Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible virus: Malwarebytes won't load, laptop freezing [Solved]

Started by mango_nj , Sep 13 2017 07:31 AM

  • This topic is locked This topic is locked

#16
JSntgRvr
Posted 19 September 2017 - 09:48 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

In addition:

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.

  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.

  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.

  • Click Next, followed by Update. Upon update completion, click Next.

  • Ensure Drivers, Sectors & System are checked and click Scan.

  • Note: Do not use your computer during the scan.

  • Upon completion:
    • If no infection is found, close the MBAR window.

    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.


  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.


  • 0

Advertisements

#17
mango_nj
Posted 19 September 2017 - 10:48 PM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi JS!  Again....thank you for all the help you've given me.

Will run those reports as soon as I can.  Thank you!


  • 0

#18
mango_nj
Posted 20 September 2017 - 06:14 AM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi JS!  I ran MBAR and no Malware found....so I closed the window.

 

 

 

FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2017
Ran by Owner (administrator) on OWNER-PC (20-09-2017 05:03:01)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Guest)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF DefaultProfile: fitzik06.default-1406886426275
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275 [2017-09-20]
FF Homepage: Mozilla\Firefox\Profiles\fitzik06.default-1406886426275 -> hxxps://mail.yahoo.com/
FF Extension: (YouTube mp3) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\[email protected] [2017-09-07]
FF Extension: (Didier Lafleur) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\[email protected] [2017-09-18]
FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-09-08]
FF Extension: (Adblock Plus) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fitzik06.default-1406886426275\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-09-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-19] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-20] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-12] (Adobe Systems Incorporated) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] () [File not signed]
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [44224 2006-10-06] (BVRP Software) [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [311808 2006-11-02] (Realtek)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-11-07] () [File not signed]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 04:59 - 2017-09-20 04:59 - 013290179 _____ C:\Users\Owner\Desktop\mbar-1.10.1.1002-nr.exe
2017-09-18 10:29 - 2017-09-18 10:30 - 068408664 _____ (Malwarebytes ) C:\Users\Owner\Desktop\mb3-setup-consumer-3.2.2.2029.exe
2017-09-18 10:26 - 2017-09-18 10:26 - 000566128 _____ (Malwarebytes) C:\Users\Owner\Desktop\mbam-clean-2.3.0.1001.exe
2017-09-17 15:37 - 2017-09-17 15:42 - 000000436 _____ C:\Users\Owner\Desktop\Search.txt
2017-09-16 20:52 - 2017-09-16 20:59 - 000000000 ____D C:\AdwCleaner
2017-09-16 03:38 - 2017-09-16 03:38 - 000002361 _____ C:\Users\Owner\Desktop\JRT.txt
2017-09-16 03:07 - 2017-09-20 05:02 - 000000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2017-09-16 03:07 - 2017-09-16 03:09 - 000009940 _____ C:\Users\Owner\Desktop\Fixlog.txt
2017-09-16 03:04 - 2017-09-16 03:04 - 008182736 _____ (Malwarebytes) C:\Users\Owner\Desktop\adwcleaner_7.0.2.1.exe
2017-09-16 02:59 - 2017-09-16 02:59 - 001790024 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe
2017-09-13 06:20 - 2017-09-13 07:45 - 000043324 _____ C:\Users\Owner\Desktop\Addition.txt
2017-09-13 06:18 - 2017-09-20 05:06 - 000007207 _____ C:\Users\Owner\Desktop\FRST.txt
2017-09-13 06:17 - 2017-09-20 05:03 - 000000000 ____D C:\FRST
2017-09-13 06:01 - 2017-09-20 05:02 - 001795584 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2017-09-09 02:56 - 2017-09-18 11:22 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-08 17:48 - 2017-09-20 04:49 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-09-08 13:57 - 2017-09-08 13:57 - 000000000 ____D C:\Users\Owner\Tracing
2017-09-08 13:56 - 2017-09-09 19:50 - 000002377 _____ C:\Users\Public\Desktop\Skype.lnk
2017-09-08 13:56 - 2017-09-08 13:56 - 000000000 ___RD C:\Program Files\Skype
2017-09-08 13:56 - 2017-09-08 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-09-08 13:56 - 2017-09-08 13:56 - 000000000 ____D C:\Program Files\Common Files\Skype
2017-09-08 13:54 - 2017-09-08 13:54 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-08 04:28 - 2017-09-08 17:47 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 04:48 - 2014-12-20 18:41 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2017-09-20 04:47 - 2006-11-02 05:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-20 04:47 - 2006-11-02 05:45 - 000004048 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-20 04:47 - 2006-11-02 05:45 - 000004048 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-19 07:27 - 2006-11-02 05:58 - 000032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-18 11:14 - 2007-10-12 03:26 - 025374736 _____ C:\Windows\ntbtlog.txt
2017-09-18 10:24 - 2013-11-14 22:02 - 000000510 _____ C:\Windows\WORDPAD.INI
2017-09-16 07:49 - 2013-03-10 04:59 - 000703388 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-16 07:49 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\inf
2017-09-16 03:14 - 2013-10-02 17:16 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-09-16 03:07 - 2006-11-02 04:18 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-09-12 20:39 - 2012-04-05 19:15 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-09-12 20:39 - 2012-04-05 19:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-09-12 20:39 - 2007-10-08 13:16 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-12 08:02 - 2008-12-23 21:52 - 000000000 ____D C:\Windows\Minidump
2017-09-08 21:47 - 2014-05-22 05:45 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-08 17:47 - 2014-05-22 05:45 - 000000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-08 13:57 - 2007-10-08 13:05 - 000000000 ____D C:\Users\Owner
2017-09-08 13:56 - 2014-12-20 18:40 - 000000000 ____D C:\ProgramData\Skype
2017-09-08 13:37 - 2008-04-05 17:25 - 000000000 ____D C:\Program Files\Kaspersky Lab
2017-09-07 13:05 - 2008-12-13 14:34 - 000149006 _____ C:\Windows\system32\LexFiles.ulf
2017-09-07 13:04 - 2013-04-05 02:41 - 000000000 ____D C:\Program Files\Lexmark

==================== Files in the root of some directories =======

2013-11-07 10:26 - 2013-11-07 14:10 - 000000100 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini
2013-11-07 10:26 - 2013-11-07 14:10 - 000000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini
2013-11-07 10:26 - 2013-11-07 14:10 - 000000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini
2013-11-07 10:20 - 2013-11-07 14:01 - 000000096 _____ () C:\Users\Owner\AppData\Roaming\version2.xml
2007-10-11 02:04 - 2015-07-20 10:00 - 000000682 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2010-01-26 14:22 - 2015-07-08 04:50 - 000001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2007-10-14 19:26 - 2013-01-17 08:25 - 000005632 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-22 20:58 - 2010-12-12 22:22 - 000000114 ____H () C:\Users\Owner\AppData\Local\tokdet56.dat
2011-08-20 22:57 - 2011-08-20 22:57 - 000017408 _____ () C:\Users\Owner\AppData\Local\WebpageIcons.db
2013-04-20 00:27 - 2015-04-29 21:35 - 000004290 _____ () C:\ProgramData\LMADIscan.log
2008-12-13 14:59 - 2009-09-30 01:28 - 000000560 _____ () C:\ProgramData\lxdf

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\sptd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-09-20 04:54

==================== End of FRST.txt ============================

 

 

 

 

ADDITION TXT

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-09-2017
Ran by Owner (20-09-2017 05:07:12)
Running from C:\Users\Owner\Desktop
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) (2007-10-08 19:57:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2753939306-2592966707-3986022943-500 - Administrator - Disabled)
Guest (S-1-5-21-2753939306-2592966707-3986022943-501 - Limited - Disabled) => C:\Users\Guest
Owner (S-1-5-21-2753939306-2592966707-3986022943-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
ABBYY FineReader 9.0 Sprint (HKLM\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.595.5857 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
CameraHelperMsi (HKLM\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
erLT (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Association Helper (HKLM\...\{936B9029-265A-45CB-88DA-B00EAB4DD14C}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 (HKLM\...\PictureItSuiteTrial_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.3.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.3.0 ESR (x86 en-US)) (Version: 52.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.3.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2407.0 - CyberLink Corporation)
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC 9.0 Runtime (HKLM\...\{A040AC77-C1AA-4CC9-8931-9F648AF178F6}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{4662DAB0-D393-11D0-9A56-00C04FB68B66}\InprocServer32 -> C:\Windows\system32\hhctrl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000_Classes\CLSID\{F76812F0-44A9-C582-41AC-C3484F5D58AA}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2013-09-26] (WinZip Computing International, LLC)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2010-09-14] (ABBYY)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20D4FFF1-3DC5-413C-BDBE-2C5FC4964EDD} - C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => Command(1): %systemroot%\system32\netsh.exe -> interface tcp set heuristic wsh=default
Task: {20D4FFF1-3DC5-413C-BDBE-2C5FC4964EDD} - C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => Command(2): %systemroot%\system32\schtasks.exe -> /delete /tn "\Microsoft\Windows\Tcpip\WSHReset" /f
Task: {3CCE3500-3535-4D3C-8D17-622428EF09A6} - System32\Tasks\{05734DEB-4D1E-4AA1-B07D-56C1132012F9} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {5CB197ED-456C-4E00-A110-6E52063BCB13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {6150EADC-D274-4AA2-A692-4E95699CE917} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {AC9B7645-4712-4248-998D-C7975DCDCE5A} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {C1589470-37C7-4695-85C8-C7202E9ED941} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {E207AF04-F765-4C45-8114-465EDF713F42} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe
Task: {ED301A62-27FF-4617-8C13-B026C47AD28E} - System32\Tasks\{A3FFDBAF-6F3A-4B4B-BFA8-141C3CF2BB87} => C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Desktop\cdex_151.exe -d C:\Users\Owner\Desktop
Task: {ED83284D-EAAF-44B9-83EA-A3A292494E9D} - System32\Tasks\{DD73897A-DD92-4BDC-8F7F-8ED3679D10E8} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.3.0.101/en/go/help.faq.installer?LastError=1601

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2006-11-02 03:25 - 2007-01-25 21:11 - 000159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 000177704 _____ () C:\Windows\system32\PSIService.exe
2007-10-08 13:43 - 2005-08-07 06:54 - 000167936 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files\Skype\Phone\skypert.dll
2013-04-19 23:35 - 2012-09-19 06:06 - 000431104 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMADIQ4A.DLL
2013-04-19 23:35 - 2012-09-19 06:06 - 000025600 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMADIQ40.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7799 more sites.

IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12686 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2017-09-16 03:08 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AVP => 2
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AVP => "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
MSCONFIG\startupreg: BigFix => c:\program files\Bigfix\bigfix.exe /atstartup
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: DW6 => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LMADImon => "C:\Program Files\Lexmark Pro710 Series\LMADImon.exe"
MSCONFIG\startupreg: Logitech Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: lxdfamon => "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
MSCONFIG\startupreg: lxdfmon.exe => "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray
MSCONFIG\startupreg: Power2GoExpress => NA
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{F420C54A-C875-4CFA-A154-CAD4EA8A5336}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{8716CBED-F227-419C-97AA-8CC505238109}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{669FF282-B8AC-40DC-94A6-787E2EA3E18F}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{CEC4905D-CC2D-4863-994D-02827F7034C8}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe

==================== Restore Points =========================

16-09-2017 03:34:35 JRT Pre-Junkware Removal
17-09-2017 07:33:09 Scheduled Checkpoint
18-09-2017 07:56:51 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #4
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #5
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #6
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #7
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #10
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #11
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #13
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #14
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #15
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #16
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #19
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #20
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #23
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #14
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #18
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #20
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2017 10:58:07 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (09/18/2017 10:17:49 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80070005.

Error: (09/17/2017 02:01:41 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FITZIK06.DEFAULT-1406886426275\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/16/2017 11:26:08 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FITZIK06.DEFAULT-1406886426275\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/16/2017 11:26:08 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FITZIK06.DEFAULT-1406886426275\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (09/19/2017 07:27:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (09/18/2017 02:07:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (09/18/2017 10:59:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/18/2017 10:59:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/18/2017 10:59:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/18/2017 10:59:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/18/2017 10:58:55 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (09/18/2017 10:58:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/18/2017 10:58:49 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (09/18/2017 10:58:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Intel® Celeron® M CPU 520 @ 1.60GHz
Percentage of memory in use: 70%
Total physical RAM: 1469.39 MB
Available physical RAM: 438.21 MB
Total Virtual: 3200.23 MB
Available Virtual: 1740.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:65.26 GB) (Free:29.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.27 GB) (Free:3.86 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 9AEED03F)
Partition 1: (Not Active) - (Size=9.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=65.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by mango_nj, 20 September 2017 - 06:51 AM.

  • 0

#19
JSntgRvr
Posted 24 September 2017 - 08:37 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

sptd.sys

It then should look like:

Search: sptd.sys

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.

 


  • 0

#20
mango_nj
Posted 25 September 2017 - 08:40 AM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

HI JS!! Here is the log

 

 

 

 

FRST

 

Farbar Recovery Scan Tool (x86) Version: 24-09-2017
Ran by Owner (25-09-2017 07:25:07)
Running from C:\Users\Owner\Desktop
Boot Mode: Normal

================== Search Files: "sptd.sys
" =============

C:\Windows\System32\drivers\sptd.sys
[2013-11-07 15:15][2013-11-07 15:15] 000691696 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

====== End of Search ======


  • 0

#21
JSntgRvr
Posted 25 September 2017 - 02:12 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

I am asking FRST developer why this driver is being tagged as a zero byte file. Will come back.

 

How is the computer doing overall?


  • 0

#22
mango_nj
Posted 25 September 2017 - 02:29 PM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

HI JS!!!   The laptop is much better than it was initially. Unsure why I can't install Malwarebytes anymore, but the performance is better.

It's not crashing anymore, but it does hesitate and freezes intermittently on a webpage...then after about a  minute it will be ok.


  • 0

#23
JSntgRvr
Posted 26 September 2017 - 05:37 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Type this command at an Administrator command prompt and press Enter.

 

netsh int ip reset

 

Let me know if an error is returned.

 

Restart and test.


  • 0

#24
mango_nj
Posted 26 September 2017 - 06:00 PM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi JS!!!  see attached


  • 0

#25
mango_nj
Posted 26 September 2017 - 06:02 PM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi JS!!!  see attached

Attached Thumbnails

  • command-pr.jpg

  • 0

Advertisements

#26
JSntgRvr
Posted 28 September 2017 - 03:19 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Type this command at an Administrator command prompt and press Enter.

 

Net Start > "%userprofile%\desktop\netrpt.txt"

 

This should produce a report on your desktop, netrpt.txt. Please post its contents in your next reply.


  • 0

#27
mango_nj
Posted 28 September 2017 - 04:11 PM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi JS!  I copied and pasted your instruction into an administrative command prompt...but it does nothing.

I received no log. I did it twice.

 

SUCCESS!!!!! I tried it again and it worked. System is very slow.

 

 

These Windows services are started:

   ABBYY FineReader 9.0 Sprint Licensing Service
   Application Information
   Ati External Event Utility
   Background Intelligent Transfer Service
   Base Filtering Engine
   CNG Key Isolation
   COM+ Event System
   Cryptographic Services
   Cyberlink RichVideo Service(CRVS)
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   Diagnostic System Host
   Distributed Link Tracking Client
   DNS Client
   Extensible Authentication Protocol
   Function Discovery Resource Publication
   Group Policy Client
   Human Interface Device Access
   IKE and AuthIP IPsec Keying Modules
   IP Helper
   Multimedia Class Scheduler
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   Plug and Play
   Print Spooler
   Program Compatibility Assistant Service
   ProtexisLicensing
   ReadyBoost
   Remote Access Connection Manager
   Remote Procedure Call (RPC)
   Secondary Logon
   Secure Socket Tunneling Protocol Service
   Security Accounts Manager
   Security Center
   Server
   Shell Hardware Detection
   Software Licensing
   SSDP Discovery
   Superfetch
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   Telephony
   Themes
   UPnP Device Host
   User Profile Service
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Driver Foundation - User-mode Driver Framework
   Windows Event Log
   Windows Firewall
   Windows Font Cache Service
   Windows Image Acquisition (WIA)
   Windows Management Instrumentation
   Windows Media Player Network Sharing Service
   Windows Modules Installer
   Windows Search
   Windows Time
   Windows Update
   WinHTTP Web Proxy Auto-Discovery Service
   WLAN AutoConfig
   Workstation

The command completed successfully.

 


Edited by mango_nj, 28 September 2017 - 04:20 PM.

  • 0

#28
JSntgRvr
Posted 28 September 2017 - 06:47 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

You know. I wont give too much attention to that Access Denied output when running the Netsh command. It is only telling us that there is a small folder in the registry locked for which you have no access. It is more the damage we can incur in editing the registry than the benefits. All services the addition.txt reported as missing are up and running.

 

So lets cleanup.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)


  • 0

#29
mango_nj
Posted 28 September 2017 - 08:15 PM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi JS!!!   I still see mbar-1.10.1.1002-nr.exe on my desktop size: 12.6 mb

I assumed it would say -0- bytes if there was nothing in it. Maybe it's just the icon still there.

 

 

# DelFix v1.013 - Logfile created 28/09/2017 at 18:50:24
# Updated 17/04/2016 by Xplode
# Username : Owner - OWNER-PC
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Owner\Desktop\FRST-OlderVersion
Deleted : C:\Users\Owner\Desktop\mbar
Deleted : C:\Users\Owner\Desktop\Addition.txt
Deleted : C:\Users\Owner\Desktop\adwcleaner_7.0.2.1.exe
Deleted : C:\Users\Owner\Desktop\Fixlog.txt
Deleted : C:\Users\Owner\Desktop\FRST.exe
Deleted : C:\Users\Owner\Desktop\FRST.txt
Deleted : C:\Users\Owner\Desktop\JRT.exe
Deleted : C:\Users\Owner\Desktop\JRT.txt
Deleted : C:\Users\Owner\Desktop\Search.txt

~ Creating registry backup ... OK

########## - EOF - ##########
 


Edited by mango_nj, 29 September 2017 - 09:31 AM.

  • 0

#30
JSntgRvr
Posted 29 September 2017 - 09:46 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

I believe MBAR is no included in the fix. Just right click on the file and select delete, then empty your recycle bin.

 

 

Always keep your antivirus active and updated.

 

Best regards. :)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP