[mango_nj]

About a week ago, I ran Malwarebytes and it had Adware...which I quarantined and everything seemed fine. A few days after that, Malwarebytes disappeared from my system tray. When I clicked on it.....it says "unable to open". I tried in safe mode and got the same result. Initially, my Kaspersky Antivirus started crawling to the point it slowed down my system. I removed it and planned on reinstalling..but before I could....Malwarebytes stopped opening. It also wouldn't let me open skype, but that seems to be ok now that Malwarebytes is inoperative.  Laptop is freezing intermittently.  Appreciate the help. Thanks!!

 

 

 

 

FIRST TEXT

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2017
Ran by Owner (administrator) on OWNER-PC (13-09-2017 06:18:58)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Guest)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
ShellExecuteHooks: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  -> No File
ShellExecuteHooks: No Name - {4F07DA45-8170-4859-9B5F-037EF2970034} -  -> No File
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF DefaultProfile: fitzik06.default-1406886426275
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275 [2017-09-13]
FF Homepage: Mozilla\Firefox\Profiles\fitzik06.default-1406886426275 -> hxxps://mail.yahoo.com/
FF Extension: (YouTube mp3) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\[email protected] [2017-09-07]
FF Extension: (YesScript) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\[email protected] [2017-09-07]
FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-09-08]
FF Extension: (Adblock Plus) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-09-09]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-09-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-19] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-20] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-12] (Adobe Systems Incorporated) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] () [File not signed]
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [44224 2006-10-06] (BVRP Software) [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65312 2017-09-09] (Malwarebytes)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [311808 2006-11-02] (Realtek)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-11-07] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-13 06:18 - 2017-09-13 06:20 - 000008251 _____ C:\Users\Owner\Desktop\FRST.txt
2017-09-13 06:17 - 2017-09-13 06:18 - 000000000 ____D C:\FRST
2017-09-13 06:01 - 2017-09-13 06:01 - 001793024 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2017-09-09 02:57 - 2017-09-09 22:36 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-09 02:57 - 2017-09-09 22:26 - 000065312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-09 02:56 - 2017-09-09 22:35 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-09 02:56 - 2017-09-09 22:35 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-09 02:56 - 2017-09-09 02:56 - 000001855 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-09 02:56 - 2017-09-09 02:56 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-09 02:56 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-09-09 02:53 - 2017-09-09 02:54 - 066347240 _____ (Malwarebytes ) C:\Users\Owner\Desktop\mb3-setup-consumer-3.2.2.2018.exe
2017-09-08 19:43 - 2017-09-08 19:43 - 000000969 _____ C:\Users\Owner\Desktop\Auslogics Disk Defrag.lnk
2017-09-08 19:43 - 2017-09-08 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2017-09-08 19:43 - 2017-09-08 19:43 - 000000000 ____D C:\Program Files\Auslogics
2017-09-08 17:48 - 2017-09-13 05:47 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-09-08 13:57 - 2017-09-08 13:57 - 000000000 ____D C:\Users\Owner\Tracing
2017-09-08 13:56 - 2017-09-09 19:50 - 000002377 _____ C:\Users\Public\Desktop\Skype.lnk
2017-09-08 13:56 - 2017-09-08 13:56 - 000000000 ___RD C:\Program Files\Skype
2017-09-08 13:56 - 2017-09-08 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-09-08 13:56 - 2017-09-08 13:56 - 000000000 ____D C:\Program Files\Common Files\Skype
2017-09-08 13:54 - 2017-09-08 13:54 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-08 04:28 - 2017-09-08 17:47 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-13 05:32 - 2013-03-10 04:59 - 000703388 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-13 05:32 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\inf
2017-09-13 05:28 - 2006-11-02 05:45 - 000004048 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-13 05:28 - 2006-11-02 05:45 - 000004048 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-13 05:27 - 2014-12-20 18:41 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2017-09-13 05:27 - 2006-11-02 05:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-13 04:42 - 2007-10-12 03:26 - 024828366 _____ C:\Windows\ntbtlog.txt
2017-09-13 04:28 - 2006-11-02 05:58 - 000032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-12 20:39 - 2012-04-05 19:15 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-09-12 20:39 - 2012-04-05 19:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-09-12 20:39 - 2007-10-08 13:16 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-12 08:02 - 2008-12-23 21:52 - 000000000 ____D C:\Windows\Minidump
2017-09-09 02:56 - 2015-07-08 05:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-08 21:47 - 2014-05-22 05:45 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-08 19:43 - 2013-12-24 09:07 - 000000000 ____D C:\ProgramData\Auslogics
2017-09-08 17:47 - 2014-05-22 05:45 - 000000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-08 13:57 - 2007-10-08 13:05 - 000000000 ____D C:\Users\Owner
2017-09-08 13:56 - 2014-12-20 18:40 - 000000000 ____D C:\ProgramData\Skype
2017-09-08 13:37 - 2008-04-05 17:25 - 000000000 ____D C:\Program Files\Kaspersky Lab
2017-09-08 04:27 - 2013-04-27 13:58 - 000000318 _____ C:\Windows\WinInit.Ini
2017-09-07 13:05 - 2008-12-13 14:34 - 000149006 _____ C:\Windows\system32\LexFiles.ulf
2017-09-07 13:04 - 2013-04-05 02:41 - 000000000 ____D C:\Program Files\Lexmark

==================== Files in the root of some directories =======

2013-11-07 10:26 - 2013-11-07 14:10 - 000000100 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini
2013-11-07 10:26 - 2013-11-07 14:10 - 000000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini
2013-11-07 10:26 - 2013-11-07 14:10 - 000000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini
2013-11-07 10:20 - 2013-11-07 14:01 - 000000096 _____ () C:\Users\Owner\AppData\Roaming\version2.xml
2007-10-11 02:04 - 2015-07-20 10:00 - 000000682 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2010-01-26 14:22 - 2015-07-08 04:50 - 000001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2007-10-14 19:26 - 2013-01-17 08:25 - 000005632 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-22 20:58 - 2010-12-12 22:22 - 000000114 ____H () C:\Users\Owner\AppData\Local\tokdet56.dat
2011-08-20 22:57 - 2011-08-20 22:57 - 000017408 _____ () C:\Users\Owner\AppData\Local\WebpageIcons.db
2013-01-19 02:52 - 2013-01-19 02:52 - 000000022 ____N () C:\Users\Owner\AppData\Local\xftredahs.dat
2013-04-20 00:27 - 2015-04-29 21:35 - 000004290 _____ () C:\ProgramData\LMADIscan.log
2008-12-13 14:59 - 2009-09-30 01:28 - 000000560 _____ () C:\ProgramData\lxdf
2010-07-09 12:36 - 2010-07-09 12:36 - 000008064 _____ () C:\ProgramData\SPL6FBC.tmp
2013-04-19 23:53 - 2013-04-19 23:53 - 000000596 _____ () C:\ProgramData\tmpFA04.tmp

Some files in TEMP:
====================
2017-09-08 13:53 - 2017-09-08 13:53 - 014456872 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-13 05:33

==================== End of FRST.txt ============================

 

 

 

 

ADDITION TXT

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2017
Ran by Owner (13-09-2017 06:20:50)
Running from C:\Users\Owner\Desktop
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) (2007-10-08 19:57:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2753939306-2592966707-3986022943-500 - Administrator - Disabled)
Guest (S-1-5-21-2753939306-2592966707-3986022943-501 - Limited - Disabled) => C:\Users\Guest
Owner (S-1-5-21-2753939306-2592966707-3986022943-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
ABBYY FineReader 9.0 Sprint (HKLM\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.595.5857 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.1.5.0 - Auslogics Labs Pty Ltd)
CameraHelperMsi (HKLM\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
erLT (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Association Helper (HKLM\...\{936B9029-265A-45CB-88DA-B00EAB4DD14C}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 (HKLM\...\PictureItSuiteTrial_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.3.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.3.0 ESR (x86 en-US)) (Version: 52.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.3.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2407.0 - CyberLink Corporation)
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC 9.0 Runtime (HKLM\...\{A040AC77-C1AA-4CC9-8931-9F648AF178F6}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAB0-D393-11D0-9A56-00C04FB68B66}\InprocServer32 -> C:\Windows\system32\hhctrl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F76812F0-44A9-C582-41AC-C3484F5D58AA}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {F16DACB1-B8EC-48EB-BE62-4D2DDB27B5CE} => C:\Windows\System32\AiCM32.dll -> No File
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2013-09-26] (WinZip Computing International, LLC)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2010-09-14] (ABBYY)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3CCE3500-3535-4D3C-8D17-622428EF09A6} - System32\Tasks\{05734DEB-4D1E-4AA1-B07D-56C1132012F9} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} - System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => C:\Windows\system32\pcalua.exe -a "C:\windows\temp\apps\app000888\install flash player 9 ax.exe" -d C:\Windows\Temp\APPS\APP000888\ -c /S <==== ATTENTION
Task: {5CB197ED-456C-4E00-A110-6E52063BCB13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {6150EADC-D274-4AA2-A692-4E95699CE917} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {AC9B7645-4712-4248-998D-C7975DCDCE5A} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {C1589470-37C7-4695-85C8-C7202E9ED941} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {E207AF04-F765-4C45-8114-465EDF713F42} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe
Task: {ED301A62-27FF-4617-8C13-B026C47AD28E} - System32\Tasks\{A3FFDBAF-6F3A-4B4B-BFA8-141C3CF2BB87} => C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Desktop\cdex_151.exe -d C:\Users\Owner\Desktop
Task: {ED83284D-EAAF-44B9-83EA-A3A292494E9D} - System32\Tasks\{DD73897A-DD92-4BDC-8F7F-8ED3679D10E8} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.3.0.101/en/go/help.faq.installer?LastError=1601

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files\Skype\Phone\skypert.dll
2006-11-02 03:25 - 2007-01-25 21:11 - 000159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 000177704 _____ () C:\Windows\system32\PSIService.exe
2007-10-08 13:43 - 2005-08-07 06:54 - 000167936 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.bat: batfile =>  <==== ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.cmd: cmdfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7799 more sites.

IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12686 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2016-10-07 21:25 - 000001961 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AVP => 2
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AVP => "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
MSCONFIG\startupreg: BigFix => c:\program files\Bigfix\bigfix.exe /atstartup
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: DW6 => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LMADImon => "C:\Program Files\Lexmark Pro710 Series\LMADImon.exe"
MSCONFIG\startupreg: Logitech Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: lxdfamon => "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
MSCONFIG\startupreg: lxdfmon.exe => "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray
MSCONFIG\startupreg: Power2GoExpress => NA
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{6A7803E5-4B62-494A-932A-5C4273DAF7AC}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{577D8142-2C28-4698-B875-DBB5AD4300C5}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{1CF315ED-8986-49CE-9893-96579A5B6F4D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{509DD2D9-6892-4EEE-9B6F-885B867AACAA}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [TCP Query User{F9DB4E3E-AA91-45A3-8795-5FD2767886DA}C:\kav\kav7\setup.exe] => (Allow) C:\kav\kav7\setup.exe
FirewallRules: [UDP Query User{E8EC4CE2-8951-48FB-B05A-7802C676C73C}C:\kav\kav7\setup.exe] => (Allow) C:\kav\kav7\setup.exe
FirewallRules: [{CE397E70-5250-4EB9-838A-0516FC90DA93}] => (Allow) C:\Windows\System32\lxdfcoms.exe
FirewallRules: [{A2608910-52B6-4DB3-AEBF-BC20C68B97CE}] => (Allow) C:\Windows\System32\lxdfcoms.exe
FirewallRules: [{C24CD31C-B8EA-439B-86F6-E5592D0AE2DB}] => (Allow) C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
FirewallRules: [{39DD502B-A790-44B4-977B-347CDD81477F}] => (Allow) C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
FirewallRules: [{A5C0E5DF-6FF0-48A4-9E74-0FB4F620F8D6}] => (Allow) C:\Program Files\Lexmark 6500 Series\frun.exe
FirewallRules: [{A0FA1305-C834-4570-815A-7C929B8E3837}] => (Allow) C:\Program Files\Lexmark 6500 Series\frun.exe
FirewallRules: [{BE295BAC-23B6-4EC8-BF6F-37356E97FE98}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{A2FA9C88-B3FF-4874-A1C6-94EE083F5348}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{A4DBE28E-0F3F-4677-9B5F-5AB29AC1F59C}] => (Allow) C:\Program Files\Lexmark 6500 Series\LXDFFax.exe
FirewallRules: [{67368528-39B4-4A91-B5C9-FD01940B0BC2}] => (Allow) C:\Program Files\Lexmark 6500 Series\LXDFFax.exe
FirewallRules: [{C24CBE1E-8C44-42EC-BF24-886868853584}] => (Allow) C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
FirewallRules: [{7AB1FAE7-8B87-437C-B0A9-5A8374EBF777}] => (Allow) C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
FirewallRules: [{1DA6627D-ECF2-4734-9165-4AA2DC62D8F4}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdfpswx.exe
FirewallRules: [{2841EB6B-A46E-469C-BD60-1D3F73608D6F}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdfpswx.exe
FirewallRules: [{B0C1420B-D56E-4F0C-85C9-0411423EFF38}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdftime.exe
FirewallRules: [{12D28B69-6529-4FE2-BC3B-9B24337B29BA}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdftime.exe
FirewallRules: [{20DBD894-E623-4417-AE7D-0C3B22B063A8}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdfjswx.exe
FirewallRules: [{AEC6E3BE-CF56-449B-8A1F-6C938C819838}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdfjswx.exe
FirewallRules: [TCP Query User{0D7A71CA-8A9E-48F0-8F93-892537A49B70}C:\program files\lexmark 6500 series\lxdfmon.exe] => (Allow) C:\program files\lexmark 6500 series\lxdfmon.exe
FirewallRules: [UDP Query User{1280E033-09EA-4E84-BE96-18E186625F54}C:\program files\lexmark 6500 series\lxdfmon.exe] => (Allow) C:\program files\lexmark 6500 series\lxdfmon.exe
FirewallRules: [{E80F0D52-85B3-471E-83B9-17EE45BE405A}] => (Allow) LPort=80
FirewallRules: [{54396C83-FD88-4F55-9CF0-539A3D95BCF4}] => (Allow) LPort=80
FirewallRules: [{BE6C4A6F-AF86-461F-BF91-5AE152A3B52B}] => (Allow) LPort=80
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [TCP Query User{16A40DBD-722D-4635-AE0E-58DDA4F435AA}C:\program files\lexmark pro710 series\lmadimon.exe] => (Block) C:\program files\lexmark pro710 series\lmadimon.exe
FirewallRules: [UDP Query User{157C5482-8175-47F3-992A-C849ED8DA219}C:\program files\lexmark pro710 series\lmadimon.exe] => (Block) C:\program files\lexmark pro710 series\lmadimon.exe
FirewallRules: [{04AA01E9-DCE9-49A8-B7ED-DA47DAF76B6B}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{07885F0E-9ED4-4E04-9E74-02CD1FEF4CF0}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{49919916-2E75-4A1B-A12D-C0B02B5155AD}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{151131AC-168A-4232-9DD8-8CD0C3447298}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{D104F9CD-BA95-4726-BA42-F629C9157E47}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{AA21B955-BD73-4644-A54C-E8B39502B117}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{577127DA-6C05-4C6B-8114-FABDAEB9237B}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
FirewallRules: [{8B11D1FF-7EF6-4BCE-AC05-438F335F9DFC}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
FirewallRules: [{BE12B337-9137-4D1A-84C3-C2A57E8E31D4}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADIlscn.exe
FirewallRules: [{9F711964-2E83-4C6B-92EB-DDFA7262E8FC}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMADIlscn.exe
FirewallRules: [{2667B39B-8337-48E5-901A-6D7FF5D32AE5}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMabscw.dll
FirewallRules: [{D4A59D00-6092-4412-801E-DF8C63791EEA}] => (Allow) C:\Program Files\Lexmark Pro710 Series\LMabscw.dll
FirewallRules: [{520BDFEB-9C0F-44A1-BE41-B869A1FD9B88}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{45A74E42-1D05-4E24-AC80-12FEE9B9272D}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{690D656D-B83A-473C-8CCC-1304A7652C5C}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{FC5DA010-742D-4C0A-B24C-D36AD08170E4}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{EDEFE32C-5FA7-4DAD-94B8-7B5B131A56FD}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{E1F4796D-E780-4397-A313-846DC61451D0}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{DC4925AB-EBB3-430F-8254-8A6EE825F1C9}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{9DF9341D-90B0-4166-BC74-2694B094A5FF}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [TCP Query User{1EAFEEBE-38C8-471E-915F-E9EC610479AB}C:\windows\system32\lxdfcoms.exe] => (Allow) C:\windows\system32\lxdfcoms.exe
FirewallRules: [UDP Query User{19E4C820-9C74-405E-8AAB-0F06C7589BA6}C:\windows\system32\lxdfcoms.exe] => (Allow) C:\windows\system32\lxdfcoms.exe
FirewallRules: [{592F0DC0-9860-4382-AFA9-8AB1BFF4BA6B}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{D0A7A226-5287-424E-B250-6C0B22C479EC}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{0626914A-0A51-4391-B570-F337340AE0E4}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{EA96284F-DEF4-4816-AD63-042AB92A1748}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{A576A318-7CEB-4C50-8EF8-7623032B8DA3}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{23B7D292-78E1-4C90-82B3-228C772F4A27}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{C1A90E54-E7DD-4D0D-B7CD-403AD4B8EDD1}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{76F99FCC-5DCF-449E-9501-7A2851805F64}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [Daum PotPlayer(PotPlayerMini.exe)] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{E2EA4223-9C0F-4BA3-89E9-7D498964424C}] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [TCP Query User{53DE46B7-0995-4166-9C80-91FC9771DDDC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6EE59A6F-D6AF-44B6-AB79-030A75547588}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{CAE48EBB-2E54-42FB-B7BD-24851BCEDE17}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AE35D82F-83EB-44A3-B898-B66E531F1C8F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{6DBF1EC6-80FD-4E2B-9CE4-C93E18A4A7E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C1BD5C90-37DC-4948-8D16-E844DA7E8AAB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{0AD1164B-0CAB-43C6-806B-F6B91FC6740D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

08-09-2017 13:03:02 Removed Kaspersky Secure Connection.<<31717>>
08-09-2017 13:51:55 Removed Skype™ 7.8
08-09-2017 13:53:52 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
08-09-2017 20:06:51 Installed Skype Web Plugin
10-09-2017 06:38:00 Scheduled Checkpoint
10-09-2017 22:27:46 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #4
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #5
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #6
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #7
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #10
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #11
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #13
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #14
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #15
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #16
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #19
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #20
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #23
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #14
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #18
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #20
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2017 04:41:08 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (09/13/2017 12:20:46 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FITZIK06.DEFAULT-1406886426275\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/10/2017 10:28:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service wbengine since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (09/10/2017 06:38:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service wbengine since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (09/09/2017 10:34:55 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (09/09/2017 03:03:56 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80070005.

Error: (09/09/2017 09:17:48 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (09/09/2017 07:04:00 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80070005.

Error: (09/08/2017 08:07:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service wbengine since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (09/08/2017 02:11:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SKYPE\SKYPE.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============

CodeIntegrity:
===================================
  Date: 2017-09-13 06:20:37.059
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-13 06:20:36.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-13 06:20:35.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-13 06:20:35.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-13 06:20:34.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-13 06:20:33.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-13 06:20:33.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-13 06:20:32.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-13 06:19:43.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-13 06:19:43.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® M CPU 520 @ 1.60GHz
Percentage of memory in use: 89%
Total physical RAM: 1469.39 MB
Available physical RAM: 149.27 MB
Total Virtual: 3200.23 MB
Available Virtual: 1711.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:65.26 GB) (Free:29.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.27 GB) (Free:3.86 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 9AEED03F)
Partition 1: (Not Active) - (Size=9.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=65.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Advertisements]

Hi

Welcome

I'll be helping you to clean up your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

• Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
• First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
• Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
• Please read ALL instructions carefully and perform the steps fully and in the order they are written.
• If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
• Continue to read and follow my instructions until I tell you that your machine is clean.
• If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
• Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.

Let's begin...

• Highlight the entire content of the quote box below.

Start::
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X]
FirewallRules: [{E80F0D52-85B3-471E-83B9-17EE45BE405A}] => (Allow) LPort=80
FirewallRules: [{54396C83-FD88-4F55-9CF0-539A3D95BCF4}] => (Allow) LPort=80
FirewallRules: [{BE6C4A6F-AF86-461F-BF91-5AE152A3B52B}] => (Allow) LPort=80
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
GroupPolicy: Restriction ? <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} - System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => C:\Windows\system32\pcalua.exe -a "C:\windows\temp\apps\app000888\install flash player 9 ax.exe" -d C:\Windows\Temp\APPS\APP000888\ -c /S <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.cmd: cmdfile => <==== ATTENTION
ShellExecuteHooks: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
ShellExecuteHooks: No Name - {4F07DA45-8170-4859-9B5F-037EF2970034} - -> No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {F16DACB1-B8EC-48EB-BE62-4D2DDB27B5CE} => C:\Windows\System32\AiCM32.dll -> No File
Task: {56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} - System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => C:\Windows\system32\pcalua.exe -a "C:\windows\temp\apps\app000888\install flash player 9 ax.exe" -d C:\Windows\Temp\APPS\APP000888\ -c /S <==== ATTENTION
2010-07-09 12:36 - 2010-07-09 12:36 - 000008064 _____ () C:\ProgramData\SPL6FBC.tmp
2013-04-19 23:53 - 2013-04-19 23:53 - 000000596 _____ () C:\ProgramData\tmpFA04.tmp
2013-01-19 02:52 - 2013-01-19 02:52 - 000000022 ____N () C:\Users\Owner\AppData\Local\xftredahs.dat
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

• Right click on the highlighted text and select Copy.
• Start FRST (FRST64) with Administrator privileges
• Press the Fix button. FRST will process the lines copied above from the clipboard.
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

• Please close your security software to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be moved to Quarantine.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

[JSntgRvr]

Hi

Welcome

I'll be helping you to clean up your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

• Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
• First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
• Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
• Please read ALL instructions carefully and perform the steps fully and in the order they are written.
• If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
• Continue to read and follow my instructions until I tell you that your machine is clean.
• If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
• Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.

Let's begin...

• Highlight the entire content of the quote box below.

Start::
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X]
FirewallRules: [{E80F0D52-85B3-471E-83B9-17EE45BE405A}] => (Allow) LPort=80
FirewallRules: [{54396C83-FD88-4F55-9CF0-539A3D95BCF4}] => (Allow) LPort=80
FirewallRules: [{BE6C4A6F-AF86-461F-BF91-5AE152A3B52B}] => (Allow) LPort=80
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
GroupPolicy: Restriction ? <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} - System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => C:\Windows\system32\pcalua.exe -a "C:\windows\temp\apps\app000888\install flash player 9 ax.exe" -d C:\Windows\Temp\APPS\APP000888\ -c /S <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.cmd: cmdfile => <==== ATTENTION
ShellExecuteHooks: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
ShellExecuteHooks: No Name - {4F07DA45-8170-4859-9B5F-037EF2970034} - -> No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {F16DACB1-B8EC-48EB-BE62-4D2DDB27B5CE} => C:\Windows\System32\AiCM32.dll -> No File
Task: {56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} - System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => C:\Windows\system32\pcalua.exe -a "C:\windows\temp\apps\app000888\install flash player 9 ax.exe" -d C:\Windows\Temp\APPS\APP000888\ -c /S <==== ATTENTION
2010-07-09 12:36 - 2010-07-09 12:36 - 000008064 _____ () C:\ProgramData\SPL6FBC.tmp
2013-04-19 23:53 - 2013-04-19 23:53 - 000000596 _____ () C:\ProgramData\tmpFA04.tmp
2013-01-19 02:52 - 2013-01-19 02:52 - 000000022 ____N () C:\Users\Owner\AppData\Local\xftredahs.dat
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

• Right click on the highlighted text and select Copy.
• Start FRST (FRST64) with Administrator privileges
• Press the Fix button. FRST will process the lines copied above from the clipboard.
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

• Please close your security software to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be moved to Quarantine.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

[mango_nj]

Hi JS!!!

Thank you for the help,  I truly appreciate it.  Everything looks straight forward in the
instructions you gave me. I just had 1 question....

The AdwCleaner Progam says  Pending. Please uncheck elements you don't want to remove.
And then click the clean button.   How will I know what I shouldn't uncheck?? Maybe give me
an example. Thank you! I will begin and run FRST and JUNKWARE REMOVAL., while I wait
for your feedback

[mango_nj]

FIXLOG

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-09-2017
Ran by Owner (16-09-2017 03:07:52) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************

S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X]
FirewallRules: [{E80F0D52-85B3-471E-83B9-17EE45BE405A}] => (Allow) LPort=80
FirewallRules: [{54396C83-FD88-4F55-9CF0-539A3D95BCF4}] => (Allow) LPort=80
FirewallRules: [{BE6C4A6F-AF86-461F-BF91-5AE152A3B52B}] => (Allow) LPort=80
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
GroupPolicy: Restriction ? <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} - System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => C:\Windows\system32\pcalua.exe -a "C:\windows\temp\apps\app000888\install flash player 9 ax.exe" -d C:\Windows\Temp\APPS\APP000888\ -c /S <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.cmd: cmdfile => <==== ATTENTION
ShellExecuteHooks: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
ShellExecuteHooks: No Name - {4F07DA45-8170-4859-9B5F-037EF2970034} - -> No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {F16DACB1-B8EC-48EB-BE62-4D2DDB27B5CE} => C:\Windows\System32\AiCM32.dll -> No File
Task: {56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} - System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => C:\Windows\system32\pcalua.exe -a "C:\windows\temp\apps\app000888\install flash player 9 ax.exe" -d C:\Windows\Temp\APPS\APP000888\ -c /S <==== ATTENTION
2010-07-09 12:36 - 2010-07-09 12:36 - 000008064 _____ () C:\ProgramData\SPL6FBC.tmp
2013-04-19 23:53 - 2013-04-19 23:53 - 000000596 _____ () C:\ProgramData\tmpFA04.tmp
2013-01-19 02:52 - 2013-01-19 02:52 - 000000022 ____N () C:\Users\Owner\AppData\Local\xftredahs.dat
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

HKLM\System\CurrentControlSet\Services\wbengine => key removed successfully.
wbengine => service removed successfully.
HKLM\System\CurrentControlSet\Services\blbdrive => key removed successfully.
blbdrive => service removed successfully.
HKLM\System\CurrentControlSet\Services\IpInIp => key removed successfully.
IpInIp => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFlt => key removed successfully.
NwlnkFlt => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFwd => key removed successfully.
NwlnkFwd => service removed successfully.
HKLM\System\CurrentControlSet\Services\SASKUTIL => key removed successfully.
SASKUTIL => service removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E80F0D52-85B3-471E-83B9-17EE45BE405A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54396C83-FD88-4F55-9CF0-539A3D95BCF4} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE6C4A6F-AF86-461F-BF91-5AE152A3B52B} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B0956BD-F3D2-483D-B46D-8A8571258DC6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E72885C9-C635-4DBF-9775-C607C77F0F91} => value removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => key removed successfully.
AppMgmt => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} => key removed successfully.
C:\Windows\System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => key removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.bat => key removed successfully.
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Classes\.cmd => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value removed successfully.
HKLM\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} => value removed successfully.
HKLM\Software\Classes\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034} => key not found.
HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf => key removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AimersoftVideoConverterFileOpreation => key removed successfully.
HKLM\Software\Classes\CLSID\{F16DACB1-B8EC-48EB-BE62-4D2DDB27B5CE} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56C94910-4FEE-4F74-9D18-93DE1F4F3FFF} => key not found.
C:\Windows\System32\Tasks\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} => key not found.
C:\ProgramData\SPL6FBC.tmp => moved successfully
C:\ProgramData\tmpFA04.tmp => moved successfully
C:\Users\Owner\AppData\Local\xftredahs.dat => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Reseting Echo Request, failed.
Access is denied.

Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6041052 B
Java, Flash, Steam htmlcache => 31761 B
Windows/system/drivers => 3624772 B
Edge => 0 B
Chrome => 0 B
Firefox => 388931331 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 68908 B
LocalService => 0 B
NetworkService => 0 B
Owner => 150870872 B
Guest => 0 B

RecycleBin => 0 B
EmptyTemp: => 536.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 03:09:46 ====

 

 

 

As soon as I run JUNKWARE REMOVAL  I'll post the contents

[mango_nj]

JRT

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows Vista ™ Home Basic x86
Ran by Owner (Administrator) on Sat 09/16/2017 at  3:34:35.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 14

Successfully deleted: C:\Users\Owner\Documents\add-in express (Folder)
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files\bigfix (Folder)
Successfully deleted: C:\Program Files\consumersoft (Folder)
Successfully deleted: C:\Program Files\coupons (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RYFPIDJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4UXW7K5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KM9RJH1Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4Q1UJG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RYFPIDJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4UXW7K5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KM9RJH1Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4Q1UJG (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/16/2017 at  3:38:46.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[JSntgRvr]

Hi JS!!!

Thank you for the help,  I truly appreciate it.  Everything looks straight forward in the
instructions you gave me. I just had 1 question....

The AdwCleaner Progam says  Pending. Please uncheck elements you don't want to remove.
And then click the clean button.   How will I know what I shouldn't uncheck?? Maybe give me
an example. Thank you! I will begin and run FRST and JUNKWARE REMOVAL., while I wait
for your feedback

Post the scan report to see the findings. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

[mango_nj]

I have completed ALL 3 of the reports  you asked me to run.

 

 

 

AdwCleaner

 

# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 17 03:59:44 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows Vista ™ Home Basic (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\ProgramData\Auslogics
Deleted: C:\ProgramData\Application Data\Auslogics
Deleted: C:\Program Files\Auslogics
Deleted: C:\Users\All Users\Auslogics


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS
Deleted: [Key] - HKLM\SOFTWARE\LookSafe
Deleted: [Key] - HKLM\SOFTWARE\SmartDNS
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
Deleted: [Key] - HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FCE1662E-06F1-413D-80CB-33D456D1CFCB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42CE-8F74-39FB23B49767}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKLM\SOFTWARE\Auslogics
Deleted: [Key] - HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Auslogics
Deleted: [Key] - HKCU\Software\Auslogics


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2599 B] - [2017/9/17 3:55:10]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

[mango_nj]

Hi JS....I have a question....

 

In AdwCleaner...I unchecked Auslogics. This was a program I liked and used.  I only wanted the "updater" removed...which I kept checked....BUT....after I ran

AdwCleaner the Icon for the Auslogics program won't work anymore...even though I did not remove it. It gave this message....

"The item DiskDefrag.exe that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly.".   

I looked in add/remove programs and it's not listed anymore, but I never removed it. I believe the program is still there.

Can you please remove that program "completely" since it will not work anymore???  Thank you


 

[JSntgRvr]

That program is targeted as adware, but if it works for you you may be able to download the program and install.

How is the computer overall performance?

[mango_nj]

HI JS!

My laptop is better!

I think you misunderstood what I said about Auslogics.

I ran the AdwCleaner program. It said Auslogics was on the list as adware...but only the  "updater" portion of it is bad, which I checked to be removed.  

The resf of the Auslogics program is ok and I "unchecked" that...but it is not listed anymore in programs and it should be.
I think it may still be in my system....can you check my system to make sure? If any remnants of Auslogic remain can you remove it please.   The reason

I say that...is because the icon is still there and a messages says.. ""The item DiskDefrag.exe that this shortcut refers to has been changed or moved,"

Appreciate your help.

[JSntgRvr]

***** [ Folders ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\ProgramData\Auslogics
Deleted: C:\ProgramData\Application Data\Auslogics
Deleted: C:\Program Files\Auslogics
Deleted: C:\Users\All Users\Auslogics

 

 

All folders were deleted by AdwCleaner.

 

If you wish, lets search for DiskDefrag.exe

 

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

DiskDefrag.exe

It then should look like:

Search: DiskDefrag.exe

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.
 

[mango_nj]

Hi JS! Below is the search from FRST.

 

Things seem to be much better. I do see that "Malwarebytes" is still inoperative. Not sure if there is

something else still lurking in my system OR maybe I need to remove the program and install again.

Attached is a screen shot.  Please advise.  You've been so helpful.....Thank you!

 

 

--------------------------------------------------------------------------------------------------

 

Farbar Recovery Scan Tool (x86) Version: 17-09-2017 01
Ran by Owner (17-09-2017 15:37:59)
Running from C:\Users\Owner\Desktop
Boot Mode: Normal

================== Search Files: "DiskDefrag.exe" =============

C:\AdwCleaner\Quarantine\RYwTiizs2t\Disk Defrag\DiskDefrag.exe
[2017-09-16 20:59][2017-07-27 12:11] 002383968 _____ (Auslogics) CCBC07A687E18D6D3734840BA33CE957 [File is digitally signed]

====== End of Search ======

Attached Thumbnails

• 

[JSntgRvr]

Please follow these steps:

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. mbam-setup.exe
 

[mango_nj]

Hi JS!

I removed Malwarebytes and used MBAM-clean, then installed a new copy. For some reason, Malwarebytes
froze my computer. It couldn't get past the desktop.  It's never done that before. I went into safe mode and
removed it. Not sure why that is happening. Can I continue to use AdwCleaner instead?? It does pretty much
the same thing as Malwarebytes.  Please advise.

I noticed that when I was infected with adware....Kaspersky Antivirus froze on me as well. I had to remove the program,

and I've had no protection. Should I install Kaspersky again and see if it will work properly??

[JSntgRvr]

AdwCleaner is part of Malwarebytes. Malwarebytems is a collection of many developers and is more effective.

 

 

• Double-click on FRST. When the tool opens click Yes to disclaimer.
• Make sure that under Optional Scans, there is a checkmark on Addition.txt.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also produce another log (Addition.txt ). Please attach this to your reply.