Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hi, I have an issue with my laptop


  • Please log in to reply

#1
67mopar

67mopar

    Member

  • Member
  • PipPipPip
  • 202 posts

I seem to keep having this issue, its like the laptop just picks up the same symptoms every three months or so.  its so slow, as if there are a zillion process runing and bogging the machine down to a crawl,  its a dell Lattitude e6540 64 bit windows 7   I also have a lot of script errors especially this one when trying to access Outlook cdn.viglink.com/api/vglnk.js:165 Here are my logs i hop one of you fine people can spot something simp[le Ive overlooked, Thank You,  Dean

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by dean (administrator) on DEAN-LP07 (17-01-2017 16:16:56)
Running from C:\Users\dean\Desktop
Loaded Profiles: dean (Available Profiles: admin & dean & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-02-08] (Intel® Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [115968 2013-07-23] (Waves Audio Ltd.)
HKLM\...\Run: [iTunesHelper] => "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-26] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3212AFFC-AC31-48CE-975D-C8AC7008FE22}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> URL hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-16] (Oracle Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)

FireFox:
========
FF DefaultProfile: araz5wr1.default
FF ProfilePath: C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default [2017-01-17]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\araz5wr1.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\araz5wr1.default -> hxxp://www.google.com/
FF Extension: (ADB Helper) - C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default\Extensions\[email protected] [2016-11-04]
FF Extension: (Valence) - C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default\Extensions\[email protected] [2016-05-27]
FF Extension: (Adblock Plus) - C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (BetterPrivacy) - C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-11-03]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)

Chrome:
=======
CHR Profile: C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Google Slides) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-12]
CHR Extension: (Google Docs) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-12]
CHR Extension: (Google Drive) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-12]
CHR Extension: (YouTube) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-12]
CHR Extension: (Avast SafePrice) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-12]
CHR Extension: (Google Sheets) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-13]
CHR Extension: (Avast Online Security) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-12]
CHR Extension: (Gmail) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-26] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-09-10] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254232 2016-11-15] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
S4 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{4B92F172-D79F-4E4A-8F94-4079344BA589}
S4 Intel® PROSet Monitoring Service; no ImagePath
S2 ZAMSvc; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
S3 catchme; no ImagePath
R3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DVDHelp; C:\Windows\System32\drivers\DVDHelp.sys [28696 2014-12-29] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-25] (Intel Corporation)
S3 GSVDRIVE; C:\Windows\System32\DRIVERS\GSVDRIVE.sys [28568 2014-12-29] (GiliSoft International LLC.) [File not signed]
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
S3 NAL; no ImagePath
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-05] (STMicroelectronics)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [28272 2017-01-17] ()
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)
S1 ZAM; no ImagePath
S1 ZAM_Guard; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 16:16 - 2017-01-17 16:19 - 00020351 _____ C:\Users\dean\Desktop\FRST.txt
2017-01-17 16:16 - 2017-01-17 16:16 - 02419200 _____ (Farbar) C:\Users\dean\Desktop\FRST64.exe
2017-01-17 13:27 - 2017-01-17 13:27 - 00000000 ____D C:\SUPERDelete
2017-01-17 12:16 - 2017-01-17 12:18 - 00002554 _____ C:\Users\dean\Desktop\Rkill.txt
2017-01-17 11:59 - 2017-01-17 11:59 - 00024753 _____ C:\ComboFix.txt
2017-01-17 10:58 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-17 10:58 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-17 10:58 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-17 10:58 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-17 10:58 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-17 10:58 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-17 10:58 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-17 10:58 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-17 10:53 - 2017-01-17 11:59 - 00000000 ____D C:\Qoobox
2017-01-17 10:52 - 2017-01-17 11:53 - 00000000 ____D C:\Windows\erdnt
2017-01-17 10:52 - 2017-01-17 10:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\dean\Desktop\rkill.exe
2017-01-17 10:50 - 2017-01-17 10:50 - 05659349 ____R (Swearware) C:\Users\dean\Desktop\ComboFix.exe
2017-01-17 09:54 - 2017-01-17 09:54 - 03988944 _____ C:\Users\dean\Desktop\AdwCleaner.exe
2017-01-16 22:27 - 2017-01-16 22:27 - 01004192 _____ C:\Users\dean\Desktop\VzSpeedOptimizer100.exe
2017-01-13 14:35 - 2017-01-15 14:10 - 00000000 ____D C:\Users\dean\AppData\Roaming\FreeTelly
2017-01-13 14:31 - 2017-01-13 14:31 - 00000000 ____D C:\Users\dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeTelly
2017-01-13 14:31 - 2017-01-13 14:31 - 00000000 ____D C:\Program Files (x86)\FreeTelly
2017-01-13 14:27 - 2017-01-13 14:27 - 00000000 ____D C:\Users\dean\Desktop\FreeTellyWin
2017-01-13 14:25 - 2017-01-13 14:26 - 71753517 _____ C:\Users\dean\Desktop\FreeTellyWin.zip
2017-01-12 21:26 - 2017-01-12 21:26 - 00326693 _____ C:\Users\dean\Desktop\Boston Bruins Tickets _ Official NHL Ticket Exchange.htm
2017-01-12 21:26 - 2017-01-12 21:26 - 00000000 ____D C:\Users\dean\Desktop\Boston Bruins Tickets _ Official NHL Ticket Exchange_files
2017-01-12 10:26 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-12 10:26 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-12 10:26 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-12 10:26 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-12 10:26 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-12 10:26 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-12 10:26 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-12 10:26 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-12 10:26 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-12 10:26 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-12 10:26 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-12 10:26 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-12 10:26 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-11 21:50 - 2017-01-16 19:04 - 00000000 ____D C:\Users\dean\AppData\Roaming\Kodi
2017-01-11 21:37 - 2017-01-11 21:37 - 00000000 ____D C:\Users\dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2017-01-11 21:37 - 2017-01-11 21:37 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-01-11 21:27 - 2017-01-11 21:28 - 87266194 _____ C:\Users\dean\Desktop\kodi-16.1-Jarvis.exe
2017-01-10 10:29 - 2017-01-10 10:29 - 00000000 ____D C:\Users\dean\Desktop\New folder (4)
2017-01-10 10:29 - 2017-01-10 10:29 - 00000000 ____D C:\Users\dean\Desktop\New folder (2)
2017-01-10 08:56 - 2017-01-10 08:57 - 00000000 ____D C:\Users\dean\Desktop\New folder
2017-01-09 19:53 - 2016-12-04 19:56 - 424274536 ____N C:\Users\dean\Desktop\20161204_195250.mp4
2017-01-09 19:53 - 2016-12-04 19:46 - 356302863 ____N C:\Users\dean\Desktop\20161204_194340.mp4
2017-01-09 19:53 - 2016-12-04 19:36 - 555471256 ____N C:\Users\dean\Desktop\20161204_193149.mp4
2017-01-09 19:53 - 2016-11-29 09:05 - 78274212 ____N C:\Users\dean\Desktop\20161129_090434.mp4
2017-01-09 17:11 - 2017-01-09 17:11 - 00167169 _____ C:\Users\dean\Desktop\Gibraltar GMPR Multi Purpose Power Rack.htm
2017-01-09 17:11 - 2017-01-09 17:11 - 00000000 ____D C:\Users\dean\Desktop\Gibraltar GMPR Multi Purpose Power Rack_files
2017-01-09 10:03 - 2017-01-09 10:03 - 00447354 _____ C:\Users\dean\Desktop\Low-Carb Foods – Diet Doctor.htm
2017-01-09 10:03 - 2017-01-09 10:03 - 00000000 ____D C:\Users\dean\Desktop\Low-Carb Foods – Diet Doctor_files
2017-01-07 08:18 - 2017-01-07 08:18 - 00000000 ____D C:\Users\dean\AppData\Local\FreemakeVideoConverter
2017-01-07 08:17 - 2017-01-07 08:18 - 00000000 ____D C:\Users\dean\Documents\Freemake
2017-01-07 08:17 - 2017-01-07 08:18 - 00000000 ____D C:\ProgramData\Freemake
2017-01-07 08:17 - 2017-01-07 08:17 - 00001326 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2017-01-07 08:17 - 2017-01-07 08:17 - 00000000 ____D C:\Users\dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2017-01-07 08:17 - 2017-01-07 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-01-07 08:17 - 2017-01-07 08:17 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-01-06 16:44 - 2017-01-06 16:44 - 00001013 _____ C:\Users\Public\Desktop\ClipGrab.lnk
2017-01-06 16:44 - 2017-01-06 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2017-01-06 16:44 - 2017-01-06 16:44 - 00000000 ____D C:\Program Files (x86)\ClipGrab
2017-01-06 15:39 - 2017-01-06 15:40 - 21937512 _____ (Philipp Schmieder Medien ) C:\Users\dean\Desktop\clipgrab-3.6.2-portable.exe
2017-01-04 17:06 - 2017-01-04 17:06 - 02205139 _____ C:\Users\dean\Desktop\Beat Doc & Adam Challenge.htm
2017-01-04 17:06 - 2017-01-04 17:06 - 00000000 ____D C:\Users\dean\Desktop\Beat Doc & Adam Challenge_files
2017-01-03 16:27 - 2017-01-13 14:35 - 00000000 ____D C:\Users\dean\Desktop\Dragfest Show
2016-12-30 14:19 - 2016-12-30 14:24 - 00000000 ____D C:\Users\dean\Documents\Dell Downloads
2016-12-30 14:18 - 2017-01-06 17:04 - 00000000 ____D C:\Users\dean\AppData\Local\Deployment
2016-12-30 14:18 - 2016-12-30 14:18 - 00000000 ____D C:\Users\dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-30 14:18 - 2016-12-30 14:18 - 00000000 ____D C:\Users\dean\AppData\Local\Apps\2.0
2016-12-30 14:18 - 2016-12-30 14:18 - 00000000 ____D C:\Users\dean\AppData\Local\Apps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 16:16 - 2016-11-22 20:11 - 00000000 ____D C:\FRST
2017-01-17 16:14 - 2014-03-30 15:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-17 16:05 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-17 16:05 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-17 16:04 - 2014-03-30 16:02 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-01-17 16:01 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 16:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-01-17 15:59 - 2016-11-16 09:33 - 00000000 ____D C:\Users\dean\AppData\LocalLow\Mozilla
2017-01-17 15:55 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-17 15:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-17 15:27 - 2014-07-02 09:01 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-128144278-2142202361-184960113-7823.job
2017-01-17 14:34 - 2016-11-13 14:51 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-17 14:33 - 2016-11-13 14:51 - 00025060 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-01-17 13:58 - 2016-11-13 14:51 - 00050904 _____ C:\Windows\ZAM.krnl.trace
2017-01-17 13:47 - 2014-03-30 15:55 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-01-17 11:50 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2017-01-17 09:59 - 2016-11-22 17:11 - 00000000 ____D C:\AdwCleaner
2017-01-17 09:12 - 2016-11-13 10:18 - 01432668 _____ C:\Windows\ntbtlog.txt
2017-01-17 09:12 - 2016-03-26 18:49 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-17 08:52 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2017-01-16 22:47 - 2015-04-16 15:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-15 14:10 - 2016-11-19 15:33 - 00000000 ____D C:\Users\dean\AppData\Local\CrashDumps
2017-01-15 14:07 - 2016-11-23 09:59 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-13 08:24 - 2016-03-16 14:02 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-13 03:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-13 03:16 - 2015-12-15 17:26 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-01-12 14:59 - 2016-11-29 21:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-12 14:46 - 2015-04-16 16:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-12 10:14 - 2014-03-30 15:39 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-12 10:14 - 2014-03-30 15:39 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-12 10:14 - 2014-03-30 15:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-12 10:14 - 2014-03-30 15:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-12 10:14 - 2014-03-30 15:39 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-12 03:04 - 2014-05-16 12:50 - 00000000 ____D C:\Windows\system32\MRT
2017-01-12 03:00 - 2014-05-16 12:50 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-11 21:39 - 2014-03-30 15:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-11 09:26 - 2015-04-16 16:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-08 15:08 - 2016-08-31 07:35 - 00000000 ____D C:\Users\dean\Desktop\New folder (3)
2017-01-07 08:17 - 2015-11-21 17:54 - 00000000 ____D C:\ProgramData\Unchecky

==================== Files in the root of some directories =======

2015-04-16 15:01 - 2015-04-16 15:02 - 0000093 _____ () C:\Users\dean\AppData\Roaming\ARCompanion.log
2015-01-21 13:12 - 2015-04-16 01:12 - 0000063 _____ () C:\Users\dean\AppData\Roaming\WB.CFG

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 01:00

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by dean (17-01-2017 16:21:12)
Running from C:\Users\dean\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-05-16 17:27:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3339490808-3639073983-2094825787-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3339490808-3639073983-2094825787-500 - Administrator - Disabled)
dean (S-1-5-21-3339490808-3639073983-2094825787-1002 - Administrator - Enabled) => C:\Users\dean
Guest (S-1-5-21-3339490808-3639073983-2094825787-501 - Limited - Disabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
AML Free Registry Cleaner 4.25 (HKLM-x32\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version:  - AML SOFT, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audio Editor And Recorder Packages (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\Audio Editor And Recorder Packages) (Version:  - ) <==== ATTENTION
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Canon MG3100 series On-screen Manual (HKLM-x32\...\Canon MG3100 series On-screen Manual) (Version:  - )
Canon MG3100 series User Registration (HKLM-x32\...\Canon MG3100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
ClassicGamesRemade (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\ClassicGamesRemade) (Version:  - )
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
ClipGrab 3.6.2 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
FreeTelly (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\FreeTelly) (Version:  - ${COMPANY})
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
idoo DVD Ripper 6.1.0 (HKLM-x32\...\{DC858DB6-0659-165E-CF69-C6B78992F341}}_is1) (Version: 6.1.0 - idoo International LLC.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.52.1 (HKLM\...\PROSetDX) (Version: 18.5.52.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3204 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® WiDi (HKLM\...\{62E7C369-64FF-452C-8F46-6BE9B77FF097}) (Version: 4.0.18.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kodi (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Standard 2010 (HKLM-x32\...\Office14.PRJSTDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mimecast Services for Outlook 32-bit (HKLM-x32\...\{44C3BE40-6688-40F1-9C6F-1550D5E5868C}) (Version: 5.0.853.8820 - Mimecast Ltd)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Nuance PDF Converter Enterprise 8 (HKLM\...\{E5F6DE36-F554-47E9-B6F6-08788C720F55}) (Version: 8.10.6243 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM-x32\...\{E5F6DE36-F554-47E9-B6F6-08788C720F55}) (Version: 8.10.6243 - Nuance Communications, Inc.)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{C8B104BE-C895-4976-8295-0B190B53A8B6}) (Version: 3.0.08.18 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.08.18 - O2Micro International LTD.) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.2.0 - Adlice Software)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTDR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Unchecky v1.0.1 (HKLM-x32\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3C66BAE9-BA2E-4D07-9C63-84458A7A43C8} - System32\Tasks\SafeZone scheduled Autoupdate 1459037733 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {418B8689-A491-4CBE-8CB4-B39170B39440} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-26] (AVAST Software)
Task: {4F600FAF-764A-4406-911A-7DCEFBEC9277} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {58397141-DEF4-4A29-99CE-0409EAA6CC05} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {74059F74-38B4-4061-9D05-E100C46A7845} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {9A95B8F3-1550-4F9F-B538-8638721CAC8B} - System32\Tasks\G2MUpdateTask-S-1-5-21-128144278-2142202361-184960113-7823 => C:\Users\mras\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-07-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9F2B9428-9007-4A80-98AB-F6FB8E6FCD56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-12] (Adobe Systems Incorporated)
Task: {C2F2775A-22C5-4651-A5F5-0535394AE967} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C40A7DF2-114D-4B85-A647-05455F0BD956} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {C5943925-DB22-44ED-8D20-4C5B03DC93C6} - System32\Tasks\{F8DD7030-1661-4DFB-A8C6-B9ED1342B2C7} => pcalua.exe -a "C:\Downloads\Crystal reports v9\setup.exe" -d "C:\Downloads\Crystal reports v9"
Task: {E3FEF0D1-7614-4E84-B61B-5E6BDD1CB80A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {F5725E3E-10D3-48FD-9323-3CFF2BB70EC6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3339490808-3639073983-2094825787-1002

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-128144278-2142202361-184960113-7823.job => C:\Users\mras\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-15 17:27 - 2011-02-07 11:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-03-30 16:02 - 2013-04-19 15:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2016-08-26 17:58 - 2016-08-26 17:58 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-17 13:12 - 2017-01-17 13:12 - 04450848 _____ () C:\Program Files\AVAST Software\Avast\defs\17011702\algo.dll
2016-08-26 17:58 - 2016-08-26 17:58 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-03-30 15:43 - 2013-11-13 16:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-03-30 16:02 - 2013-05-02 16:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-se.com -> 1-se.com

There are 10816 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-01-17 15:55 - 00001227 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\dean\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: iPod Service => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3025B7CB-EABE-4AD3-A0A9-FEF78EB63E70}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FA0EF575-F56E-4EE5-9A09-4704B04D35AE}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{37149ABB-A222-44F5-9E88-1FDED0C17A66}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8081CCB7-8ACF-47E3-8F70-EA6562B9F6F2}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{9CF7E29E-8A16-4555-99F4-A3068A610D0F}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{83AF54C8-59A5-447E-AD65-F2E62925B0E1}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{4FC8C956-0CDC-464C-910B-D25067978BE2}C:\program files (x86)\freetelly\freetelly.exe] => C:\program files (x86)\freetelly\freetelly.exe
FirewallRules: [UDP Query User{C287D663-1CCD-49AA-B047-B2682052D72A}C:\program files (x86)\freetelly\freetelly.exe] => C:\program files (x86)\freetelly\freetelly.exe

==================== Restore Points =========================

11-01-2017 21:38:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
12-01-2017 03:00:14 Windows Update
13-01-2017 03:00:20 Windows Update
13-01-2017 14:32:18 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
17-01-2017 10:59:03 ComboFix created restore point

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2017 02:31:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.1.0.6186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1324

Start Time: 01d270f2e3f01877

Termination Time: 328

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 749138e9-dceb-11e6-9cde-ecf4bb1d91fe

Error: (01/15/2017 02:10:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreeTelly.exe, version: 16.1.0.0, time stamp: 0x577b1d74
Faulting module name: python27.dll, version: 2.7.8150.1013, time stamp: 0x53b1ecd6
Exception code: 0x40000015
Fault offset: 0x001161bb
Faulting process id: 0xe94
Faulting application start time: 0x01d26f630003f011
Faulting application path: C:\Program Files (x86)\FreeTelly\FreeTelly.exe
Faulting module path: C:\Program Files (x86)\FreeTelly\python27.dll
Report Id: 50eb27de-db56-11e6-9ea3-ecf4bb1d91fe

Error: (01/13/2017 02:53:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreeTelly.exe, version: 16.1.0.0, time stamp: 0x577b1d74
Faulting module name: python27.dll, version: 2.7.8150.1013, time stamp: 0x53b1ecd6
Exception code: 0x40000015
Fault offset: 0x001161bb
Faulting process id: 0x1444
Faulting application start time: 0x01d26dd68ce44c4a
Faulting application path: C:\Program Files (x86)\FreeTelly\FreeTelly.exe
Faulting module path: C:\Program Files (x86)\FreeTelly\python27.dll
Report Id: f13c2943-d9c9-11e6-beb2-ecf4bb1d91fe

Error: (01/11/2017 09:25:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer_Service.exe, version: 11.0.1159.0, time stamp: 0x57e13725
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a074ac
Faulting process id: 0x1f9c
Faulting application start time: 0x01d26c167f7fd189
Faulting application path: C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
Faulting module path: unknown
Report Id: d039bffa-d809-11e6-b926-ecf4bb1d91fe

Error: (01/11/2017 09:25:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZAM.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a074ac
Faulting process id: 0x1694
Faulting application start time: 0x01d256d87543e45f
Faulting application path: C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
Faulting module path: unknown
Report Id: cd4e4fe4-d809-11e6-b926-ecf4bb1d91fe

Error: (01/11/2017 09:25:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SftService.exe, version: 3.0.0.6, time stamp: 0x5050999a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a074ac
Faulting process id: 0xec8
Faulting application start time: 0x01d256af2ecdd456
Faulting application path: C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
Faulting module path: unknown
Report Id: ca43edeb-d809-11e6-b926-ecf4bb1d91fe

Error: (01/11/2017 09:25:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: o2flash.exe, version: 1.0.0.3, time stamp: 0x45371e37
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a074ac
Faulting process id: 0xf5c
Faulting application start time: 0x01d256af2ea7be51
Faulting application path: C:\Windows\system32\DRIVERS\o2flash.exe
Faulting module path: unknown
Report Id: c83aa08f-d809-11e6-b926-ecf4bb1d91fe

Error: (01/11/2017 09:25:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LMS.exe, version: 9.5.10.1628, time stamp: 0x51cb6db4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a074ac
Faulting process id: 0xaa4
Faulting application start time: 0x01d256af2d072d81
Faulting application path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Faulting module path: unknown
Report Id: c539c416-d809-11e6-b926-ecf4bb1d91fe

Error: (01/11/2017 09:25:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jhi_service.exe, version: 9.5.12.1682, time stamp: 0x51e60670
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a074ac
Faulting process id: 0x810
Faulting application start time: 0x01d256af2c9e70f5
Faulting application path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
Faulting module path: unknown
Report Id: c471d07f-d809-11e6-b926-ecf4bb1d91fe

Error: (01/11/2017 09:25:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 12.8.2.1000, time stamp: 0x521e7441
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a074ac
Faulting process id: 0x574
Faulting application start time: 0x01d256af2bdda17f
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: c192474b-d809-11e6-b926-ecf4bb1d91fe


System errors:
=============
Error: (01/17/2017 01:48:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (01/17/2017 01:47:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (01/17/2017 01:46:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (01/17/2017 11:50:04 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/17/2017 11:47:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/17/2017 11:31:35 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/17/2017 09:59:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/17/2017 09:11:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/17/2017 09:11:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/17/2017 09:11:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2017-01-17 11:47:14.959
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-17 11:47:14.080
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4300M CPU @ 2.60GHz
Percentage of memory in use: 53%
Total physical RAM: 4001.47 MB
Available physical RAM: 1855.52 MB
Total Virtual: 8001.13 MB
Available Virtual: 5692.2 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:282.87 GB) (Free:148.02 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:15.18 GB) (Free:7.71 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 313B336C)
Partition 1: (Not Active) - (Size=40 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by 67mopar, 17 January 2017 - 03:54 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
 

  • 0

#3
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
procexp64.exe    23.40    47,804 K    59,316 K    7864    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
procexp64.exe    17.30    47,220 K    51,652 K    7468            
firefox.exe    20.43    639,264 K    688,728 K    2244    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dwm.exe    6.83    26,696 K    27,876 K    1716    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe    0.06    3,224 K    7,340 K    6116            
Toaster.exe    6.23    61,980 K    65,076 K    3432            
System    2.72    248 K    5,200 K    4            
Interrupts    3.67    0 K    0 K    n/a    Hardware Interrupts and DPCs        
csrss.exe    2.27    3,176 K    26,324 K    708            
SearchProtocolHost.exe    0.64    3,292 K    8,816 K    8168            
SearchIndexer.exe    1.12    30,936 K    19,900 K    4596    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.83    138,748 K    145,804 K    624    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AvastSvc.exe    8.50    137,184 K    41,064 K    1448    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
svchost.exe    0.07    13,832 K    23,484 K    656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.26    5,420 K    11,184 K    912    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
iFrmewrk.exe    0.24    13,696 K    21,844 K    2224    Intel® PROSet/Wireless Framework    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
explorer.exe    1.14    70,644 K    83,388 K    1764    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.70    19,884 K    22,872 K    340    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
DBRCrawler.exe    0.53    27,268 K    23,644 K    2948            
svchost.exe    0.11    8,044 K    12,040 K    1000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
ApMsgFwd.exe    0.22    2,644 K    5,928 K    4668            
WavesSvc64.exe    0.17    1,044 K    2,616 K    3880    Waves MaxxAudio Service Application    Waves Audio Ltd.    (Verified) Waves Inc
EvtEng.exe    0.02    10,048 K    20,388 K    2060    Intel® PROSet/Wireless Event Log Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
svchost.exe    0.15    7,700 K    12,300 K    2168    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe    0.34    5,032 K    13,220 K    760    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
TeamViewer_Service.exe    0.09    8,124 K    17,916 K    2608    TeamViewer 11    TeamViewer GmbH    (Verified) TeamViewer
wlanext.exe    0.03    7,668 K    17,356 K    1456            
RAVBg64.exe    0.08    29,016 K    24,076 K    2908    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
Apoint.exe    0.08    3,644 K    10,804 K    452    Alps Pointing-device Driver    Alps Electric Co., Ltd.    (Verified) Alps Electric Co.
svchost.exe    0.37    18,204 K    20,532 K    1260    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
lsm.exe        3,020 K    4,832 K    768            
iusb3mon.exe    0.03    2,220 K    6,368 K    4392    iusb3mon    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
PDFProFiltSrv.exe    0.06    1,236 K    3,812 K    2384    PDFPROFILTSRV.EXE    Nuance Communications, Inc.    (Verified) Nuance Communications
System Idle Process    0.64    0 K    24 K    0            
unchecky_bg.exe    0.25    1,896 K    6,992 K    2832    Unchecky Background Process    RaMMicHaeL    (Verified) Reason Software Company Inc.
svchost.exe    0.10    35,368 K    55,236 K    696    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SASCore64.exe    0.03    1,636 K    4,136 K    1424            
csrss.exe    0.02    2,648 K    5,580 K    604            
taskhost.exe    0.07    15,424 K    21,332 K    1796    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    0.02    7,784 K    11,200 K    5112    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
TeamViewer.exe    0.02    16,008 K    28,648 K    4676    TeamViewer 11    TeamViewer GmbH    (Verified) TeamViewer
cvpnd.exe    0.06    2,712 K    7,232 K    1948    Cisco Systems VPN Client    Cisco Systems, Inc.    (Verified) Cisco Systems
ZeroConfigService.exe        8,496 K    19,140 K    2800    Intel® PROSet/Wireless Zero Configure Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
devmonsrv.exe    < 0.01    3,176 K    7,388 K    5024    Bluetooth Device Monitor    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
tv_x64.exe    0.01    1,852 K    5,404 K    3976            
tv_w32.exe    0.02    1,424 K    5,280 K    3172            
WmiPrvSE.exe        4,964 K    11,640 K    3504            
winlogon.exe        3,072 K    7,740 K    796            
wininit.exe        1,924 K    4,932 K    684            
unsecapp.exe    0.01    1,960 K    5,716 K    3204            
unsecapp.exe        2,192 K    6,476 K    4888    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unchecky_svc.exe        2,580 K    5,964 K    2704    Unchecky Service    RaMMicHaeL    (Verified) Reason Software Company Inc.
taskhost.exe        6,400 K    9,836 K    5996            
taskeng.exe        1,976 K    5,368 K    5732            
svchost.exe        2,152 K    6,080 K    2544    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.03    12,136 K    16,260 K    1900    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,428 K    7,920 K    1076    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,772 K    11,316 K    1616    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        8,604 K    15,268 K    1748    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        556 K    1,256 K    424            
SftService.exe        4,476 K    8,804 K    5316    SoftThinks Agent Service    SoftThinks SAS    (Verified) Dell Inc
services.exe    0.01    6,484 K    10,672 K    752            
rundll32.exe        3,480 K    11,444 K    1676    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
RtkNGUI64.exe        15,104 K    12,632 K    2872    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe        2,244 K    5,632 K    1208    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RegSrvc.exe        2,756 K    8,116 K    2472    Intel® PROSet/Wireless Registry Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe        17,000 K    14,416 K    2984    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RAVBg64.exe        15,380 K    12,924 K    1232            
procexp.exe        2,356 K    7,672 K    7032            
procexp.exe        2,336 K    6,252 K    7884    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
obexsrv.exe        2,788 K    6,964 K    4500    Bluetooth OBEX Service    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
o2flash.exe        1,812 K    4,780 K    5292    O2 Flash Memory Service    O2Micro International    (Verified) O2Micro Inc.
mediasrv.exe        3,396 K    7,660 K    3284    Bluetooth Media Service    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
LMS.exe        9,248 K    17,124 K    5172    Intel® Local Management Service    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
jhi_service.exe        1,404 K    4,552 K    4008    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel Corporation - Intel® Management Engine Firmware
ijplmsvc.exe        1,084 K    3,772 K    2228    Inkjet Printer/Scanner/Fax Extended Survey Program Service        (Verified) Canon Inc.
igfxtray.exe        3,080 K    7,528 K    2288    igfxTray Module    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
igfxsrvc.exe        3,552 K    7,948 K    3228    igfxsrvc Module    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
igfxpers.exe        3,332 K    9,376 K    2100    persistence Module    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
IAStorIcon.exe        22,348 K    29,932 K    3568    IAStorIcon    Intel Corporation    (Verified) Intel Corporation - Intel® Rapid Storage Technology
IAStorDataMgrSvc.exe        34,876 K    46,188 K    4572    IAStorDataSvc    Intel Corporation    (Verified) Intel Corporation - Intel® Rapid Storage Technology
hkcmd.exe        2,808 K    7,344 K    4016    hkcmd Module    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
hidfind.exe        1,928 K    4,964 K    3692    Alps Pointing-device Driver    Alps Electric Co., Ltd.    (Verified) Alps Electric Co.
HeciServer.exe        1,948 K    5,856 K    2268    Intel® Capability Licensing Service Interface    Intel® Corporation    (No signature was present in the subject) Intel® Corporation
dllhost.exe        2,440 K    6,484 K    6824    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        1,088 K    3,012 K    1464            
conhost.exe        4,044 K    7,196 K    2932    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        3,756 K    5,916 K    3244            
btplayerctrl.exe        2,440 K    6,388 K    2488    Bluetooth Media Player Controller    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
BleServicesCtrl.exe        3,072 K    7,908 K    3816    Bluetooth LE Services Control Program    Intel Corporation    (Verified) Intel Corporation-Mobile Wireless Group
BJMYPRT.EXE        2,300 K    6,020 K    4072    Canon My Printer    CANON INC.    (Verified) Canon Inc.
armsvc.exe        1,240 K    4,128 K    1636    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
ApntEx.exe        2,472 K    5,732 K    2456    Alps Pointing-device Driver for Windows NT/2000/XP/Vista    Alps Electric Co., Ltd.    (Verified) Alps Electric Co.
 


  • 0

#4
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       424 N/A                                         
csrss.exe                      604 N/A                                         
wininit.exe                    684 N/A                                         
csrss.exe                      708 N/A                                         
services.exe                   752 N/A                                         
lsass.exe                      760 EFS, KeyIso, SamSs, VaultSvc                
lsm.exe                        768 N/A                                         
winlogon.exe                   796 N/A                                         
svchost.exe                    912 DcomLaunch, PlugPlay, Power                 
svchost.exe                   1000 RpcEptMapper, RpcSs                         
svchost.exe                    340 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                    624 AudioEndpointBuilder, CscService, hidserv,  
                                   Netman, PcaSvc, SysMain, TrkWks, UxSms,     
                                   Wlansvc, wudfsvc                            
svchost.exe                    656 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, SstpSvc, WdiServiceHost                
svchost.exe                    696 Appinfo, EapHost, IKEEXT, iphlpsvc,         
                                   LanmanServer, MMCSS, ProfSvc, RasMan,       
                                   Schedule, seclogon, SENS, ShellHWDetection,
                                   Themes, Winmgmt, wuauserv                   
svchost.exe                   1076 gpsvc                                       
RtkAudioService64.exe         1208 RtkAudioService                             
RAVBg64.exe                   1232 N/A                                         
svchost.exe                   1260 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc, TapiSrv                             
AvastSvc.exe                  1448 avast! Antivirus                            
wlanext.exe                   1456 N/A                                         
conhost.exe                   1464 N/A                                         
dwm.exe                       1716 N/A                                         
spoolsv.exe                   1748 Spooler                                     
explorer.exe                  1764 N/A                                         
taskhost.exe                  1796 N/A                                         
svchost.exe                   1900 BFE, DPS, MpsSvc                            
SASCore64.exe                 1424 !SASCORE                                    
armsvc.exe                    1636 AdobeARMservice                             
cvpnd.exe                     1948 CVPND                                       
svchost.exe                   1616 DiagTrack                                   
EvtEng.exe                    2060 EvtEng                                      
svchost.exe                   2168 FDResPub, SSDPSRV                           
ijplmsvc.exe                  2228 IJPLMSVC                                    
HeciServer.exe                2268 Intel® Capability Licensing Service Interf
                                   ace                                         
PDFProFiltSrv.exe             2384 PDFProFiltSrv                               
RegSrvc.exe                   2472 RegSrvc                                     
svchost.exe                   2544 stisvc                                      
TeamViewer_Service.exe        2608 TeamViewer                                  
unchecky_svc.exe              2704 Unchecky                                    
ZeroConfigService.exe         2800 ZeroConfigService                           
unchecky_bg.exe               2832 N/A                                         
RtkNGUI64.exe                 2872 N/A                                         
RAVBg64.exe                   2908 N/A                                         
RAVBg64.exe                   2984 N/A                                         
igfxpers.exe                  2100 N/A                                         
iFrmewrk.exe                  2224 N/A                                         
igfxtray.exe                  2288 N/A                                         
unsecapp.exe                  3204 N/A                                         
igfxsrvc.exe                  3228 N/A                                         
WmiPrvSE.exe                  3504 N/A                                         
hkcmd.exe                     4016 N/A                                         
BJMYPRT.EXE                   4072 N/A                                         
rundll32.exe                  1676 N/A                                         
Apoint.exe                     452 N/A                                         
WavesSvc64.exe                3880 N/A                                         
BleServicesCtrl.exe           3816 N/A                                         
iusb3mon.exe                  4392 N/A                                         
SearchIndexer.exe             4596 WSearch                                     
ApMsgFwd.exe                  4668 N/A                                         
TeamViewer.exe                4676 N/A                                         
unsecapp.exe                  4888 N/A                                         
devmonsrv.exe                 5024 Bluetooth Device Monitor                    
IAStorIcon.exe                3568 N/A                                         
firefox.exe                   2244 N/A                                         
tv_w32.exe                    3172 N/A                                         
hidfind.exe                   3692 N/A                                         
tv_x64.exe                    3976 N/A                                         
ApntEx.exe                    2456 N/A                                         
conhost.exe                   2932 N/A                                         
mediasrv.exe                  3284 Bluetooth Media Service                     
wmpnetwk.exe                  5112 WMPNetworkSvc                               
obexsrv.exe                   4500 Bluetooth OBEX Service                      
btplayerctrl.exe              2488 N/A                                         
IAStorDataMgrSvc.exe          4572 IAStorDataMgrSvc                            
jhi_service.exe               4008 jhi_service                                 
LMS.exe                       5172 LMS                                         
o2flash.exe                   5292 O2FLASH                                     
SftService.exe                5316 SftService                                  
Toaster.exe                   3432 N/A                                         
DBRCrawler.exe                2948 N/A                                         
conhost.exe                   3244 N/A                                         
taskhost.exe                  5996 N/A                                         
procexp.exe                   7032 N/A                                         
procexp64.exe                 7468 N/A                                         
procexp.exe                   7884 N/A                                         
procexp64.exe                 7864 N/A                                         
notepad.exe                   2240 N/A                                         
taskeng.exe                   4428 N/A                                         
audiodg.exe                   7196 N/A                                         
cmd.exe                       5788 N/A                                         
conhost.exe                    864 N/A                                         
tasklist.exe                  7452 N/A                                         
WmiPrvSE.exe                  7356 N/A                                         
 


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Still waiting on the speccy log.


  • 0

#6
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

eery time i try and paste the speccy log the computer frezzes   this if from a different computer, im trying to figure out how to get it to you


  • 0

#7
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

sent you a pm


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Please ATTACH the log.  It's probably too big for the forum to let you copy and paste it plus it loses the formatting.

 

 (More Reply Options, Choose File, Open, Attach This File)


  • 0

#9
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

sent you a pm


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Is there a reason you can't ATTACH the log instead of copy and paste?

 

If you insist on copy and paste then cut the log into smaller pieces (each smaller than 20K) and make separate posts 


  • 0

Advertisements


#11
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

sent you a pm


  • 0

#12
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

Attached File  DEAN-LP07.txt   367.07KB   188 downloads


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I think the hard drive is your problem:

C7
Attribute name UltraDMA CRC Error Count
Real value 189,759,163
Current 100
Worst 100
Threshold 0
Raw Value 000B4F7EBB
Status Good
C8
Attribute name Write Error Rate / Multi-Zone Error Rate
Real value 328,965,568
Current 100
Worst 100
Threshold 0
Raw Value 00139B9DC0
Status Good

 

 

 
Perhaps because it has been dropped:
 
 
BF
Attribute name G-sense error rate
Real value 466
Current 100
Worst 100
Threshold 0
Raw Value 00000001D2
Status Good

 

 

We can  get a second opinion:

 

speedfan
 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin.)
 
click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform and In-depth Online Analysis of this hard disk.  Your browser will open.
 
At the bottom of the new page will be a line:  
 
The link to get back and see a new report about this hard disk in the future is this.
 
Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).
 
But I think you should consider getting a new drive and cloning it ASAP.  
 
When you get a replacement look for SATA III laptop (2.5 inch) with 320 GB or more.  I recommend you stay away from Seagate as they are not very reliable.  Western Digital blacks are the best but tend to be a bit more expensive than their blues but have a much longer warranty period.
 
Amazon has one for about $52:
 
WD Black 500GB Performance Mobile Hard Disk Drive - 7200 RPM SATA 6 Gb/s 32MB Cache 7 MM 2.5 Inch - WD5000LPLX
 
(You can still get the one you have in there now.  Amazon has them for about $26:  Toshiba MQ01ACF032 320 GB 2.5" Internal Hard Drive
 
You will need a 
 
USB to SATA adapter 
 
Amazon has lots.  Here is one for $12 that would work
 
StarTech USB 3.0 to 2.5" SATA III Hard Drive Adapter Cable w/ UASP - SATA to USB 3.0 Converter for SSD/HDD - Hard Drive Adapter Cable
 
Then use one of the free cloning programs.
 
 
 
 
Some of them require you to boot from a CD or USB drive (it's faster that way but others like aomei can clone from within windows.
 
You plug the new drive into the usb adapter and the adapter into your PC's USB jack.  Run the cloning software.  (Make sure you know the source drive is the old drive and the destination is the new.  It's also a good idea to check the SMART info with Speedfan or Speccy to make sure you got a good replacement drive.)
 
Once the cloning software finishes you shut it down, use a small Phillips screw driver to remove the 2 screws that hold the cover on the drive, remove the screws (may be 2 more screws).  Often the drive is in a carrier so you need to remove 4 more screws.  Keep the screws separate since they may be different sizes.  Remove the old drive, install the new.  Boot up and then run a disk check:
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

Not very important for your problem but I see you have old Java versions installed:

 

Clear the Java Cache by following the instructions on
 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
 
Java Runtime Environment
Path C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe
Version 8.0
Update 101
Build 13
Java Runtime Environment
Path C:\Program Files (x86)\Java\jre1.8.0_65\bin\java.exe
Version 8.0
Update 65
Build 17
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

  • 0

#14
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

ok this is my backup computer, im donloading speed fan now, If thats the case, Im gonna submit a ticket for this machine which is no prize , but I need something that ill run till I can swap out a new drive, Im not in a position to buy anything right now sadly, just paying for internet is my big expense for the month so without a computer my entertainment is null   lol


  • 0

#15
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts

i have a wd2500bekt brand new will that work   dont know if its sata


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP