Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Asus Netbook Won't Take Windows Updates

Windows 7 Updates

  • This topic is locked This topic is locked

#1
beabruin

beabruin

    Member

  • Member
  • PipPip
  • 73 posts

Asus Netbook running Windows 7 Ultimate 32-bit won't take anymore Windows Updates.  I tried some of them individually but they fail to download and/or install.  Netbook is running slower than it used to. Spiceworks Desktop application may have something to do with running slower.

 

*****Here is the FRST.txt log:

 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Asus (administrator) on ASUS1001P (13-04-2017 17:29:21)
Running from C:\Users\Asus\Desktop
Loaded Profiles: Asus (Available Profiles: Asus)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AsusService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Spiceworks, Inc.) C:\Program Files\Spiceworks\bin\spiceworks.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apache Software Foundation) C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\22.8.1.14\n360.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Apache Software Foundation) C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\22.8.1.14\n360.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2012-06-27] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2012-06-27] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-16] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [425400 2011-08-01] (ASUSTeK Computer Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [37888 2010-05-25] (Nullsoft, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\...\Run: [Parallels Transporter Agent] => C:\Program Files\Parallels\Parallels Transporter Agent\ParallelsTransporterAgent.exe [16229608 2015-02-03] (Parallels Holdings, Ltd. and its affiliates.)
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\...\Run: [GoogleChromeAutoLaunch_FCA810C0E252261B949A7B9F364CE16A] => C:\Program Files\Google\Chrome\Application\chrome.exe [941912 2017-03-28] (Google Inc.)
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\...\MountPoints2: {443c9de5-76dd-11e3-935e-485b39224028} - D:\MotoCastSetup.exe -a
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\...\MountPoints2: {71f68979-7c7f-11e3-be44-485b39224028} - D:\DTLplus_Launcher.exe
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\...\MountPoints2: {9fc9de48-bfdc-11e3-99be-485b39224028} - D:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43FE4B32-A350-46E9-9BCB-179809506DD4}: [DhcpNameServer] 216.183.102.115 66.179.168.118
Tcpip\..\Interfaces\{70307970-C62B-4233-B696-605C5333C113}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{76DAA655-FA95-4A97-8467-3E94CF14F657}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12094435l0324wuk5w47323881
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12094435l0324wuk5w47323881
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12094435l0324wuk5w47323881
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS365
SearchScopes: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS365
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-04-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} hxxps://phl2.rca.sgns.net/+CSCOL+/cscopf.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-13] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-13] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-13] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-13] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: z22u8816.new default
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\1l3jue6u.default [not found]
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\52g158i2.default-1434929275108 [2015-06-21]
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\z22u8816.new default [2016-12-28]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-04-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-10] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-13] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-05-25] (Nullsoft, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-20]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default [2017-04-13]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-03-15]
CHR Extension: (Google Docs) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01]
CHR Extension: (Google Search) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-13]
CHR Extension: (Gmail) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2017-01-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () [File not signed]
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2560192 2017-03-26] (Microsoft Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 N360; C:\Program Files\Norton Security Suite\Engine\22.9.0.71\N360.exe [288512 2017-02-20] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 spiceworks; C:\Program Files\Spiceworks\bin\spiceworks.exe [47344 2014-10-30] (Spiceworks, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20170410.001\BHDrvx86.sys [1334424 2017-04-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1609000.047\ccSetx86.sys [137888 2017-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388760 2017-04-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [124568 2017-04-13] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20170412.001\IDSvix86.sys [798928 2017-04-12] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2012-05-03] (CACE Technologies, Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2015-07-04] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63104 2015-07-04] (Silicon Laboratories)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1608010.00E\SRTSP.SYS [634096 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1609000.047\SRTSPX.SYS [41120 2017-02-20] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360\1609000.047\SYMEFASI.SYS [1348256 2017-02-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [89296 2017-04-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1609000.047\Ironx86.SYS [232600 2017-02-20] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\N360\1608010.00E\SYMNETS.SYS [423640 2016-11-11] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20161227.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20161227.007\NAVEX15.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2061-11-10 10:30 - 2014-05-28 21:19 - 00164864 ___SH C:\Users\Asus\Documents\Thumbs.db
2061-11-10 10:30 - 2013-11-06 14:08 - 00001273 _____ C:\Users\Asus\Documents\Norton Installation Files.lnk
2061-11-10 10:29 - 2014-11-17 07:32 - 00000000 ___RD C:\Users\Asus\Desktop\Applications
2061-11-10 10:00 - 2061-11-10 10:06 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Mozilla
2061-11-10 10:00 - 2013-11-16 07:21 - 00000000 ____D C:\Users\Asus\AppData\Local\Mozilla
2061-11-10 09:59 - 2061-11-10 09:59 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2061-11-10 09:59 - 2061-11-10 09:59 - 00000000 ____D C:\ProgramData\Mozilla
2061-11-10 09:59 - 2015-04-12 19:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-13 17:29 - 2017-04-13 17:32 - 00032615 _____ C:\Users\Asus\Desktop\FRST.txt
2017-04-13 17:28 - 2017-04-13 17:29 - 00000000 ____D C:\FRST
2017-04-13 17:24 - 2017-04-13 17:25 - 01766912 _____ (Farbar) C:\Users\Asus\Desktop\FRST.exe
2017-04-13 12:47 - 2017-04-13 12:47 - 00000000 ___HT C:\Windows\wusa.lock
2017-04-13 12:47 - 2017-04-13 12:47 - 00000000 ____D C:\0d73401f3df40fc93f9d31865b1b
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-13 17:27 - 2009-07-14 00:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-13 17:27 - 2009-07-14 00:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-13 16:54 - 2013-11-06 15:08 - 00089296 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2017-04-13 16:54 - 2013-11-06 15:08 - 00008262 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2017-04-13 16:52 - 2013-11-06 15:08 - 00000000 ____D C:\Windows\system32\Drivers\N360
2017-04-13 16:24 - 2013-07-26 13:48 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-13 16:24 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2017-04-13 16:13 - 2014-01-06 11:05 - 00000000 ____D C:\Temp
2017-04-13 16:12 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-13 15:16 - 2013-11-06 05:52 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 12:45 - 2015-12-01 06:37 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-13 12:23 - 2013-07-26 15:54 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-13 12:23 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-13 12:04 - 2013-07-26 15:51 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-13 10:59 - 2016-12-28 11:48 - 00002258 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-04-13 10:59 - 2015-08-13 09:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
 
==================== Files in the root of some directories =======
 
2014-12-02 12:22 - 2014-12-05 18:40 - 0000600 _____ () C:\Users\Asus\AppData\Local\PUTTY.RND
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-24 01:30
 
==================== End of FRST.txt ============================

 

*****Here is Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Asus (13-04-2017 17:34:48)
Running from C:\Users\Asus\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2013-07-26 17:43:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1216307322-1756439622-2401019485-500 - Administrator - Disabled)
Asus (S-1-5-21-1216307322-1756439622-2401019485-1000 - Administrator - Enabled) => C:\Users\Asus
Guest (S-1-5-21-1216307322-1756439622-2401019485-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1216307322-1756439622-2401019485-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Avery Wizard 5.0 (HKLM\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
BC75XLT_SS (HKLM\...\{24A536A4-7F8F-4B9A-9319-6619B87476E5}) (Version: 1.0.2 - Uniden)
Blueline 1.1.1 (HKLM\...\Blueline_is1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9340CDW (HKLM\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM\...\{DCB4A686-C75A-4F07-A5AE-00A4A618CE81}) (Version: 2.52.0 - Kovid Goyal)
CryptoPrevent v4.3.0 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.2.3 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.15 - AsusTek Computer)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter version 3.4.5 (HKLM\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.4.5 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.3216.5614 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.35 - Motorola Mobility)
Motorola Device Software Update (Version: 1.0.41 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nmap 5.61-Spiceworks (HKLM\...\Spiceworks-Nmap) (Version:  - )
Norton Security Suite (HKLM\...\N360) (Version: 22.8.1.14 - Symantec Corporation)
Nuance PaperPort 12 (HKLM\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Parallels Transporter Agent (HKLM\...\{EB8D59F4-6924-49CD-AD2E-2E5ECF3B6211}) (Version: 10.01.28883 - Parallels)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
SnapAPI (Version: 4.2.709 - Acronis) Hidden
Spiceworks (HKLM\...\Spiceworks) (Version: 7.2.00521 - Spiceworks, Inc.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.19 - AsusTek Computer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.16.0 - Synaptics Incorporated)
Winamp (HKLM\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinPcap 4.1.2-Spiceworks (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Asus\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Asus\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Asus\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000_Classes\CLSID\{990D9B6F-6621-11D9-AD6A-000C29B1E318}\InprocServer32 -> C:\Users\Asus\AppData\Roaming\Avery\Avery Wizard 5.0\AveryOAd.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Asus\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Asus\AppData\Roaming\Avery\Avery Wizard 5.0\AvWizRes.dll (Avery Products Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Asus\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3E3F84D9-6C42-425C-9147-9B65DE1FD6F6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-09-23] (Symantec Corporation)
Task: {79D9BA3B-0CAC-49F6-8206-6AB5A846906D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {82A1002D-7975-4D16-B560-5CB45BB84874} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {99C55C4B-A852-4593-8D28-F65389BC6D3B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {A1348942-E121-468C-A875-61E636CDF321} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {A226D6FE-C539-4057-8439-0194C2A6974E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {A39DB0AC-3941-4C5E-8F39-FD946F89E4E9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {B71B058C-FA3A-4F20-9404-C54B1453D7CC} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {CB0821CE-96C5-4716-9F43-05D5E54B2984} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {E0148A7C-0F28-4E40-B121-71DE500E93BF} - System32\Tasks\{2F691793-3266-4838-BACB-C651982A3F9E} => pcalua.exe -a "C:\Program Files\The weDownload Manager\Uninstall.exe" -c /fromcontrolpanel=1
Task: {FA3027B3-F6E7-4882-9E50-0367AC2D3865} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Asus\Favorites\Verizon Links\About Verizon.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_cor
Shortcut: C:\Users\Asus\Favorites\Verizon Links\Help.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_hel
Shortcut: C:\Users\Asus\Favorites\Verizon Links\Safety & Security.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=wc_safet
Shortcut: C:\Users\Asus\Favorites\Verizon Links\Search.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_allsearc
Shortcut: C:\Users\Asus\Favorites\Verizon Links\SuperPages.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_superp
Shortcut: C:\Users\Asus\Favorites\Verizon Links\Switching Tips.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_switc
Shortcut: C:\Users\Asus\Favorites\Verizon Links\Verizon Wireless.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_vzwireles
Shortcut: C:\Users\Asus\Favorites\Verizon Links\Welcome Page.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=wc_welcom
Shortcut: C:\Users\Asus\Favorites\Verizon Central\Broadband Beat.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_dslliv
Shortcut: C:\Users\Asus\Favorites\Verizon Central\E-Mail & More.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_webmai
Shortcut: C:\Users\Asus\Favorites\Verizon Central\Help.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_hel
Shortcut: C:\Users\Asus\Favorites\Verizon Central\My Account.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_myacc
Shortcut: C:\Users\Asus\Favorites\Verizon Central\My Web Space.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_mywebs
Shortcut: C:\Users\Asus\Favorites\Verizon Central\Shop Verizon.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_shopv
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-26 14:58 - 2009-08-18 17:35 - 00219136 _____ () C:\Windows\System32\AsusService.exe
2012-10-02 14:45 - 2012-10-02 14:45 - 00120728 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
2012-09-26 17:57 - 2012-09-26 17:57 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-06-30 09:12 - 2014-06-30 09:12 - 00011776 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\encdb.so
2014-06-30 09:12 - 2014-06-30 09:12 - 00009216 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\iso_8859_1.so
2014-06-30 09:13 - 2014-06-30 09:13 - 00013312 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\trans\transdb.so
2014-06-30 09:22 - 2014-06-30 09:22 - 00015360 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\racc\cparse.so
2014-06-30 09:21 - 2014-06-30 09:21 - 00019456 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\iconv.so
2014-06-30 09:07 - 2014-06-30 09:07 - 00864768 _____ () C:\Program Files\Spiceworks\bin\iconv.dll
2014-06-30 09:13 - 2014-06-30 09:13 - 00094720 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\trans\single_byte.so
2014-06-30 09:22 - 2014-06-30 09:22 - 00022528 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\stringio.so
2014-06-30 09:22 - 2014-06-30 09:22 - 00078336 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\syck.so
2014-06-30 09:20 - 2014-06-30 09:20 - 00109056 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\date_core.so
2014-06-30 09:23 - 2014-06-30 09:23 - 00053248 _____ () C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\i386-msvcr90\efs.so
2014-06-30 09:03 - 2014-06-30 09:03 - 00168960 _____ () C:\Program Files\Spiceworks\bin\qdbm.dll
2014-06-30 09:22 - 2014-06-30 09:22 - 00080384 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\zlib.so
2014-06-30 09:13 - 2014-06-30 09:13 - 00009216 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\utf_16le.so
2014-06-30 09:13 - 2014-06-30 09:13 - 00013312 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\trans\utf_16_32.so
2014-06-30 09:21 - 2014-06-30 09:21 - 00008704 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\etc.so
2014-06-30 09:21 - 2014-06-30 09:21 - 00008192 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\monitor_mixin.so
2014-06-30 09:21 - 2014-06-30 09:21 - 00047104 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\dl.so
2014-06-30 09:22 - 2014-06-30 09:22 - 00017408 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\strscan.so
2014-06-30 09:27 - 2014-06-30 09:27 - 00025600 _____ () C:\Program Files\Spiceworks\pkg\gems\sqlite3-1.3.8\lib\sqlite3\sqlite3_native.so
2014-06-30 09:04 - 2014-06-30 09:04 - 00427520 _____ () C:\Program Files\Spiceworks\bin\sqlite3.dll
2014-06-30 09:22 - 2014-06-30 09:22 - 00177664 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\openssl.so
2014-06-30 09:04 - 2014-06-30 09:04 - 00067584 _____ () C:\Program Files\Spiceworks\bin\zlib1.dll
2014-06-30 09:20 - 2014-06-30 09:20 - 00012288 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\digest.so
2014-06-30 09:21 - 2014-06-30 09:21 - 00007680 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\fcntl.so
2014-06-30 09:22 - 2014-06-30 09:22 - 00022016 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\pathname.so
2014-06-30 09:23 - 2014-06-30 09:23 - 00011776 _____ () C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\i386-msvcr90\service.so
2014-06-30 09:13 - 2014-06-30 09:13 - 00009216 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\utf_16be.so
2014-06-30 09:22 - 2014-06-30 09:22 - 00086016 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\socket.so
2014-06-30 09:20 - 2014-06-30 09:20 - 00053248 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\bigdecimal.so
2014-06-30 09:21 - 2014-06-30 09:21 - 00172032 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\nkf.so
2014-06-30 09:12 - 2014-06-30 09:12 - 00011264 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\euc_jp.so
2014-06-30 09:13 - 2014-06-30 09:13 - 00010752 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\shift_jis.so
2014-06-30 09:13 - 2014-06-30 09:13 - 00008192 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\utf_32be.so
2014-06-30 09:27 - 2014-06-30 09:27 - 00028672 _____ () C:\Program Files\Spiceworks\pkg\gems\json-1.8.1\lib\json\ext\parser.so
2014-06-30 09:13 - 2014-06-30 09:13 - 00008192 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\utf_32le.so
2014-06-30 09:27 - 2014-06-30 09:27 - 00028160 _____ () C:\Program Files\Spiceworks\pkg\gems\json-1.8.1\lib\json\ext\generator.so
2014-06-30 09:20 - 2014-06-30 09:20 - 00010240 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\digest\md5.so
2014-06-30 09:20 - 2014-06-30 09:20 - 00012800 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\digest\sha1.so
2014-06-30 09:27 - 2014-06-30 09:27 - 00052736 _____ () C:\Program Files\Spiceworks\pkg\gems\nokogiri-1.4.1\lib\nokogiri\nokogiri.so
2014-06-30 09:11 - 2014-06-30 09:11 - 00061440 _____ () C:\Program Files\Spiceworks\bin\libexslt.dll
2014-06-30 09:11 - 2014-06-30 09:11 - 00171008 _____ () C:\Program Files\Spiceworks\bin\libxslt.dll
2014-06-30 09:10 - 2014-06-30 09:10 - 00996352 _____ () C:\Program Files\Spiceworks\bin\libxml2.dll
2014-06-30 09:27 - 2014-06-30 09:27 - 00011776 _____ () C:\Program Files\Spiceworks\pkg\gems\image_science-1.2.1\lib\image_science.so
2014-06-30 09:20 - 2014-06-30 09:20 - 00015872 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\digest\sha2.so
2014-06-30 09:24 - 2014-06-30 09:24 - 00045568 _____ () C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\i386-msvcr90\bits.so
2014-06-30 09:22 - 2014-06-30 09:22 - 00075776 _____ () C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\win32ole.so
2014-06-30 09:23 - 2014-06-30 09:23 - 00026112 _____ () C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\i386-msvcr90\async_ping.so
2014-06-30 09:23 - 2014-06-30 09:23 - 00101376 _____ () C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\i386-msvcr90\event_log.so
2014-06-30 09:27 - 2014-06-30 09:27 - 00027648 _____ () C:\Program Files\Spiceworks\pkg\gems\net-snmp-0.2.5\lib\netsnmp_api.so
2014-06-30 09:09 - 2014-06-30 09:09 - 00397312 _____ () C:\Program Files\Spiceworks\bin\netsnmp.dll
2014-06-30 09:27 - 2014-06-30 09:27 - 00060416 _____ () C:\Program Files\Spiceworks\pkg\gems\curb-0.7.12\lib\curb_core.so
2014-06-30 09:27 - 2014-06-30 09:27 - 00025088 _____ () C:\Program Files\Spiceworks\pkg\gems\win32-api-1.4.8\lib\win32\api.so
2013-11-22 18:44 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2012-10-02 14:41 - 2012-10-02 14:41 - 00694168 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
2014-06-30 09:04 - 2014-06-30 09:04 - 00067584 _____ () C:\Program Files\Spiceworks\httpd\bin\zlib1.dll
2016-04-14 19:18 - 2016-04-14 19:18 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\701ecb7450d652e9116d1dd67aa198db\IsdiInterop.ni.dll
2013-07-26 14:47 - 2010-06-08 10:44 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\...\sgns.net -> hxxps://phl2.rca.sgns.net
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9CA8DC6A-EB59-45EB-9BCD-16DA7E01FB7A}] => (Allow) C:\Users\Asus\AppData\Local\TNT2\2.0.0.1676\TNT2User.exe
FirewallRules: [{6FD9BF2E-9F9E-45C6-8747-A706308FFB1C}] => (Allow) C:\Program Files\Brother\Brmfl12d\FAXRX.exe
FirewallRules: [{8D77F663-0B17-4210-B044-118FEB3053CD}] => (Allow) C:\Program Files\Brother\Brmfl12d\FAXRX.exe
FirewallRules: [{00B33B31-9C36-41C7-B99C-7B1C51FBD6CF}] => (Allow) LPort=54925
FirewallRules: [{39156C1F-2011-48C2-AD0C-E3799A97EE97}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{48F9A732-E012-41C9-A555-DFF51A9C0E9E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B674AB18-2F17-4E00-946E-5EEC191A3643}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2EF8343-97E7-4BC4-91C9-D3E0A2332C39}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D8F798FF-1764-4EE3-B678-CF548B1FDD13}] => (Allow) C:\Program Files\Parallels\Parallels Transporter Agent\ParallelsTransporterAgent.exe
FirewallRules: [{082607D3-D02E-4916-8280-C5A856A83152}] => (Allow) C:\Program Files\Parallels\Parallels Transporter Agent\ParallelsTransporterAgent.exe
FirewallRules: [{127FA872-DFA1-4B70-B328-268F139BBDEA}] => (Allow) C:\Program Files\Parallels\Parallels Transporter Agent\ParallelsTransporterAgent.exe
FirewallRules: [{41746D36-63B4-43FC-A032-254E77289816}] => (Allow) C:\Program Files\Parallels\Parallels Transporter Agent\ParallelsTransporterAgent.exe
FirewallRules: [{E4D2978B-C92B-45EC-BB10-C70661688DBF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A909163E-2A05-4EEE-B844-EC14983F0B3A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{05DA80DB-E43C-4E55-AC20-550E6C70463F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{764FD9B3-5E64-4348-AEE8-DE59BF0E3416}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C5012B0B-CD45-4A4B-A6B2-5D6256D3F29D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{099FCF74-39D8-4607-8410-9ADB36C52AC3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C15DE230-FD69-4562-888C-DDA4D21929A2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
08-05-2016 09:15:24 Windows Update
22-12-2016 14:42:20 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2017 01:52:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1916940
 
Error: (04/13/2017 01:52:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1916940
 
Error: (04/13/2017 01:52:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/13/2017 09:44:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_DeregisterInterface: mDNSPlatformRawTime went backwards by 172191560 ticks; setting correction factor to -623818387
 
Error: (04/13/2017 09:44:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18455
 
Error: (04/13/2017 09:44:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18455
 
Error: (01/05/2017 11:28:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/30/2016 07:53:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21611708
 
Error: (12/30/2016 07:53:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21611708
 
Error: (12/30/2016 07:53:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (04/13/2017 04:13:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/13/2017 04:10:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (04/13/2017 10:59:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/05/2017 04:21:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
 
Error: (12/30/2016 01:09:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/30/2016 01:06:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (12/30/2016 01:04:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (12/28/2016 11:48:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/22/2016 08:38:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB3139914).
 
Error: (12/22/2016 02:36:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU N450 @ 1.66GHz
Percentage of memory in use: 77%
Total physical RAM: 2038.18 MB
Available physical RAM: 464.51 MB
Total Virtual: 4076.36 MB
Available Virtual: 2316.28 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:56.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 8B9E17C5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Lots to do. Take your time 1 step at a time. Scan an post.....

A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS365
SearchScopes: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS365
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20161227.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20161227.007\NAVEX15.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {79D9BA3B-0CAC-49F6-8206-6AB5A846906D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {82A1002D-7975-4D16-B560-5CB45BB84874} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.) 
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Download AdwCleaner from here. Save the file to the desktop.
    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    iO5EZayK.png
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be moved to Quarantine.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
    Next
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

    Next
    • Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
    • Reboot your computer if prompted.
    Posting the Malwarebytes log.
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • post that saved log to your next reply.
    In your next reply post;
  • The AdwCleaner [C1].txt Log
  • The JRT.txt Log
  • Malwarebytes log
  • Fixlog.txt





  • 0

#3
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

***

Here's the AdwCleaner log

***

# AdwCleaner v6.045 - Logfile created 18/04/2017 at 10:59:02
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-17.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Asus - ASUS1001P
# Running from : C:\Users\Asus\Desktop\adwcleaner_6.045.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Windows\system32\roboot.exe
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44e35585-da14-483a-a4fd-dd2b7a479d6e}
[-] Key deleted: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\TNT2
[-] Key deleted: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\systweak
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\TNT2
[-] Key deleted: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager
[#] Key deleted on reboot: HKCU\Software\TNT2
[#] Key deleted on reboot: HKCU\Software\systweak
[-] Key deleted: HKLM\SOFTWARE\TermTutor
[-] Key deleted: HKLM\SOFTWARE\systweak
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ourtoolbar.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2084 Bytes] - [18/04/2017 10:59:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [2315 Bytes] - [18/04/2017 10:56:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2230 Bytes] ##########
*
*
*
***
Here's the JRT Log
***
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Ultimate x86 
Ran by Asus (Administrator) on Tue 04/18/2017 at 11:27:17.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CU2EV55 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBF323DF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZ5U1QWR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8J5H6OP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CU2EV55 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBF323DF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZ5U1QWR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8J5H6OP (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_FCA810C0E252261B949A7B9F364CE16A (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/18/2017 at 11:45:21.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
*
*
***
For the Malwarebytes log, I had to kill the first run of this after I tried to "Quarantine" the 14 items it found.  I didn't have the option to Remove Selected as requested.  I realized I might have downloaded & installed the Pro Trial version so I uninstalled it, & re-installed what I thought was the free version.  I think I just installed the same version as before.  I ran Malwarebytes again and there were zero items found.
***
*
*
*
***
Here is the Fixlog
***
Fix result of Farbar Recovery Scan Tool (x86) Version: 17-04-2017 01
Ran by Asus (18-04-2017 10:09:59) Run:1
Running from C:\Users\Asus\Desktop
Loaded Profiles: Asus (Available Profiles: Asus)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS365
SearchScopes: HKU\S-1-5-21-1216307322-1756439622-2401019485-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS365
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20161227.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20161227.007\NAVEX15.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {79D9BA3B-0CAC-49F6-8206-6AB5A846906D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {82A1002D-7975-4D16-B560-5CB45BB84874} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.) 
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
HKLM\System\CurrentControlSet\Services\AntiLog32 => key removed successfully.
AntiLog32 => service removed successfully.
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully.
Synth3dVsc => service removed successfully.
HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully.
tsusbhub => service removed successfully.
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully.
VGPU => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79D9BA3B-0CAC-49F6-8206-6AB5A846906D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79D9BA3B-0CAC-49F6-8206-6AB5A846906D} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{82A1002D-7975-4D16-B560-5CB45BB84874} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82A1002D-7975-4D16-B560-5CB45BB84874} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully.
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {E67015AA-B340-4B6B-A5DD-E2350ECC8AE5}.
Unable to cancel {AA036E25-A407-41BE-85EC-A83B374D1622}.
Unable to cancel {A762CFA6-E029-4364-9C41-D1E70F5A7176}.
Unable to cancel {A367DD8C-8177-48CF-B34D-CBF5656D872A}.
0 out of 4 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-1216307322-1756439622-2401019485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28063569 B
Java, Flash, Steam htmlcache => 2186 B
Windows/system/drivers => 5004605 B
Edge => 0 B
Chrome => 123302934 B
Firefox => 54955323 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 39316973 B
LocalService => 66228 B
NetworkService => 7298 B
Asus => 7120830 B
 
RecycleBin => 0 B
EmptyTemp: => 253.9 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-04-2017 10:17:17)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
 
==== End of Fixlog 10:17:17 ====
*
*
*
Thank you.

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

That's fine for Malwarebytes.

Do we get any errors at all in relation to windows up date ?

Next
Download then run Speccy (free) https://www.piriform.com/speccy and post the resultant url for us, details here, this will provide us with information about your computer hardware + any software that you have installed that may explain the present issue/s.

I have 1 error in you log that I 'm currently researching for clues.
Error: (04/13/2017 04:10:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Post the Speccy report next,

Thanks
Joe :)
  • 0

#5
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

*

*** Here's the Speccy URL

*

http://speccy.pirifo...drh2ccwGu2RL7P0

*

***


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

zImGw67.pngWindows Repair All-In-One
NOTE: Before following to step below, please disable your Antivirus software or any other real-time security software that you have
enabled.
  • Boot in Safe Mode with Networking;
  • Download the portable version of Windows Repair All-In-One;
  • Move the file (archive) on your Desktop, and extract it there;
  • Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator;
  • From there, click on the Next button until you are presented with an Open Repairs button and click on it;
  • Let the Registry back up complete, and move on to the check-list window;
  • Click on the Unselect All button at the bottom, then check the following items:
    • Reset Service Permissions;
    • Restore Important Windows Services;
    • Set Windows Services To Default Startup;
    • Repair Windows Updates
  • Once done,
    click on the Start Repairs button and let the scan execute;
  • If you are being prompted with a Security Warning, allow it to go through;
  • Once the repair is complete, it'll ask you to restart your computer, please do it;

  • 0

#7
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

*

  • I booted into safe mode with networking and downloaded the  portable version of Windows Repair All-In-One and ran it as instructed.  
  • I didn't see the Next button but was able to click the Open Repairs button.  So I am not 100% certain the registry was back up as I did not see any message saying so.
  • My Unselect All check box was at the top left not bottom right.  I made the selections as instructed.
  • I ran the Start Repairs and rebooted as necessary.
  • I did NOT try any Windows Updates yet before checking in with you first.

 


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Lets try windows up date now and see if any luck.

Thanks
Joe :)

Let me know of any errors word for word.
  • 0

#9
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

So I was able to run two successful Windows Updates for at least a dozen items.  On the third attempt of Windows Update, the update was "stalled" while installing Chinese language or something similar.  Seeing as how I don't need Chinese on my computer, and the update was not progressing, I stopped it.  I ended up rebooting the computer and attempted several other Windows Updates.  I am no longer able to successfully run the Windows Update on this computer.  I even tried some individually and they do not progress.

 

The only real message is that some Windows updates could not be installed.


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Disable Norton Anti Virus and see if that helps
See Here how to disable you security protection (Anti Virus)
  • 0

Advertisements


#11
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

So I was able to temporarily disable Norton Antivirus and successfully download and install the remaining Windows Updates.  I had to do them in at least three separate batches including some reboots.  

 

After all the important Windows Updates were installed, I decided to try the optional updates.  This time I left Norton Antivirus enabled. I might have done at least 2 more optional updates this way.  It could have been three.  I did end up stopping the very last one as I noticed it was installing Croatian language support which I do not need.  After rebooting and applying the remaining optional updates I tried to check for more Windows Updates and there are no more at this time.  I believe I am up to date now.

 

Do I need to do anything to cleanup the various downloaded software tools we used to cleanup this Netbook?

 

Thank you for your assistance.


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

We need to remove the tools we used and then close the topic.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.


Download--> https://www.bleeping...ownload/delfix/ DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#13
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

I was unable to download Delfix as requested.  The file that downloaded was delfix_1.010.exe.  When I tried to run as administrator, I got an error stating this is not a valid Win32 appliction.  Then Norton scanned the file and reported a Trojan and deleted the file or removed the Trojan.  I took a screen shot with the Snipping Tool but am unable to attach or copy/paste it here.


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Norton does not like that type of exe file. Might have to disable Norton

You could try downloading it from a different location as seen below and see if that helps.
https://toolslib.net...nload/2-delfix/

Or
You may just delete all the tools we downloaded to the desktop and all associated log files (Right click and delete empty recycle bin).

Thanks
Joe :)
  • 0

#15
beabruin

beabruin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

I was able to temporarily disable Norton and download & run the Delfix application.

 

Here is he log from Delfix

*

***

# DelFix v1.013 - Logfile created 28/04/2017 at 15:57:16
# Updated 17/04/2016 by Xplode
# Username : Asus - ASUS1001P
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Asus\Desktop\FRST-OlderVersion
Deleted : C:\Users\Asus\Desktop\Addition.txt
Deleted : C:\Users\Asus\Desktop\adwcleaner_6.045.exe
Deleted : C:\Users\Asus\Desktop\Fixlog.txt
Deleted : C:\Users\Asus\Desktop\FRST.exe
Deleted : C:\Users\Asus\Desktop\FRST.txt
Deleted : C:\Users\Asus\Desktop\JRT.exe
Deleted : C:\Users\Asus\Desktop\JRT.txt
 
~ Cleaning system restore ...
 
Deleted : RP #206 [Windows Modules Installer | 04/25/2017 14:25:24]
Deleted : RP #207 [Windows Modules Installer | 04/25/2017 14:36:21]
Deleted : RP #208 [Windows Modules Installer | 04/25/2017 14:48:34]
Deleted : RP #209 [Windows Modules Installer | 04/25/2017 14:56:12]
Deleted : RP #210 [Windows Modules Installer | 04/25/2017 15:04:05]
Deleted : RP #211 [Windows Modules Installer | 04/25/2017 15:10:52]
Deleted : RP #212 [Windows Modules Installer | 04/25/2017 15:16:17]
Deleted : RP #213 [Windows Modules Installer | 04/25/2017 15:27:51]
Deleted : RP #214 [Windows Modules Installer | 04/25/2017 15:37:24]
Deleted : RP #215 [Windows Modules Installer | 04/25/2017 15:44:07]
Deleted : RP #216 [Windows Modules Installer | 04/25/2017 15:52:57]
Deleted : RP #217 [Windows Modules Installer | 04/25/2017 16:02:38]
Deleted : RP #218 [Windows Modules Installer | 04/25/2017 16:07:21]
Deleted : RP #219 [Windows Modules Installer | 04/25/2017 16:14:05]
Deleted : RP #220 [Windows Modules Installer | 04/25/2017 16:22:31]
Deleted : RP #221 [Windows Modules Installer | 04/25/2017 16:29:02]
Deleted : RP #223 [Windows Modules Installer | 04/25/2017 17:39:07]
Deleted : RP #225 [Windows Modules Installer | 04/25/2017 18:05:38]
Deleted : RP #227 [Windows Modules Installer | 04/25/2017 18:27:28]
Deleted : RP #229 [Windows Modules Installer | 04/26/2017 17:56:08]
Deleted : RP #230 [Windows Modules Installer | 04/26/2017 18:13:36]
Deleted : RP #233 [Windows Modules Installer | 04/28/2017 07:14:38]
Deleted : RP #235 [Windows Modules Installer | 04/28/2017 07:37:39]
Deleted : RP #236 [Windows Modules Installer | 04/28/2017 07:43:16]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0






Similar Topics


Also tagged with one or more of these keywords: Windows 7 Updates

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP