/18/2016 09:49:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

    Description: The following fatal alert was received: 70.


    Error: (11/18/2016 09:49:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

    Description: The following fatal alert was received: 70.


    Error: (11/18/2016 04:18:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

    Description: The following fatal alert was received: 40.


    Error: (11/18/2016 01:04:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

    Description: The following fatal alert was received: 70.


    Error: (11/18/2016 12:30:56 PM) (Source: DCOM) (EventID: 10010) (User: )

    Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.


    Error: (11/18/2016 12:29:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

    Description: Microsoft Antimalware has encountered an error trying to update signatures.


    New Signature Version:


    Previous Signature Version: 1.231.1933.0


    Update Source: Microsoft Malware Protection Center


    Update Stage: Download


    Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094


    Signature Type: AntiSpyware


    Update Type: Full


    User: NT AUTHORITY\NETWORK SERVICE


    Current Engine Version:


    Previous Engine Version: 1.1.13202.0


    Error code: 0x80072ee2


    Error description: The operation timed out


    Error: (11/18/2016 12:29:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

    Description: Microsoft Antimalware has encountered an error trying to update signatures.


    New Signature Version:


    Previous Signature Version: 1.231.1933.0


    Update Source: Microsoft Malware Protection Center


    Update Stage: Download


    Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094


    Signature Type: AntiVirus


    Update Type: Full


    User: NT AUTHORITY\NETWORK SERVICE


    Current Engine Version:


    Previous Engine Version: 1.1.13202.0


    Error code: 0x80072ee2


    Error description: The operation timed out


    Error: (11/18/2016 12:27:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

    Description: Microsoft Antimalware has encountered an error trying to update signatures.


    New Signature Version:


    Previous Signature Version: 1.231.1933.0


    Update Source: Microsoft Update Server


    Update Stage: Search


    Source Path: http://www.microsoft.com


    Signature Type: AntiVirus


    Update Type: Full


    User: NT AUTHORITY\SYSTEM


    Current Engine Version:


    Previous Engine Version: 1.1.13202.0


    Error code: 0x80072efe


    Error description: The connection with the server was terminated abnormally



    CodeIntegrity:

    ===================================

    Date: 2016-10-26 11:01:41.874

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\visctap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2016-10-26 11:01:41.614

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\visctap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2016-07-14 14:41:14.359

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\visctap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2016-07-14 14:41:14.063

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\visctap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz

    Percentage of memory in use: 41%

    Total physical RAM: 4003.18 MB

    Available physical RAM: 2356.55 MB

    Total Virtual: 8004.56 MB

    Available Virtual: 5673.04 MB


    ==================== Drives ================================


    Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:210.09 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 42EEC30E)

    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)

    Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Those logs do not indicate any obvious Malware or Infection... You mention problems when surfing, it would seem there is VPN software being used for that purpose. Event viewer entries show problems with that software..
    I would recommend you uninstall any/all VPN software and surf normally, see if there is any improvement. I suppose you will be aware of the reason to use such software...

    Thank you,

    Kevin.
     
  7. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    340
    Hi Kevin:

    Just trying to get my husband's computer to connect to Google takes 5 or 6 minutes, while my computer running at the same time connects in seconds. We use a VPN on and off but there seems to be no difference in what it does to his computer. There must be something else going on. Today, he couldn't even connect to his Gmail account, it was taking so long. Is there something else that could point to the problem?

    Jane
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hello Jane,

    Thanks for the update, run the following..

    Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

    There are three buttons to choose from with different names on, select the first one and save it to your desktop.

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
    • If the tool does not run from any of the links provided, please let me know.

    Next

    Download AdwCleaner by Xplode onto your Desktop.

    • Double click on Adwcleaner.exe to run the tool.
    • Click on the Scan in the Actions box
    • Please wait fot the scan to finish..
    • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
    • Click on the Cleaning box.
    • Next click OK on the "Closing Programs" pop up box.
    • Click OK on the Information box & again OK to allow the necessary reboot
    • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

    Next,

    Download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
    • Now select > Scan > Threat scan > Scan now
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    To get the log from Malwarebytes do the following:

    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

    Post those logs...

    Thank you,

    Kevin
     
  9. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    340
    Hi Kevin:

    We lost power for 2 days so am just now getting to the next scans. Will be back with you as soon as I complete them.

    Many thanks,
    Jane
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Thanks for the update Jane, i`m based in the UK so will only be online for maybe 60 or 90 minutes...
     
  11. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    340
    Still working. It's going to take me a while. Maybe finished manana. Back to you then.

    Many thanks, Kevin.
    Jane
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Thanks for the update Jane, its midnight local time for me so i`m off to bed... catch up later...

    Cheers,

    Kevin....
     
  13. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    340
    Finally -- here are the logs, Kevin. I don't have one for Adwcleaner as I goofed and didn't save the original one. It did find some infections, which it cleaned. When I ran it again it found nothing. Many thanks! Jane
    Rkill 2.8.4 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2016 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 11/23/2016 03:15:20 PM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 11/23/2016 03:16:42 PM
    Execution time: 0 hours(s), 1 minute(s), and 22 seconds(s)

    Update, 11/23/2016 5:35 PM, SYSTEM, LACI-PC, Manual, Remediation Database, 2016.2.12.1, 2016.9.21.1,
    Update, 11/23/2016 5:35 PM, SYSTEM, LACI-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.11.20.1,
    Update, 11/23/2016 5:35 PM, SYSTEM, LACI-PC, Manual, Domain Database, 2016.2.16.8, 2016.11.23.11,
    Update, 11/23/2016 5:36 PM, SYSTEM, LACI-PC, Manual, Malware Database, 2016.2.16.6, 2016.11.23.16,
    Error, 11/23/2016 6:02 PM, SYSTEM, LACI-PC, Manual, 0,
    Update, 11/23/2016 6:02 PM, SYSTEM, LACI-PC, Manual, IP Database, Failed, Unable to access update server, 2016.2.8.1, 2016.11.22.1,
    Update, 11/23/2016 6:02 PM, SYSTEM, LACI-PC, Manual, Domain Database, 2016.11.23.11, 2016.11.23.12,
    Update, 11/23/2016 6:02 PM, SYSTEM, LACI-PC, Manual, Malware Database, 2016.11.23.16, 2016.11.23.17,
    Scan, 11/23/2016 6:37 PM, SYSTEM, LACI-PC, Manual, Start:11/23/2016 6:02 PM, Duration:34 min 36 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

    (end)
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    One more scan....

    Download Sophos Free Virus Removal Tool and save it to your desktop.

    If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
    • If no threats were found please confirm that result....

    Thank you,

    Kevin...
     
  15. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    340
    Kevin, I can't get the program to download. The first time I tried it said it would take 2 hours and 51 minutes to complete, the second time 2:41. After waiting quite a while with not much happening, both times I aborted. Will try again tomorrow.

    The computer seems to be getting slower and slower every day.

    Back to you as soon as I can get the program to run.

    Many thanks,
    Jane
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1181140

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice