Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer is running slow

Started by july909 , Dec 27 2016 12:48 AM

  • Please log in to reply

#1
july909
Posted 27 December 2016 - 12:48 AM

july909

    New Member

  • Member
  • Pip
  • 1 posts

Computer is running slow, especially when online.  Sites take for ever to load up.   No pop ups.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by jose (26-12-2016 22:37:32)
Running from C:\Users\jose\Downloads
Microsoft Windows 7 Home Premium  (X86) (2013-08-18 05:46:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2211277778-1771987267-3249240118-500 - Administrator - Disabled)
Guest (S-1-5-21-2211277778-1771987267-3249240118-501 - Limited - Disabled)
jose (S-1-5-21-2211277778-1771987267-3249240118-1000 - Administrator - Enabled) => C:\Users\jose
Passw0rd (S-1-5-21-2211277778-1771987267-3249240118-1002 - Limited - Enabled) => C:\Users\Passw0rd
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ATI AVIVO Codecs (Version: 11.6.0.51221 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{C5DA5C0B-9697-72AA-0FF5-2BED67F1B872}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Canon LBP6030 6040 6018L Uninstaller (HKLM\...\Canon LBP6030 6040 6018L) (Version: 6, 1, 0, 0 - Canon Inc.)
ccc-core-static (Version: 2010.1221.2149.39115 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
EPSON Advanced Printer Driver 4 (HKLM\...\{11FF6AF6-0141-4EF8-829A-989459A1E5D8}) (Version: 4.55.0200 - SEIKO EPSON CORPORATION)
EPSON APD4 Point and Print Support (Version: 4.55.0200 - SEIKO EPSON CORPORATION) Hidden
EPSON APD4 Sample&Manual (HKLM\...\{0391634E-2C39-43BC-995C-EC04A74F77C1}) (Version: 1.00.0000 - SEIKO EPSON Corporation)
EPSON APD5 TM-T20 Sample&Manual (English) (HKLM\...\{5A4267F6-521B-4712-B2CC-961DEB86B440}) (Version: 1.00.0000 - SEIKO EPSON Corporation)
EPSON Port Communication Service (HKLM\...\{1C431535-5AB5-47D1-8E36-6C795AF913F7}) (Version: 3.6.0 - SEIKO EPSON CORPORATION)
EPSON TM Coupon Package (HKLM\...\{60ED98A7-BE97-4F26-B32E-5087337C6044}) (Version: 1.20.0000 - Seiko Epson Corporation) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{B4BEEEA3-05E9-4966-AE47-B0F3490564BE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
iCloud (HKLM\...\{478AD1F1-8F17-45ED-8B0F-CCEF42EB3F91}) (Version: 5.0.2.61 - Apple Inc.)
InstPortMon (Version: 1.2.0.0 - InstPortMon) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (Version: 1.01.10 - NETGEAR) Hidden
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Receipt Printer - epay (HKLM\...\{E564C2DB-4DD0-4AB1-A77F-744111ECC8EF}) (Version: 1.1.2 - Default Company Name)
Wireless Standard 9.1.6.0 (HKLM\...\Wireless Standard_is1) (Version: 9.1.6.0 - B2B Soft Inc.)
WMV9/VC-1 Video Playback (Version: 1.0.51221.2158 - ATI Technologies Inc.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000_Classes\CLSID\{43B6ADAA-6DE7-43C2-9206-3389C94B9531}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000_Classes\CLSID\{5EFC5294-6D6D-3BA1-A769-4AC271DCF6B3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000_Classes\CLSID\{6AAD2329-03DA-3C9C-990C-56CBA9FE8069}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000_Classes\CLSID\{EA7D5AE2-2134-3F0E-A422-5F43EB64DE1B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000_Classes\CLSID\{EAF741EF-6A3B-4DF5-8156-E7A62AAA136C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {29170A01-6585-4828-99A1-893D43173970} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {2C401C94-2E51-46A7-AD91-187F7B85E378} - System32\Tasks\Mlouugiuoemap => C:\ProgramData\Mlouugiuoemap\1.0.1.0\umiainow.exe <==== ATTENTION
Task: {3B55D12A-257A-4CE8-BCA4-CCD9B523D511} - \NSManager_1415748688 -> No File <==== ATTENTION
Task: {41BE4957-6542-46C3-BB53-0019449D4A59} - System32\Tasks\{126132F8-91C0-473A-9579-D6D2F8245948} => pcalua.exe -a "C:\Users\jose\DOCUME~1\BitLord\Microsoft Office 2007\setup.exe" -d "C:\Users\jose\DOCUME~1\BitLord\Microsoft Office 2007"
Task: {57B849AB-23DB-43BB-9866-15B7C83CCC66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7597D12B-DE71-49E8-9F6D-E7E123533121} - \SuperFastPC_AutorunOnStartup -> No File <==== ATTENTION
Task: {BE41A09C-E967-4C94-8BD0-D19B510C3228} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {C5CC953A-D750-4096-9849-FFF925068349} - \GeniusBox -> No File <==== ATTENTION
Task: {EAB752CF-E22B-44FF-B040-5DB533D1EDE1} - System32\Tasks\Validate Installation => C:\Program Files\user extensions\updater.exe <==== ATTENTION
Task: {F175D158-2D73-44FD-ADB6-DC4A89A6A966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F8CB12AC-DE53-4908-9CB8-DC666BD3F770} - System32\Tasks\Check Updates => C:\Program Files\user extensions\updater.exe <==== ATTENTION
Task: {FB40D6B5-8B24-4A6E-AAC9-BD3021413661} - \watchHealth -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-10-14 09:59 - 2012-08-21 15:06 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2013-10-14 09:59 - 2012-08-21 15:06 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2011-06-30 21:23 - 2011-06-30 21:23 - 00167936 _____ () C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
2010-12-21 20:59 - 2010-12-21 20:59 - 00072192 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2009-08-04 16:23 - 2009-08-04 16:23 - 00063032 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPTools.dll
2009-08-04 16:23 - 2009-08-04 16:23 - 00075320 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPToolkit.dll
2010-12-21 20:59 - 2010-12-21 20:59 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2010-12-21 20:47 - 2010-12-21 20:47 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-26 13:51 - 2010-08-26 13:51 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2016-12-14 21:24 - 2016-12-07 23:29 - 01829208 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 21:24 - 2016-12-07 23:29 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [121]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\publicmobile.ca -> hxxps://publicmobile.ca
IE trusted site: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\qpay123.com -> hxxps://qpay123.com
IE trusted site: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\qpayreport.com -> hxxps://qpayreport.com
IE trusted site: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\t-mobile.com -> hxxps://t-mobile.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jose\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP LaserJet Service => 2
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA1000M Genie.lnk => C:\Windows\pss\NETGEAR WNA1000M Genie.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Select a coupon.lnk => C:\Windows\pss\Select a coupon.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FA7413A9-14DB-4BA1-9C26-30B09C6006FA}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B1260301-A9F5-4EE0-AD42-08289C5EB291}] => D:\ProductInst.exe
FirewallRules: [{A59C7C20-78EF-447D-9293-D96BF23FC484}] => D:\ProductInst.exe
FirewallRules: [{9E80E9CA-127C-41F9-9C2C-C5CF9BA1727F}] => LPort=9100
FirewallRules: [{1D7290AF-E157-42B5-A2D1-35AE038083A7}] => LPort=427
FirewallRules: [{3CB08980-2FB9-48CD-918F-6568AC7B0BC1}] => LPort=161
FirewallRules: [{ED25C00E-F8A0-4670-8534-9D96BF359DA1}] => C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe
FirewallRules: [{D85DDD33-665B-486F-A5BB-5D5F7311E12C}] => C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe
FirewallRules: [{9367F95B-0963-4796-909E-8E4867CBBF3B}] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{99C62417-9464-44C7-A7E1-65B70C3702D2}] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CF7994A7-F888-42EE-A760-B26C0A89176E}] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BE28EBF1-5D81-4DCD-AF85-DDD34BB9D7E6}] => C:\Program Files\MediatekWiFi\Common\RaUI.exe
FirewallRules: [{CA612FE1-40FC-4944-A732-066D6DAC88E4}] => C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
18-11-2016 15:29:27 Windows Update
22-11-2016 15:26:54 Windows Update
26-11-2016 15:26:08 Windows Update
30-11-2016 15:26:40 Windows Update
04-12-2016 01:50:35 Windows Update
07-12-2016 10:25:23 Windows Update
09-12-2016 13:18:04 Removed Microsoft Silverlight
10-12-2016 18:43:18 Windows Update
15-12-2016 18:16:56 Windows Update
19-12-2016 18:12:43 Windows Update
22-12-2016 18:15:21 Windows Update
26-12-2016 15:17:03 Restore Operation
26-12-2016 15:34:44 Windows Update
26-12-2016 20:54:55 Removed Adobe Acrobat Reader DC.
26-12-2016 20:56:10 Removed OpenOffice 4.1.0
26-12-2016 20:58:46 Removed Apple Software Update
26-12-2016 21:04:46 Removed Mediatek Wireless LAN
26-12-2016 21:08:38 Removed Apple Software Update
26-12-2016 21:09:14 Removed Bonjour
26-12-2016 21:09:52 Removed Apple Mobile Device Support
26-12-2016 21:10:43 Removed iTunes
26-12-2016 21:13:03 Removed QuickTime 7
26-12-2016 21:14:02 Removed Apple Application Support (32-bit)
26-12-2016 21:18:49 Removed Microsoft Office Excel Viewer
26-12-2016 21:19:37 Removed Microsoft Office Word Viewer 2003
26-12-2016 21:20:08 Removed Compatibility Pack for the 2007 Office system
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/26/2016 09:28:15 PM) (Source: .NET Runtime) (EventID: 1022) (User: jose-PC)
Description: .NET Runtime version 4.0.30319.1 - Loading profiler failed.  COR_ENABLE_PROFILING was set properly, but COR_PROFILER was not.  COR_PROFILER must be set to the CLSID of the profiler to load.  Process ID (decimal): 216.  Message ID: [0x2500].
 
Error: (12/26/2016 09:25:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program InstStub.exe version 4.0.3.27 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c7c
 
Start Time: 01d26000fb588b25
 
Termination Time: 23
 
Application Path: C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.3.27\InstStub.exe
 
Report Id:
 
Error: (12/26/2016 08:53:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (12/26/2016 02:53:49 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (12/26/2016 12:30:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\HP\HP Photosmart Plus B210 series\DriverStore\Pipeline\amd64\hpinkins8e11.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/25/2016 07:41:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (12/25/2016 12:30:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\HP\HP Photosmart Plus B210 series\DriverStore\Pipeline\amd64\hpinkins8e11.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/24/2016 12:24:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (12/24/2016 12:30:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\HP\HP Photosmart Plus B210 series\DriverStore\Pipeline\amd64\hpinkins8e11.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/23/2016 07:15:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wc_core.exe, version: 9.1.6.0, time stamp: 0x56d06ac4
Faulting module name: clr.dll, version: 4.0.30319.1, time stamp: 0x4ba1d9ef
Exception code: 0xc0000005
Fault offset: 0x0005deb4
Faulting process id: 0x16e8
Faulting application start time: 0x01d257c152f4617d
Faulting application path: C:\Program Files\BTB Soft\Wireless Standard\bin\wc_core.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Report Id: 36f21437-c987-11e6-831c-eca86b90174d
 
 
System errors:
=============
Error: (12/26/2016 10:08:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/26/2016 10:08:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (12/26/2016 09:54:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (12/26/2016 09:34:54 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT AUTHORITY)
Description: SAM failed to start the TCP/IP or SPX/IPX listening thread
 
Error: (12/26/2016 09:34:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (12/26/2016 09:33:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (12/26/2016 08:53:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EPSON PCS Parallel Port Driver service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (12/26/2016 08:43:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (12/26/2016 08:42:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (12/26/2016 08:41:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-350 Processor
Percentage of memory in use: 77%
Total physical RAM: 1528.27 MB
Available physical RAM: 349.57 MB
Total Virtual: 3056.53 MB
Available Virtual: 1409.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:395.53 GB) NTFS
Drive d: (WN_V6.75V) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B25EC62F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2016
Ran by jose (administrator) on JOSE-PC (26-12-2016 22:35:47)
Running from C:\Users\jose\Downloads
Loaded Profiles: jose (Available Profiles: jose & Passw0rd)
Platform: Microsoft Windows 7 Home Premium  (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe
() C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP3LAK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNABHSWK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7731744 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [CNAP3 Launcher] => C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP3LAK.EXE [228520 2012-06-13] (CANON INC.)
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\MountPoints2: F - F:\Install_FiveStars.bat
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\MountPoints2: {268b521c-1e83-11e5-b2cb-eca86b90174d} - F:\menu.exe
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\MountPoints2: {8636f137-2f82-11e3-a897-eca86b90174d} - F:\SISetup.exe
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\MountPoints2: {a19c0401-07c9-11e3-bbf2-f07b264284a9} - F:\fscommand\LS_Start_Launch.exe
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\MountPoints2: {aec066eb-081f-11e3-b3d2-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\...\MountPoints2: {ec5a5fd2-bf3b-11e3-8480-eca86b90174d} - F:\Install_FiveStars.bat
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2211277778-1771987267-3249240118-1000] => http=127.0.0.1:49182;https=127.0.0.1:49182
AutoConfigURL: [S-1-5-21-2211277778-1771987267-3249240118-1000] => http=127.0.0.1:49182;https=127.0.0.1:49182
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{76BEF312-A003-4568-B865-56CD38AE5F16}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{A7210023-258E-4378-BB55-ECB649D57E89}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1386541226&from=cor&uid=ST3500413AS_Z2APHAV5XXXXZ2APHAV5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-sgm&type=20140218,155
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1386541226&from=cor&uid=ST3500413AS_Z2APHAV5XXXXZ2APHAV5&q={searchTerms}
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wirelessdealergroup.com/
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\Windows\system32\mscoree.dll [2009-11-25] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2211277778-1771987267-3249240118-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: 2qcu79lg.default
FF ProfilePath: C:\Users\jose\AppData\Roaming\Mozilla\Firefox\Profiles\2qcu79lg.default [2016-12-26]
FF HKLM\...\Firefox\Extensions: [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] - 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => not found
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR Profile: C:\Users\jose\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (Google Docs) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-20]
CHR Extension: (YouTube) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Google Docs Offline) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Users\jose\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-26]
CHR Profile: C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-26]
CHR Extension: (Google Docs) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-01]
CHR Extension: (Google Wallet) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-01]
CHR Profile: C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-26]
CHR Extension: (Google Slides) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-30]
CHR Extension: (Google Docs) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-30]
CHR Extension: (Google Drive) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-30]
CHR Extension: (Gmail) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-30]
CHR Profile: C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19]
CHR Profile: C:\Users\jose\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-26]
CHR Extension: (Google Slides) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]
CHR Extension: (Google Docs) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]
CHR Extension: (Google Drive) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-08]
CHR Extension: (YouTube) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-08]
CHR Extension: (Google Search) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-08]
CHR Extension: (Google Sheets) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]
CHR Extension: (Gmail) - C:\Users\jose\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]
CHR HKU\S-1-5-21-2211277778-1771987267-3249240118-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284672 2010-12-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [333824 2012-11-29] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [433152 2012-11-29] (SEIKO EPSON CORPORATION) [File not signed]
S4 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACR122U; C:\Windows\System32\DRIVERS\acr122.sys [54400 2014-08-21] (Advanced Card Systems Ltd.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66176 2013-08-18] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [31872 2013-08-18] (Advanced Micro Devices)
S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [19592 2012-11-29] (SEIKO EPSON CORPORATION)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [734824 2011-01-31] (Realtek Semiconductor Corporation                           )
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2012-03-01] (Seiko Epson Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-26 22:35 - 2016-12-26 22:36 - 00015220 _____ C:\Users\jose\Downloads\FRST.txt
2016-12-26 22:35 - 2016-12-26 22:35 - 01762816 _____ (Farbar) C:\Users\jose\Downloads\FRST.exe
2016-12-26 22:35 - 2016-12-26 22:35 - 00000000 ____D C:\FRST
2016-12-26 21:07 - 2009-07-13 14:02 - 00657408 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys
2016-12-26 17:48 - 2016-12-26 17:48 - 00000000 ____D C:\Users\Passw0rd\AppData\Local\AMD
2016-12-26 17:47 - 2016-12-26 17:47 - 00117776 _____ C:\Users\Passw0rd\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-26 17:47 - 2016-12-26 17:47 - 00001417 _____ C:\Users\Passw0rd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-26 17:47 - 2016-12-26 17:47 - 00000000 ____D C:\Users\Passw0rd\AppData\Roaming\ATI
2016-12-26 17:47 - 2016-12-26 17:47 - 00000000 ____D C:\Users\Passw0rd\AppData\Roaming\Apple Computer
2016-12-26 17:47 - 2016-12-26 17:47 - 00000000 ____D C:\Users\Passw0rd\AppData\Roaming\Adobe
2016-12-26 17:47 - 2016-12-26 17:47 - 00000000 ____D C:\Users\Passw0rd\AppData\Local\Google
2016-12-26 17:47 - 2016-12-26 17:47 - 00000000 ____D C:\Users\Passw0rd\AppData\Local\ATI
2016-12-26 17:47 - 2016-12-26 17:47 - 00000000 ____D C:\Users\Passw0rd\AppData\Local\Adobe
2016-12-26 17:46 - 2016-12-26 17:47 - 00000000 ____D C:\Users\Passw0rd
2016-12-26 17:46 - 2016-12-26 17:46 - 00000258 __RSH C:\Users\Passw0rd\ntuser.pol
2016-12-26 17:46 - 2016-12-26 17:46 - 00000020 ___SH C:\Users\Passw0rd\ntuser.ini
2016-12-26 17:46 - 2016-12-26 17:46 - 00000000 _SHDL C:\Users\Passw0rd\My Documents
2016-12-26 17:46 - 2016-12-26 17:46 - 00000000 _SHDL C:\Users\Passw0rd\Documents\My Videos
2016-12-26 17:46 - 2016-12-26 17:46 - 00000000 _SHDL C:\Users\Passw0rd\Documents\My Pictures
2016-12-26 17:46 - 2016-12-26 17:46 - 00000000 _SHDL C:\Users\Passw0rd\Documents\My Music
2016-12-26 17:46 - 2016-12-26 17:46 - 00000000 ____D C:\Users\Passw0rd\AppData\Local\VirtualStore
2016-12-26 17:46 - 2014-11-10 20:00 - 00000000 ____D C:\Users\Passw0rd\AppData\Local\LogMeIn
2016-12-26 17:46 - 2009-07-13 23:48 - 00000000 ____D C:\Users\Passw0rd\AppData\Roaming\Media Center Programs
2016-12-08 18:31 - 2016-12-26 20:57 - 00000000 ____D C:\Windows\Minidump
2016-11-28 16:55 - 2016-11-25 15:58 - 00015606 _____ C:\Users\jose\Documents\boost%20texting%20formula.xlsx_0.ods
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-26 22:32 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-26 22:32 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-26 22:14 - 2013-08-17 21:52 - 00782154 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-26 22:14 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-12-26 22:08 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-26 21:54 - 2009-07-13 20:33 - 03816080 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-26 21:28 - 2013-08-17 22:12 - 00111768 _____ C:\Users\jose\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-26 21:20 - 2013-11-25 15:21 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-26 21:18 - 2013-11-20 15:37 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-12-26 21:17 - 2013-11-20 15:37 - 00000000 ____D C:\ProgramData\Adobe
2016-12-26 21:14 - 2014-06-25 15:27 - 00000000 ____D C:\ProgramData\Apple
2016-12-26 21:14 - 2014-06-25 15:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-26 21:07 - 2013-08-17 22:06 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-26 20:57 - 2014-07-25 12:30 - 00000000 ____D C:\Program Files\OpenOffice 4
2016-12-26 20:56 - 2013-11-20 15:37 - 00000000 ____D C:\Program Files\Adobe
2016-12-26 20:46 - 2014-02-18 11:16 - 00000000 ____D C:\ProgramData\Yahoo!
2016-12-26 20:46 - 2014-02-18 11:15 - 00000000 ____D C:\Program Files\Yahoo!
2016-12-26 20:43 - 2015-06-08 12:26 - 00000000 ____D C:\Users\jose\AppData\Local\Torch
2016-12-26 20:41 - 2013-11-24 11:51 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-26 17:50 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system32\NDF
2016-12-26 15:52 - 2016-10-14 11:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-26 15:41 - 2013-08-17 21:47 - 00000000 ____D C:\Users\jose
2016-12-26 15:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2016-12-14 21:24 - 2013-08-17 22:22 - 00002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 21:24 - 2013-08-17 22:22 - 00002048 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 18:01 - 2013-08-17 22:21 - 00000000 ____D C:\Program Files\Google
2016-12-09 13:24 - 2013-08-17 22:21 - 00000000 ____D C:\Users\jose\AppData\Local\Google
2016-12-08 15:36 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\DigitalLocker
2016-12-08 15:15 - 2015-06-01 13:49 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
 
==================== Files in the root of some directories =======
 
2013-12-08 14:23 - 2013-12-09 13:01 - 0000000 _____ () C:\Users\jose\AppData\Roaming\bitlord_log.txt
2014-06-05 12:47 - 2014-06-05 12:47 - 0000046 _____ () C:\Users\jose\AppData\Roaming\WB.CFG
2015-05-21 12:08 - 2015-05-21 12:08 - 0000064 _____ () C:\Users\jose\AppData\Local\82e6e4e9441806e5c5f9927a763615d4
2015-06-11 15:07 - 2015-06-11 15:07 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-24 00:40
 
==================== End of FRST.txt ============================

 


  • 0

Advertisements

#2
RKinner
Posted 27 December 2016 - 05:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall:
 
Norton Security Scan 
It's causing problems and you don't need it.
 
 
This software:
 
Wireless Standard 9.1.6.0 (HKLM\...\Wireless Standard_is1) (Version: 9.1.6.0 - B2B Soft Inc.)
 
is causing problems.  I know nothing about it but perhaps there is a newer version or perhaps all it needs is a reinstall.
 
You have a proxy and I can't see why you would need one so I think it's malware.  You also have an adware infection in IE (artemis).  We can remove them with a fixlist:
 
 

 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=83293:fixlist.txt]
 
Run FRST and press Fix
A fix log will be generated please post that 
(You may want to post the logs as you get them.  I don't mind multiple replies.)
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 

TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP