Charval
2016-12-27, 12:53
Hi,
Merry Christmas to everyone.
I am helping out my dad, whose comupter is very slow. It is an old machine so we know that doesn't help. Pages take ages to open, often crashing in process. AVG & Windows Defender scans show nothing sinister going on. Has had a new motherboard, which we think may have contributed to problem as it's never been right since this was installed - but person who put it in, said nothing wrong.
Here's logs:
FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2016
Ran by valerie (administrator) on REPLACEMENTPC (27-12-2016 10:25:08)
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available Profiles: valerie)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\ScanGuard\SecurityService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [EPSON SX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: E - E:\Bin\ASSETUP.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: {474edf55-1b46-11dc-8149-806e6f6e6963} - E:\inst_32\autorun.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Restriction ? <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{045EA7A2-4987-46C6-BCDA-675480FF3BD8}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {D3B96B60-60D2-4750-A2F3-89C0CDB26A9E} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {F8EBD1FA-411D-4840-848F-74F59FE14D41} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^GB&gct=&itbv=12.24.1.51&apn_uid=FB598443-4F0C-4C01-8747-34C81DFE66D9&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^GB&apn_dbr=ie_9.0.8112.16636&doi=2015-04-15&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-09-28] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
FireFox:
========
FF ProfilePath: C:\Users\valerie\AppData\Roaming\Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985 [2016-12-27]
FF Homepage: Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985 -> hxxp://home.bt.com/
FF Extension: (Search and New Tab by Yahoo) - C:\Users\valerie\AppData\Roaming\Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-11-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2009-09-02] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll [2005-04-27] (RealNetworks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1343853513-471013651-1662923988-1000: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll [2010-06-10] (Yahoo! Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (Google Slides) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-17]
CHR Extension: (Google Docs) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
CHR Extension: (Google Drive) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (Google Search) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Yahoo Partner) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom [2016-10-28]
CHR Extension: (Google Sheets) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (GamingWonderland) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi [2016-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Yahoo Partner) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-12-10]
CHR Extension: (Gmail) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
CHR Extension: (TestForSpeed) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn [2016-10-03]
CHR Extension: (Arcade Freak) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmlcfgoffhofioajgeickbojhajoafb [2016-08-19]
CHR HKLM\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 gupdate1c95fd8b90ceb00; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SecurityService; C:\Program Files\ScanGuard\SecurityService.exe [20592 2016-12-07] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.) [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 MpKslf312fec8; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4844FF4F-DBFD-4AB2-B5D9-D7E0728E4916}\MpKslf312fec8.sys [39168 2016-12-26] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 NETIMFLT; C:\Windows\System32\DRIVERS\netimflt.sys [142128 2007-04-24] (Panda Software)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-29] (Sonic Solutions) [File not signed]
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [14368 1999-10-11] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [304128 2016-05-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2016-05-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [103936 2016-05-14] (Microsoft Corporation) [File not signed]
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1149552 2010-10-01] (VIA Technologies, Inc.)
S4 blbdrive; no ImagePath
S3 IpInIp; no ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 NwlnkFlt; no ImagePath
S3 NwlnkFwd; no ImagePath
S3 PavSRK.sys; no ImagePath
S3 PavTPK.sys; no ImagePath
S1 WNMFLT; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 10:25 - 2016-12-27 10:27 - 00018391 _____ C:\Users\valerie\Desktop\FRST.txt
2016-12-27 10:23 - 2016-12-27 10:25 - 00000000 ____D C:\FRST
2016-12-27 10:22 - 2016-12-27 10:22 - 00000815 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-27 10:22 - 2016-12-27 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-27 10:19 - 2016-12-27 10:20 - 08803648 _____ (Piriform Ltd) C:\Users\valerie\Downloads\ccsetup525.exe
2016-12-27 10:14 - 2016-12-27 10:14 - 01762816 _____ (Farbar) C:\Users\valerie\Desktop\FRST.exe
2016-12-26 11:00 - 2016-12-26 11:02 - 00000000 ____D C:\Users\valerie\Documents\UniversalExtractor_111687
2016-12-14 14:39 - 2016-12-14 14:39 - 00001837 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-14 14:30 - 2016-12-14 14:32 - 12231000 _____ (Microsoft Corporation) C:\Users\valerie\Downloads\mseinstall (1).exe
2016-12-14 14:16 - 2016-12-14 14:16 - 00313366 _____ C:\Users\valerie\Downloads\WindowsUpdateDiagnostic.diagcab
2016-12-14 13:14 - 2016-12-14 13:14 - 02726828 _____ C:\Users\valerie\Downloads\Windows6.0-KB931099-x86 (1).msu
2016-12-14 13:08 - 2016-12-14 13:08 - 00000000 ____D C:\68d6c8518f46a70d8e
2016-12-14 13:06 - 2016-12-14 13:07 - 02726828 _____ C:\Users\valerie\Downloads\Windows6.0-KB931099-x86.msu
2016-12-14 12:59 - 2016-12-14 13:00 - 107333706 _____ C:\Users\valerie\Downloads\Unconfirmed 737008.crdownload
2016-12-14 11:58 - 2016-12-14 11:58 - 00000000 ____D C:\quardata
2016-12-14 11:44 - 2016-12-14 12:11 - 00000000 ____D C:\Program Files\ScanGuard
2016-12-14 11:43 - 2016-12-14 11:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-14 11:41 - 2016-12-14 11:41 - 09816616 _____ C:\Users\valerie\Downloads\ScanGuard(2).exe
2016-12-14 11:40 - 2016-12-14 11:40 - 09816616 _____ C:\Users\valerie\Downloads\ScanGuard(1).exe
2016-12-14 11:38 - 2016-12-14 11:38 - 09816616 _____ C:\Users\valerie\Downloads\ScanGuard.exe
2016-12-13 09:42 - 2016-12-13 09:42 - 00000000 ____D C:\Users\valerie\AppData\Local\{F3CC7D77-101F-484A-95A8-4310B930AF03}
2016-12-13 09:37 - 2016-12-13 10:22 - 00000000 ____D C:\Users\valerie\Downloads\Evergreens
2016-12-01 15:08 - 2016-12-01 15:08 - 00000000 ____D C:\Users\valerie\AppData\Local\ElevatedDiagnostics
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 10:22 - 2010-04-06 08:05 - 00000000 ____D C:\Program Files\CCleaner
2016-12-27 09:59 - 2007-06-18 19:23 - 00000000 ___HD C:\Windows\inf
2016-12-27 09:54 - 2016-11-19 14:44 - 00000000 ____D C:\Users\valerie\AppData\LocalLow\Mozilla
2016-12-27 09:50 - 2015-10-06 22:37 - 00000000 ____D C:\Users\valerie\AppData\Roaming\Skype
2016-12-27 09:46 - 2016-05-09 17:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-27 09:34 - 2006-11-02 12:47 - 00005984 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-27 09:34 - 2006-11-02 12:47 - 00005984 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-26 17:50 - 2014-12-09 17:50 - 00000244 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2016-12-26 15:13 - 2007-09-04 12:26 - 00000000 ____D C:\ProgramData\TEMP
2016-12-26 11:34 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-26 11:33 - 2006-11-02 13:01 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-26 09:10 - 2007-08-24 09:29 - 00060928 _____ C:\Users\valerie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-26 08:48 - 2011-01-20 18:22 - 00000000 ____D C:\Users\valerie\Documents\Excel
2016-12-25 15:46 - 2014-05-20 00:10 - 00000000 ____D C:\Users\valerie\Documents\Lyrics and all
2016-12-25 12:48 - 2011-03-24 10:04 - 00000000 ____D C:\Users\valerie\Documents\Sutton on Sea Railway Houses
2016-12-23 20:45 - 2006-11-02 10:33 - 00765776 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 19:38 - 2016-10-30 12:55 - 00000000 ____D C:\Users\valerie\Documents\Mobile Phones
2016-12-21 11:31 - 2016-02-11 15:21 - 00002627 _____ C:\Users\valerie\Desktop\Microsoft Office Word 2007 (2).lnk
2016-12-16 08:09 - 2016-11-19 12:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-16 00:05 - 2008-08-19 23:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-12-16 00:02 - 2010-06-04 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-14 15:33 - 2015-10-16 10:55 - 00000000 ____D C:\Users\valerie\Documents\Charlies misc paperwork 5th 30 KB
2016-12-14 14:40 - 2011-01-28 01:19 - 00002154 _____ C:\Windows\epplauncher.mif
2016-12-14 14:38 - 2011-01-28 01:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-13 20:46 - 2016-05-09 17:14 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 20:46 - 2016-05-09 17:14 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-13 20:46 - 2007-09-06 12:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 17:25 - 2009-10-24 11:13 - 00000000 ____D C:\Users\valerie\Documents\Recipes
2016-12-13 13:38 - 2016-08-03 16:53 - 00000000 ____D C:\Users\valerie\Documents\Evergreen miniature Rly
2016-12-13 09:46 - 2010-10-23 22:40 - 00000000 ____D C:\Users\valerie\Documents\King Arthur stuff 1st 227 MB
2016-12-13 09:44 - 2012-12-10 14:13 - 00000000 ____D C:\Users\valerie\Downloads\G&CMES
2016-12-10 23:36 - 2016-07-10 12:46 - 00000000 ____D C:\Users\valerie\Downloads\Blower
2016-12-10 23:32 - 2016-01-07 00:41 - 00000000 ____D C:\Users\valerie\Desktop\BLOWER 2016
2016-12-05 21:07 - 2010-12-22 12:13 - 00000000 ____D C:\Users\valerie\Documents\Lables
2016-12-05 21:07 - 2010-09-12 09:03 - 00000000 ____D C:\Users\valerie\Documents\St Barnabas shop
2016-12-05 09:09 - 2014-08-14 07:58 - 00000000 ____D C:\Users\valerie\Documents\St.Barnabas Brvment
2016-12-04 09:38 - 2015-10-16 10:57 - 00000000 ____D C:\Users\valerie\Documents\Computer stuff
2016-12-03 14:58 - 2016-11-08 10:37 - 00000000 ____D C:\Users\valerie\Desktop\Evergreen news
2016-11-30 15:07 - 2013-03-03 12:38 - 00000000 ____D C:\Users\valerie\Desktop\Trains for sorting
2016-11-28 15:14 - 2016-02-03 13:42 - 00000000 ____D C:\Users\valerie\Documents\Music notes
2016-11-27 00:14 - 2012-05-31 10:33 - 00000000 ____D C:\Users\valerie\Documents\Waltham Mill Railway 4th 20.8 KB
==================== Files in the root of some directories =======
2007-09-19 12:02 - 2007-09-19 12:02 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files\RngInterstitial.dll
2010-04-06 19:23 - 2010-04-06 19:23 - 16409960 _____ (Safer Networking Limited ) C:\Program Files\spybotsd162.exe
2015-04-19 17:35 - 2015-04-20 07:00 - 0000053 _____ () C:\Users\valerie\AppData\Roaming\LogFile.txt
2007-10-15 18:05 - 2011-05-06 13:51 - 0000680 _____ () C:\Users\valerie\AppData\Local\d3d9caps.dat
2007-08-24 09:29 - 2016-12-26 09:10 - 0060928 _____ () C:\Users\valerie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-09-20 08:24 - 2010-11-27 19:35 - 0000118 _____ () C:\Users\valerie\AppData\Local\DownloadLog.txt
2011-05-21 15:10 - 2011-05-21 15:11 - 0000000 _____ () C:\Users\valerie\AppData\Local\{83FB0A07-5C3A-4242-839C-60C562C72A87}
2013-07-19 09:32 - 2013-07-19 09:32 - 15985837 _____ () C:\ProgramData\SPL51CD.tmp
2012-03-24 10:30 - 2012-03-24 10:30 - 2409340 _____ () C:\ProgramData\SPL5456.tmp
2013-10-20 08:46 - 2013-10-20 08:46 - 0597668 _____ () C:\ProgramData\SPL6315.tmp
2012-05-21 12:12 - 2012-05-21 12:12 - 0514329 _____ () C:\ProgramData\SPL777F.tmp
2012-05-21 11:33 - 2012-05-21 11:33 - 0514329 _____ () C:\ProgramData\SPL7F3E.tmp
2013-10-19 09:36 - 2013-10-19 09:36 - 0597668 _____ () C:\ProgramData\SPLAE87.tmp
2012-03-24 10:04 - 2012-03-24 10:04 - 2409340 _____ () C:\ProgramData\SPLCC55.tmp
2007-10-30 16:14 - 2007-10-30 16:14 - 0474688 _____ () C:\ProgramData\SPLCF13.tmp
Some files in TEMP:
====================
C:\Users\valerie\AppData\Local\Temp\DefaultPack.EXE
C:\Users\valerie\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-26 23:53
==================== End of FRST.txt ============================
Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by valerie (27-12-2016 10:29:35)
Running from C:\Users\valerie\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-06-15 13:49:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1343853513-471013651-1662923988-500 - Administrator - Disabled)
Guest (S-1-5-21-1343853513-471013651-1662923988-501 - Limited - Enabled)
valerie (S-1-5-21-1343853513-471013651-1662923988-1000 - Administrator - Enabled) => C:\Users\valerie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
100% Hidden Objects (HKLM\...\BFG-100 Percent Hidden Objects) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.45 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{7A9FC484-2002-39E6-EF93-990C8A0D6F96}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
BT Broadband Talk Softphone 2.0 (HKLM\...\BT Broadband Talk Softphone Frontier_is1) (Version: - BT)
BTTotalBroadband220V (HKLM\...\BT Total Broadband 220V) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Chuzzle Deluxe 1.01 (HKLM\...\Chuzzle Deluxe 1.01) (Version: - )
CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cradle of Egypt (HKLM\...\BFG-Cradle of Egypt) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Printer Software Downloader (HKLM\...\Epson Printer Software Downloader) (Version: - )
Epson Printer Software Downloader (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version: - )
EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
File Signature Verification (HKLM\...\chklogo) (Version: - Microsoft Corporation)
Garmin Communicator Plugin (HKLM\...\{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}) (Version: 2.8.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{E0783143-EAE2-4047-A8D6-E155523C594C}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HydraVision (Version: 4.2.152.0 - ATI Technologies Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Jar of Marbles (HKLM\...\BFG-Jar of Marbles) (Version: - )
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jigs@w Puzzle 2 (HKLM\...\{E9618350-E3C0-450b-828A-33EB3F5A941A}) (Version: - Tibo Software)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech SetPoint 6.22 (HKLM\...\sp6) (Version: 6.22.24 - Logitech)
Luxor Bundle Pack (HKLM\...\BFG-Luxor Bundle Pack) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-GB)) (Version: 49.0.1 - Mozilla)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MyFreeCodec) (Version: - )
Noah's Ark Deluxe 1.1 (HKLM\...\Noah's Ark Deluxe 1.1) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
PCI Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.0.0 - Conexant Systems)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
RealArcade (HKLM\...\RealArcade 1.2) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5404 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
ScanGuard 1.22.7 (HKLM\...\ScanGuard) (Version: 1.22.7 - ScanGuard)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
Tesco Easy Record (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.31 - Sonic Solutions)
Tesco Personal Finance 1.0 (HKLM\...\Tesco Personal Finance 1.0) (Version: - Tesco)
Tesco Photobook Creator (HKLM\...\Tesco Photobook Creator_is1) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version: - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Word Web Deluxe (HKLM\...\BFG-Word Web Deluxe) (Version: - )
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Yahoo! BrowserPlus 2.9.2 (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4C68457-E642-4354-8E6E-873076FB9FB6}\InprocServer32 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\YBPAddon_2.9.2.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\SYSTEM32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00174B35-32E4-44B9-940D-209ED9BACC9E} - System32\Tasks\{73AA2CD6-CAD3-4721-89B5-E3452E6AFAFA} => pcalua.exe -a "C:\Program Files\Tesco Personal Finance\uninstall.exe"
Task: {03E5FB7A-C722-4508-B574-8514F1A1C8D6} - System32\Tasks\SafeBytes.AutoScheduledScanWeekOne => C:\Program Files\SafeBytes\safebytes.exe
Task: {04F98558-1D21-49F5-98F0-E2CD3B4B3AE0} - System32\Tasks\{BBDD49CB-3815-4BD6-83EE-80159BD9F933} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{1C0FBAAA-02E1-4FA0-B68F-A17A2786D8B8}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {256A0AF9-EB2B-4675-A31E-DA1D00A5FB3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {43476512-A033-4A98-9EBA-EB4E8EABBAF8} - System32\Tasks\{59AF0045-13DB-4F00-958F-5FAD84A0C32A} => pcalua.exe -a K:\setup.exe -d K:\
Task: {4B12814A-0278-4AE2-942A-2C2D76FCBB93} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {5D2E770A-163C-4DBD-9461-78004ABA254E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {67F29650-86CE-4A2D-BC3E-9DB0EACA13CF} - System32\Tasks\{3660E0B3-09A1-4A9A-9284-36C25AA3FE35} => pcalua.exe -a "C:\Program Files\MSN Games\Bricks of Egypt\Uninstall.exe" -c "C:\Program Files\MSN Games\Bricks of Egypt\install.log"
Task: {6D6B60DB-E737-47EC-BB52-BE392745BBEC} - System32\Tasks\{708ED796-EFCC-4AA5-B076-56E5FFECC07D} => pcalua.exe -a "C:\Program Files\PopCap Games\Noah's Ark Deluxe\PopUninstall.exe" -c "C:\Program Files\PopCap Games\Noah's Ark Deluxe\Install.log"
Task: {73562AC1-83E0-465E-AC0D-9A2F9D45EC59} - System32\Tasks\{BF35C40C-9B64-41B7-87AF-DD649973324B} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H803DTMW\BTBroadbandDesktopHelpUpgradeAdvisor[1].exe" -d C:\Users\valerie\Desktop
Task: {7FAA36D6-D12C-480D-A53C-9E4189AFAA69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {814AF987-DF13-466A-9BBF-731FA9ED9F19} - System32\Tasks\{3F37112C-66E7-40F1-989D-0B4323D482FB} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENJZG3OM\RealArcade-Installer_superjigsawlandscapes_ambient[1].exe" -d C:\Users\valerie\Desktop
Task: {831BB630-6178-4F11-AD02-D0990759372A} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {BE0A69F2-645D-48D9-96FC-F6F77AFF52B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {E45873CE-73E0-47C0-B992-B78961396371} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\valerie\AppData\Local\Temp\IHU8323.tmp.exe <==== ATTENTION
Task: {E8817263-B960-4694-AB18-D90D885080B3} - System32\Tasks\User_Feed_Synchronization-{FD04D118-7ADD-45FF-9BC4-CC3188C3ED40}
Task: {EE03B125-D2BE-45C6-A291-FA1435F5EF9C} - System32\Tasks\Microsoft\Windows\RestartManager\{01F03597-8273-4e5d-9D17-DC769DB71D28} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {F47ABE44-D9A3-4515-850C-6A99F3D73241} - System32\Tasks\SafeBytes.AutoScheduledScanPostWeekOne => C:\Program Files\SafeBytes\safebytes.exe
Task: {F7631F9D-7067-4EB7-A10E-B954351C3BBE} - System32\Tasks\{E47480C0-5F1D-4DB3-9730-5777A95CAED0} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {FD7E32D2-FADB-4899-ADF0-57015DD687FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\ParetoLogic Registration.job => rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-12-14 11:44 - 2016-12-07 19:15 - 00020592 _____ () C:\Program Files\ScanGuard\SecurityService.exe
2016-12-14 11:44 - 2016-04-15 16:44 - 00062976 _____ () C:\Program Files\ScanGuard\LinqBridge.dll
2016-12-14 11:44 - 2016-12-07 19:14 - 00138240 _____ () C:\Program Files\ScanGuard\AviraLib.dll
2016-12-14 11:44 - 2016-12-07 19:13 - 00240128 _____ () C:\Program Files\ScanGuard\Utilizr.dll
2016-12-14 11:44 - 2016-12-07 19:14 - 00731136 _____ () C:\Program Files\ScanGuard\Engine.Win.dll
2016-12-14 11:44 - 2016-12-07 19:13 - 00019968 _____ () C:\Program Files\ScanGuard\Utilizr.VPN.Win.dll
2016-12-14 11:44 - 2016-12-07 19:14 - 00096256 _____ () C:\Program Files\ScanGuard\SSCore.dll
2014-12-09 17:47 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 17:47 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4A93D042 [225]
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E [476]
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9 [245]
AlternateDataStreams: C:\ProgramData\TEMP:8684F6F0 [216]
AlternateDataStreams: C:\ProgramData\TEMP:9F683177 [266]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [516]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\vodafone.net -> hxxps://www.vodafone.net
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 10:23 - 2015-04-17 23:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\valerie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LXCYCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
MSCONFIG\startupreg: Pareto_Update => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMP-Out-TCP] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{AEDAB11D-CFFF-4E5E-9E43-4D5B2ABCEE1B}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{20796941-55A5-44E0-A447-EDE04A5EE083}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{AC4A77F3-F6B7-41F9-A429-F2F5CE280A08}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{E6CA3C00-5519-4994-A7E3-976645D87974}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{12CB731C-E8BF-4855-9F10-764CAF032411}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BF02D282-94B4-4EB4-8926-4CDD35E2B611}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{21AB6C23-E1F0-4651-9EA0-30A05C6B72D5}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{87C5C7B5-D630-4555-AD71-EA00B492AA10}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{32621554-6D90-4ECC-91F2-4A713E27C001}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{7048D18E-36E5-4444-8B86-9F9CB8581D5F}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [TCP Query User{2841122D-18EA-4CDA-9435-D73B1E3AE746}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [UDP Query User{9792310B-05ED-4F60-B20D-453427C663C6}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [TCP Query User{E904E664-5DCF-48B2-ACC4-0FA1C248A64C}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{6596FC35-5965-4B26-95D2-78172F63A891}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [TCP Query User{270282F2-360D-4FB6-BCF2-1845A3BBE9CE}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C598AE8C-F85E-4A55-A068-8322101DC0FE}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{5A5C9057-1704-4DF1-867A-CCFFA51F5934}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0ACBFECB-FB93-47FC-B7AB-18E12B8AB392}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{61D60731-9D46-43EA-9407-6F1835039F5D}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ACA465BC-393A-4CEF-8E32-250175449795}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F03337FE-1015-4BB8-8321-44929E3B1C85}] => C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
06-09-2016 07:33:05 Windows Update
07-09-2016 07:22:56 Scheduled Checkpoint
07-09-2016 23:01:30 Scheduled Checkpoint
09-09-2016 07:42:26 Scheduled Checkpoint
10-09-2016 07:24:39 Scheduled Checkpoint
11-09-2016 15:32:18 Scheduled Checkpoint
12-09-2016 07:06:38 Scheduled Checkpoint
13-09-2016 06:35:27 Windows Update
11-10-2016 16:54:55 Installed Speed Fix Tool Plus
11-10-2016 22:23:52 Removed Speed Fix Tool Plus
14-12-2016 11:42:28 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
16-12-2016 13:50:12 Windows Update
23-12-2016 09:23:34 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2016 09:56:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SESSIONSTORE-BACKUPS\RECOVERY.JS> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/27/2016 09:56:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SESSIONSTORE-BACKUPS\RECOVERY.JS> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/27/2016 09:56:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/27/2016 09:56:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\FACEBOOK.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\FACEBOOK.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\DROPDOWN.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\DROPDOWN.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\CONNECTION.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\CONNECTION.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (12/26/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WNMFLT
Error: (12/26/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 11:27:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WNMFLT
Error: (12/26/2016 11:27:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 11:27:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 11:23:14 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (12/26/2016 08:55:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WNMFLT
Error: (12/26/2016 08:54:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 08:54:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
CodeIntegrity:
===================================
Date: 2016-12-14 14:37:52.294
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:51.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:50.617
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:49.619
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:41.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:41.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:40.256
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:39.235
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:37.032
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:34.789
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of memory in use: 73%
Total physical RAM: 2037.44 MB
Available physical RAM: 543.27 MB
Total Virtual: 4320.12 MB
Available Virtual: 2040.73 MB
==================== Drives ================================
Drive c: (Partition_1) (Fixed) (Total:221.69 GB) (Free:109.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.19 GB) (Free:3.29 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 063912D2)
Partition 1: (Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR Log:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-12-27 10:40:29
-----------------------------
10:40:29.893 OS Version: Windows 6.0.6002 Service Pack 2
10:40:29.894 Number of processors: 2 586 0x602
10:40:29.897 ComputerName: REPLACEMENTPC UserName: valerie
10:40:53.966 Initialize success
10:40:54.549 VM: initialized successfully
10:40:54.554 VM: Intel CPU supported
10:40:58.953 VM: disk I/O atapi.sys
10:45:30.447 The log file has been saved successfully to "C:\Users\valerie\Desktop\aswMBR.txt"
Many thanks.
Merry Christmas to everyone.
I am helping out my dad, whose comupter is very slow. It is an old machine so we know that doesn't help. Pages take ages to open, often crashing in process. AVG & Windows Defender scans show nothing sinister going on. Has had a new motherboard, which we think may have contributed to problem as it's never been right since this was installed - but person who put it in, said nothing wrong.
Here's logs:
FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2016
Ran by valerie (administrator) on REPLACEMENTPC (27-12-2016 10:25:08)
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available Profiles: valerie)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\ScanGuard\SecurityService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [EPSON SX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: E - E:\Bin\ASSETUP.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: {474edf55-1b46-11dc-8149-806e6f6e6963} - E:\inst_32\autorun.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Restriction ? <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{045EA7A2-4987-46C6-BCDA-675480FF3BD8}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {D3B96B60-60D2-4750-A2F3-89C0CDB26A9E} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {F8EBD1FA-411D-4840-848F-74F59FE14D41} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^GB&gct=&itbv=12.24.1.51&apn_uid=FB598443-4F0C-4C01-8747-34C81DFE66D9&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^GB&apn_dbr=ie_9.0.8112.16636&doi=2015-04-15&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-09-28] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
FireFox:
========
FF ProfilePath: C:\Users\valerie\AppData\Roaming\Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985 [2016-12-27]
FF Homepage: Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985 -> hxxp://home.bt.com/
FF Extension: (Search and New Tab by Yahoo) - C:\Users\valerie\AppData\Roaming\Mozilla\Firefox\Profiles\3lu1vb8p.default-1475517116985\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-11-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2009-09-02] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll [2005-04-27] (RealNetworks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1343853513-471013651-1662923988-1000: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll [2010-06-10] (Yahoo! Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (Google Slides) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-17]
CHR Extension: (Google Docs) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
CHR Extension: (Google Drive) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (Google Search) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Yahoo Partner) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom [2016-10-28]
CHR Extension: (Google Sheets) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (GamingWonderland) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmmbibdalclbbojmggolmkjollahi [2016-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Yahoo Partner) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-12-10]
CHR Extension: (Gmail) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
CHR Extension: (TestForSpeed) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobegihdjniefklcnkenodepchebofnn [2016-10-03]
CHR Extension: (Arcade Freak) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmlcfgoffhofioajgeickbojhajoafb [2016-08-19]
CHR HKLM\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 gupdate1c95fd8b90ceb00; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SecurityService; C:\Program Files\ScanGuard\SecurityService.exe [20592 2016-12-07] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.) [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 MpKslf312fec8; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4844FF4F-DBFD-4AB2-B5D9-D7E0728E4916}\MpKslf312fec8.sys [39168 2016-12-26] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 NETIMFLT; C:\Windows\System32\DRIVERS\netimflt.sys [142128 2007-04-24] (Panda Software)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-29] (Sonic Solutions) [File not signed]
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [14368 1999-10-11] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [304128 2016-05-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2016-05-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [103936 2016-05-14] (Microsoft Corporation) [File not signed]
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1149552 2010-10-01] (VIA Technologies, Inc.)
S4 blbdrive; no ImagePath
S3 IpInIp; no ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 NwlnkFlt; no ImagePath
S3 NwlnkFwd; no ImagePath
S3 PavSRK.sys; no ImagePath
S3 PavTPK.sys; no ImagePath
S1 WNMFLT; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 10:25 - 2016-12-27 10:27 - 00018391 _____ C:\Users\valerie\Desktop\FRST.txt
2016-12-27 10:23 - 2016-12-27 10:25 - 00000000 ____D C:\FRST
2016-12-27 10:22 - 2016-12-27 10:22 - 00000815 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-27 10:22 - 2016-12-27 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-27 10:19 - 2016-12-27 10:20 - 08803648 _____ (Piriform Ltd) C:\Users\valerie\Downloads\ccsetup525.exe
2016-12-27 10:14 - 2016-12-27 10:14 - 01762816 _____ (Farbar) C:\Users\valerie\Desktop\FRST.exe
2016-12-26 11:00 - 2016-12-26 11:02 - 00000000 ____D C:\Users\valerie\Documents\UniversalExtractor_111687
2016-12-14 14:39 - 2016-12-14 14:39 - 00001837 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-14 14:30 - 2016-12-14 14:32 - 12231000 _____ (Microsoft Corporation) C:\Users\valerie\Downloads\mseinstall (1).exe
2016-12-14 14:16 - 2016-12-14 14:16 - 00313366 _____ C:\Users\valerie\Downloads\WindowsUpdateDiagnostic.diagcab
2016-12-14 13:14 - 2016-12-14 13:14 - 02726828 _____ C:\Users\valerie\Downloads\Windows6.0-KB931099-x86 (1).msu
2016-12-14 13:08 - 2016-12-14 13:08 - 00000000 ____D C:\68d6c8518f46a70d8e
2016-12-14 13:06 - 2016-12-14 13:07 - 02726828 _____ C:\Users\valerie\Downloads\Windows6.0-KB931099-x86.msu
2016-12-14 12:59 - 2016-12-14 13:00 - 107333706 _____ C:\Users\valerie\Downloads\Unconfirmed 737008.crdownload
2016-12-14 11:58 - 2016-12-14 11:58 - 00000000 ____D C:\quardata
2016-12-14 11:44 - 2016-12-14 12:11 - 00000000 ____D C:\Program Files\ScanGuard
2016-12-14 11:43 - 2016-12-14 11:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-14 11:41 - 2016-12-14 11:41 - 09816616 _____ C:\Users\valerie\Downloads\ScanGuard(2).exe
2016-12-14 11:40 - 2016-12-14 11:40 - 09816616 _____ C:\Users\valerie\Downloads\ScanGuard(1).exe
2016-12-14 11:38 - 2016-12-14 11:38 - 09816616 _____ C:\Users\valerie\Downloads\ScanGuard.exe
2016-12-13 09:42 - 2016-12-13 09:42 - 00000000 ____D C:\Users\valerie\AppData\Local\{F3CC7D77-101F-484A-95A8-4310B930AF03}
2016-12-13 09:37 - 2016-12-13 10:22 - 00000000 ____D C:\Users\valerie\Downloads\Evergreens
2016-12-01 15:08 - 2016-12-01 15:08 - 00000000 ____D C:\Users\valerie\AppData\Local\ElevatedDiagnostics
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 10:22 - 2010-04-06 08:05 - 00000000 ____D C:\Program Files\CCleaner
2016-12-27 09:59 - 2007-06-18 19:23 - 00000000 ___HD C:\Windows\inf
2016-12-27 09:54 - 2016-11-19 14:44 - 00000000 ____D C:\Users\valerie\AppData\LocalLow\Mozilla
2016-12-27 09:50 - 2015-10-06 22:37 - 00000000 ____D C:\Users\valerie\AppData\Roaming\Skype
2016-12-27 09:46 - 2016-05-09 17:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-27 09:34 - 2006-11-02 12:47 - 00005984 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-27 09:34 - 2006-11-02 12:47 - 00005984 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-26 17:50 - 2014-12-09 17:50 - 00000244 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2016-12-26 15:13 - 2007-09-04 12:26 - 00000000 ____D C:\ProgramData\TEMP
2016-12-26 11:34 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-26 11:33 - 2006-11-02 13:01 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-26 09:10 - 2007-08-24 09:29 - 00060928 _____ C:\Users\valerie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-26 08:48 - 2011-01-20 18:22 - 00000000 ____D C:\Users\valerie\Documents\Excel
2016-12-25 15:46 - 2014-05-20 00:10 - 00000000 ____D C:\Users\valerie\Documents\Lyrics and all
2016-12-25 12:48 - 2011-03-24 10:04 - 00000000 ____D C:\Users\valerie\Documents\Sutton on Sea Railway Houses
2016-12-23 20:45 - 2006-11-02 10:33 - 00765776 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 19:38 - 2016-10-30 12:55 - 00000000 ____D C:\Users\valerie\Documents\Mobile Phones
2016-12-21 11:31 - 2016-02-11 15:21 - 00002627 _____ C:\Users\valerie\Desktop\Microsoft Office Word 2007 (2).lnk
2016-12-16 08:09 - 2016-11-19 12:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-16 00:05 - 2008-08-19 23:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-12-16 00:02 - 2010-06-04 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-14 15:33 - 2015-10-16 10:55 - 00000000 ____D C:\Users\valerie\Documents\Charlies misc paperwork 5th 30 KB
2016-12-14 14:40 - 2011-01-28 01:19 - 00002154 _____ C:\Windows\epplauncher.mif
2016-12-14 14:38 - 2011-01-28 01:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-13 20:46 - 2016-05-09 17:14 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 20:46 - 2016-05-09 17:14 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-13 20:46 - 2007-09-06 12:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 17:25 - 2009-10-24 11:13 - 00000000 ____D C:\Users\valerie\Documents\Recipes
2016-12-13 13:38 - 2016-08-03 16:53 - 00000000 ____D C:\Users\valerie\Documents\Evergreen miniature Rly
2016-12-13 09:46 - 2010-10-23 22:40 - 00000000 ____D C:\Users\valerie\Documents\King Arthur stuff 1st 227 MB
2016-12-13 09:44 - 2012-12-10 14:13 - 00000000 ____D C:\Users\valerie\Downloads\G&CMES
2016-12-10 23:36 - 2016-07-10 12:46 - 00000000 ____D C:\Users\valerie\Downloads\Blower
2016-12-10 23:32 - 2016-01-07 00:41 - 00000000 ____D C:\Users\valerie\Desktop\BLOWER 2016
2016-12-05 21:07 - 2010-12-22 12:13 - 00000000 ____D C:\Users\valerie\Documents\Lables
2016-12-05 21:07 - 2010-09-12 09:03 - 00000000 ____D C:\Users\valerie\Documents\St Barnabas shop
2016-12-05 09:09 - 2014-08-14 07:58 - 00000000 ____D C:\Users\valerie\Documents\St.Barnabas Brvment
2016-12-04 09:38 - 2015-10-16 10:57 - 00000000 ____D C:\Users\valerie\Documents\Computer stuff
2016-12-03 14:58 - 2016-11-08 10:37 - 00000000 ____D C:\Users\valerie\Desktop\Evergreen news
2016-11-30 15:07 - 2013-03-03 12:38 - 00000000 ____D C:\Users\valerie\Desktop\Trains for sorting
2016-11-28 15:14 - 2016-02-03 13:42 - 00000000 ____D C:\Users\valerie\Documents\Music notes
2016-11-27 00:14 - 2012-05-31 10:33 - 00000000 ____D C:\Users\valerie\Documents\Waltham Mill Railway 4th 20.8 KB
==================== Files in the root of some directories =======
2007-09-19 12:02 - 2007-09-19 12:02 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files\RngInterstitial.dll
2010-04-06 19:23 - 2010-04-06 19:23 - 16409960 _____ (Safer Networking Limited ) C:\Program Files\spybotsd162.exe
2015-04-19 17:35 - 2015-04-20 07:00 - 0000053 _____ () C:\Users\valerie\AppData\Roaming\LogFile.txt
2007-10-15 18:05 - 2011-05-06 13:51 - 0000680 _____ () C:\Users\valerie\AppData\Local\d3d9caps.dat
2007-08-24 09:29 - 2016-12-26 09:10 - 0060928 _____ () C:\Users\valerie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-09-20 08:24 - 2010-11-27 19:35 - 0000118 _____ () C:\Users\valerie\AppData\Local\DownloadLog.txt
2011-05-21 15:10 - 2011-05-21 15:11 - 0000000 _____ () C:\Users\valerie\AppData\Local\{83FB0A07-5C3A-4242-839C-60C562C72A87}
2013-07-19 09:32 - 2013-07-19 09:32 - 15985837 _____ () C:\ProgramData\SPL51CD.tmp
2012-03-24 10:30 - 2012-03-24 10:30 - 2409340 _____ () C:\ProgramData\SPL5456.tmp
2013-10-20 08:46 - 2013-10-20 08:46 - 0597668 _____ () C:\ProgramData\SPL6315.tmp
2012-05-21 12:12 - 2012-05-21 12:12 - 0514329 _____ () C:\ProgramData\SPL777F.tmp
2012-05-21 11:33 - 2012-05-21 11:33 - 0514329 _____ () C:\ProgramData\SPL7F3E.tmp
2013-10-19 09:36 - 2013-10-19 09:36 - 0597668 _____ () C:\ProgramData\SPLAE87.tmp
2012-03-24 10:04 - 2012-03-24 10:04 - 2409340 _____ () C:\ProgramData\SPLCC55.tmp
2007-10-30 16:14 - 2007-10-30 16:14 - 0474688 _____ () C:\ProgramData\SPLCF13.tmp
Some files in TEMP:
====================
C:\Users\valerie\AppData\Local\Temp\DefaultPack.EXE
C:\Users\valerie\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\valerie\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-26 23:53
==================== End of FRST.txt ============================
Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by valerie (27-12-2016 10:29:35)
Running from C:\Users\valerie\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-06-15 13:49:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1343853513-471013651-1662923988-500 - Administrator - Disabled)
Guest (S-1-5-21-1343853513-471013651-1662923988-501 - Limited - Enabled)
valerie (S-1-5-21-1343853513-471013651-1662923988-1000 - Administrator - Enabled) => C:\Users\valerie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
100% Hidden Objects (HKLM\...\BFG-100 Percent Hidden Objects) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.45 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{7A9FC484-2002-39E6-EF93-990C8A0D6F96}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
BT Broadband Talk Softphone 2.0 (HKLM\...\BT Broadband Talk Softphone Frontier_is1) (Version: - BT)
BTTotalBroadband220V (HKLM\...\BT Total Broadband 220V) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Chuzzle Deluxe 1.01 (HKLM\...\Chuzzle Deluxe 1.01) (Version: - )
CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cradle of Egypt (HKLM\...\BFG-Cradle of Egypt) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Printer Software Downloader (HKLM\...\Epson Printer Software Downloader) (Version: - )
Epson Printer Software Downloader (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version: - )
EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
File Signature Verification (HKLM\...\chklogo) (Version: - Microsoft Corporation)
Garmin Communicator Plugin (HKLM\...\{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}) (Version: 2.8.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{E0783143-EAE2-4047-A8D6-E155523C594C}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HydraVision (Version: 4.2.152.0 - ATI Technologies Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Jar of Marbles (HKLM\...\BFG-Jar of Marbles) (Version: - )
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jigs@w Puzzle 2 (HKLM\...\{E9618350-E3C0-450b-828A-33EB3F5A941A}) (Version: - Tibo Software)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech SetPoint 6.22 (HKLM\...\sp6) (Version: 6.22.24 - Logitech)
Luxor Bundle Pack (HKLM\...\BFG-Luxor Bundle Pack) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-GB)) (Version: 49.0.1 - Mozilla)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MyFreeCodec) (Version: - )
Noah's Ark Deluxe 1.1 (HKLM\...\Noah's Ark Deluxe 1.1) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
PCI Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.0.0 - Conexant Systems)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
RealArcade (HKLM\...\RealArcade 1.2) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5404 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
ScanGuard 1.22.7 (HKLM\...\ScanGuard) (Version: 1.22.7 - ScanGuard)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
Tesco Easy Record (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.31 - Sonic Solutions)
Tesco Personal Finance 1.0 (HKLM\...\Tesco Personal Finance 1.0) (Version: - Tesco)
Tesco Photobook Creator (HKLM\...\Tesco Photobook Creator_is1) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version: - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Word Web Deluxe (HKLM\...\BFG-Word Web Deluxe) (Version: - )
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Yahoo! BrowserPlus 2.9.2 (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4C68457-E642-4354-8E6E-873076FB9FB6}\InprocServer32 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\YBPAddon_2.9.2.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\SYSTEM32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00174B35-32E4-44B9-940D-209ED9BACC9E} - System32\Tasks\{73AA2CD6-CAD3-4721-89B5-E3452E6AFAFA} => pcalua.exe -a "C:\Program Files\Tesco Personal Finance\uninstall.exe"
Task: {03E5FB7A-C722-4508-B574-8514F1A1C8D6} - System32\Tasks\SafeBytes.AutoScheduledScanWeekOne => C:\Program Files\SafeBytes\safebytes.exe
Task: {04F98558-1D21-49F5-98F0-E2CD3B4B3AE0} - System32\Tasks\{BBDD49CB-3815-4BD6-83EE-80159BD9F933} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{1C0FBAAA-02E1-4FA0-B68F-A17A2786D8B8}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {256A0AF9-EB2B-4675-A31E-DA1D00A5FB3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {43476512-A033-4A98-9EBA-EB4E8EABBAF8} - System32\Tasks\{59AF0045-13DB-4F00-958F-5FAD84A0C32A} => pcalua.exe -a K:\setup.exe -d K:\
Task: {4B12814A-0278-4AE2-942A-2C2D76FCBB93} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {5D2E770A-163C-4DBD-9461-78004ABA254E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {67F29650-86CE-4A2D-BC3E-9DB0EACA13CF} - System32\Tasks\{3660E0B3-09A1-4A9A-9284-36C25AA3FE35} => pcalua.exe -a "C:\Program Files\MSN Games\Bricks of Egypt\Uninstall.exe" -c "C:\Program Files\MSN Games\Bricks of Egypt\install.log"
Task: {6D6B60DB-E737-47EC-BB52-BE392745BBEC} - System32\Tasks\{708ED796-EFCC-4AA5-B076-56E5FFECC07D} => pcalua.exe -a "C:\Program Files\PopCap Games\Noah's Ark Deluxe\PopUninstall.exe" -c "C:\Program Files\PopCap Games\Noah's Ark Deluxe\Install.log"
Task: {73562AC1-83E0-465E-AC0D-9A2F9D45EC59} - System32\Tasks\{BF35C40C-9B64-41B7-87AF-DD649973324B} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H803DTMW\BTBroadbandDesktopHelpUpgradeAdvisor[1].exe" -d C:\Users\valerie\Desktop
Task: {7FAA36D6-D12C-480D-A53C-9E4189AFAA69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {814AF987-DF13-466A-9BBF-731FA9ED9F19} - System32\Tasks\{3F37112C-66E7-40F1-989D-0B4323D482FB} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENJZG3OM\RealArcade-Installer_superjigsawlandscapes_ambient[1].exe" -d C:\Users\valerie\Desktop
Task: {831BB630-6178-4F11-AD02-D0990759372A} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {BE0A69F2-645D-48D9-96FC-F6F77AFF52B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {E45873CE-73E0-47C0-B992-B78961396371} - System32\Tasks\IHUninstallTrackingTASK => /C DEL C:\Users\valerie\AppData\Local\Temp\IHU8323.tmp.exe <==== ATTENTION
Task: {E8817263-B960-4694-AB18-D90D885080B3} - System32\Tasks\User_Feed_Synchronization-{FD04D118-7ADD-45FF-9BC4-CC3188C3ED40}
Task: {EE03B125-D2BE-45C6-A291-FA1435F5EF9C} - System32\Tasks\Microsoft\Windows\RestartManager\{01F03597-8273-4e5d-9D17-DC769DB71D28} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {F47ABE44-D9A3-4515-850C-6A99F3D73241} - System32\Tasks\SafeBytes.AutoScheduledScanPostWeekOne => C:\Program Files\SafeBytes\safebytes.exe
Task: {F7631F9D-7067-4EB7-A10E-B954351C3BBE} - System32\Tasks\{E47480C0-5F1D-4DB3-9730-5777A95CAED0} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {FD7E32D2-FADB-4899-ADF0-57015DD687FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\ParetoLogic Registration.job => rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-12-14 11:44 - 2016-12-07 19:15 - 00020592 _____ () C:\Program Files\ScanGuard\SecurityService.exe
2016-12-14 11:44 - 2016-04-15 16:44 - 00062976 _____ () C:\Program Files\ScanGuard\LinqBridge.dll
2016-12-14 11:44 - 2016-12-07 19:14 - 00138240 _____ () C:\Program Files\ScanGuard\AviraLib.dll
2016-12-14 11:44 - 2016-12-07 19:13 - 00240128 _____ () C:\Program Files\ScanGuard\Utilizr.dll
2016-12-14 11:44 - 2016-12-07 19:14 - 00731136 _____ () C:\Program Files\ScanGuard\Engine.Win.dll
2016-12-14 11:44 - 2016-12-07 19:13 - 00019968 _____ () C:\Program Files\ScanGuard\Utilizr.VPN.Win.dll
2016-12-14 11:44 - 2016-12-07 19:14 - 00096256 _____ () C:\Program Files\ScanGuard\SSCore.dll
2014-12-09 17:47 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 17:47 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4A93D042 [225]
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E [476]
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9 [245]
AlternateDataStreams: C:\ProgramData\TEMP:8684F6F0 [216]
AlternateDataStreams: C:\ProgramData\TEMP:9F683177 [266]
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899 [516]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\vodafone.net -> hxxps://www.vodafone.net
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 10:23 - 2015-04-17 23:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\valerie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LXCYCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
MSCONFIG\startupreg: Pareto_Update => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMP-Out-TCP] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{AEDAB11D-CFFF-4E5E-9E43-4D5B2ABCEE1B}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{20796941-55A5-44E0-A447-EDE04A5EE083}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{AC4A77F3-F6B7-41F9-A429-F2F5CE280A08}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{E6CA3C00-5519-4994-A7E3-976645D87974}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{12CB731C-E8BF-4855-9F10-764CAF032411}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BF02D282-94B4-4EB4-8926-4CDD35E2B611}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{21AB6C23-E1F0-4651-9EA0-30A05C6B72D5}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{87C5C7B5-D630-4555-AD71-EA00B492AA10}] => C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{32621554-6D90-4ECC-91F2-4A713E27C001}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{7048D18E-36E5-4444-8B86-9F9CB8581D5F}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [TCP Query User{2841122D-18EA-4CDA-9435-D73B1E3AE746}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [UDP Query User{9792310B-05ED-4F60-B20D-453427C663C6}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [TCP Query User{E904E664-5DCF-48B2-ACC4-0FA1C248A64C}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{6596FC35-5965-4B26-95D2-78172F63A891}C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => C:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [TCP Query User{270282F2-360D-4FB6-BCF2-1845A3BBE9CE}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C598AE8C-F85E-4A55-A068-8322101DC0FE}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{5A5C9057-1704-4DF1-867A-CCFFA51F5934}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0ACBFECB-FB93-47FC-B7AB-18E12B8AB392}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{61D60731-9D46-43EA-9407-6F1835039F5D}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ACA465BC-393A-4CEF-8E32-250175449795}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F03337FE-1015-4BB8-8321-44929E3B1C85}] => C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
06-09-2016 07:33:05 Windows Update
07-09-2016 07:22:56 Scheduled Checkpoint
07-09-2016 23:01:30 Scheduled Checkpoint
09-09-2016 07:42:26 Scheduled Checkpoint
10-09-2016 07:24:39 Scheduled Checkpoint
11-09-2016 15:32:18 Scheduled Checkpoint
12-09-2016 07:06:38 Scheduled Checkpoint
13-09-2016 06:35:27 Windows Update
11-10-2016 16:54:55 Installed Speed Fix Tool Plus
11-10-2016 22:23:52 Removed Speed Fix Tool Plus
14-12-2016 11:42:28 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
16-12-2016 13:50:12 Windows Update
23-12-2016 09:23:34 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2016 09:56:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SESSIONSTORE-BACKUPS\RECOVERY.JS> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/27/2016 09:56:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SESSIONSTORE-BACKUPS\RECOVERY.JS> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/27/2016 09:56:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/27/2016 09:56:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3LU1VB8P.DEFAULT-1475517116985\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\FACEBOOK.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\FACEBOOK.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\DROPDOWN.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\DROPDOWN.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\CONNECTION.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (12/26/2016 11:47:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\CONNECTION.PNG> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (12/26/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WNMFLT
Error: (12/26/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 11:36:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 11:27:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WNMFLT
Error: (12/26/2016 11:27:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 11:27:05 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 11:23:14 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (12/26/2016 08:55:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WNMFLT
Error: (12/26/2016 08:54:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
Error: (12/26/2016 08:54:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The PC Security Management Service service has reported an invalid current state 0.
CodeIntegrity:
===================================
Date: 2016-12-14 14:37:52.294
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:51.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:50.617
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:49.619
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:41.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:41.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:40.256
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:39.235
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:37.032
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-14 14:37:34.789
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of memory in use: 73%
Total physical RAM: 2037.44 MB
Available physical RAM: 543.27 MB
Total Virtual: 4320.12 MB
Available Virtual: 2040.73 MB
==================== Drives ================================
Drive c: (Partition_1) (Fixed) (Total:221.69 GB) (Free:109.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.19 GB) (Free:3.29 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 063912D2)
Partition 1: (Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR Log:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-12-27 10:40:29
-----------------------------
10:40:29.893 OS Version: Windows 6.0.6002 Service Pack 2
10:40:29.894 Number of processors: 2 586 0x602
10:40:29.897 ComputerName: REPLACEMENTPC UserName: valerie
10:40:53.966 Initialize success
10:40:54.549 VM: initialized successfully
10:40:54.554 VM: Intel CPU supported
10:40:58.953 VM: disk I/O atapi.sys
10:45:30.447 The log file has been saved successfully to "C:\Users\valerie\Desktop\aswMBR.txt"
Many thanks.