Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Logs re my last Post two days ago.


  • Please log in to reply
66 replies to this topic

#1 John in Oman

John in Oman

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 24 February 2017 - 05:54 PM

 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2017 01
Ran by HP (administrator) on HP-PC (24-02-2017 22:29:47)
Running from C:\Users\HP\Documents\Downloads
Loaded Profiles: HP (Available Profiles: HP)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-31] (AVAST Software)
HKLM\...\Run: [Malwarebytes App] => C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe [1192400 2017-02-09] ()
HKU\S-1-5-21-158745589-1102801140-2226643516-1000\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-31] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-30] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6CC32CE0-832C-4680-A8FA-E078BDECADF9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6FD91F0C-0735-4ACE-AA5E-1D8950814E2F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E1FE0B5E-89A9-49BA-ACED-1290E0F8EA82}: [DhcpNameServer] 10.179.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-158745589-1102801140-2226643516-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = 
SearchScopes: HKU\S-1-5-21-158745589-1102801140-2226643516-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = 
SearchScopes: HKU\S-1-5-21-158745589-1102801140-2226643516-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-26] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: xfcp7s22.default
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\xfcp7s22.default [2017-02-23]
FF NewTab: Mozilla\Firefox\Profiles\xfcp7s22.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\xfcp7s22.default -> hxxps://www.malwarebytes.org/restorebrowser/index.html?f=1&a=plk_mdaffafterdownload_15_48&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0AzyzyyEyDtB0F0AtByByEtN0D0Tzu0StCyEtBzytN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzz0C0Bzy0AtDyCtGtAyDtAyEtGtDyC0DzytGtC0E0ByCtGyEyB0CyEyBzz0ByE0Bzz0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0Czy0A0D0AtCtGyE0FtA0EtGyE0Dzy0CtG0AtB0CyEtG0DyBtCzy0FyDyCyDtD0AtD0C2QtN0A0LzuyE&cr=1059949928&ir=
about:preferences
FF Extension: (Avira Browser Safety) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\xfcp7s22.default\Extensions\abs@avira.com.xpi [2016-02-08]
FF Extension: (Adblock Plus) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\xfcp7s22.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-09-07] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-23] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-158745589-1102801140-2226643516-1000: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-158745589-1102801140-2226643516-1000: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Users\HP\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Widevine Content Decryption Module Adapter) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Widevine Content Decryption Module Adapter) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-02-01]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2017-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.YMALKRNGAUOM7RE2HUI6DAZQPA - C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2015-09-01] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-07-23] (Panda Security, S.L.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe [72344 2008-11-25] (SiSoftware) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-26] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-08-30] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-26] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59976 2017-01-20] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219584 2017-02-24] (Malwarebytes)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [50992 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [64760 2015-07-09] ()
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [140024 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105208 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168696 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113912 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124664 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2017-01-21] (The OpenVPN Project)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 22:29 - 2017-02-24 22:29 - 00000000 ____D C:\FRST
2017-02-23 02:33 - 2017-02-24 01:25 - 00219584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-23 02:33 - 2017-02-23 02:33 - 00001857 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-23 02:33 - 2017-01-20 07:47 - 00059976 _____ C:\Windows\system32\Drivers\mbae.sys
2017-02-22 03:34 - 2017-02-22 03:34 - 00000000 __RSH C:\MSDOS.SYS
2017-02-22 03:34 - 2017-02-22 03:34 - 00000000 __RSH C:\IO.SYS
2017-02-08 06:41 - 2017-02-08 06:41 - 00000000 ____D C:\Users\HP\AppData\Roaming\PeerNetworking
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\Users\HP\AppData\Local\{003ACA6A-C058-424D-B955-A82DE5375C64}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 22:27 - 2006-11-02 12:47 - 00004928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-24 22:27 - 2006-11-02 12:47 - 00004928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-24 22:11 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-24 14:36 - 2006-11-02 13:01 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-23 14:41 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-02-23 04:48 - 2016-04-03 02:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-23 03:12 - 2017-01-21 04:54 - 00000000 ____D C:\Users\HP\AppData\Roaming\ExpressVPN
2017-02-23 02:52 - 2015-09-01 11:18 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-23 02:52 - 2015-09-01 11:18 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-23 02:52 - 2015-09-01 11:18 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-23 02:33 - 2015-09-01 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-11 08:12 - 2015-09-01 04:21 - 00000000 ____D C:\Users\HP
2017-02-11 07:50 - 2015-09-01 11:44 - 00000000 ____D C:\Users\HP\Documents\OneNote Notebooks
 
==================== Files in the root of some directories =======
 
2017-02-08 06:41 - 2017-02-08 06:41 - 0026340 _____ () C:\Users\HP\AppData\Roaming\UserTile.png
2015-09-01 04:21 - 2015-09-01 04:23 - 0000680 _____ () C:\Users\HP\AppData\Local\d3d9caps.dat
2016-08-10 08:12 - 2016-08-10 08:12 - 0003584 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-30 11:37 - 2016-10-30 11:37 - 0000000 _____ () C:\Users\HP\AppData\Local\{EE71CFAC-78BC-4795-89D9-E6ADBE626DB6}
2016-03-27 03:24 - 2016-03-27 03:24 - 0237974 _____ () C:\ProgramData\1459048770.bdinstall.bin
2016-04-02 13:18 - 2016-04-02 13:18 - 0037408 _____ () C:\ProgramData\1459603111.bdinstall.bin
2016-04-02 13:21 - 2016-04-02 13:21 - 0058739 _____ () C:\ProgramData\1459603120.bdinstall.bin
2016-04-02 22:49 - 2016-04-02 22:49 - 0096655 _____ () C:\ProgramData\1459613978.bdinstall.bin
2016-12-01 03:59 - 2016-12-01 03:59 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-24 22:19
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2017 01
Ran by HP (24-02-2017 22:31:39)
Running from C:\Users\HP\Documents\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2015-09-01 12:15:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-158745589-1102801140-2226643516-500 - Administrator - Disabled)
Guest (S-1-5-21-158745589-1102801140-2226643516-501 - Limited - Disabled)
HP (S-1-5-21-158745589-1102801140-2226643516-1000 - Administrator - Enabled) => C:\Users\HP
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIMP3 (HKLM\...\AIMP3) (Version: v3.55.1338, 31.01.2014 - AIMP DevTeam)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.42.0.0 - Conexant)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DiskCheckup v3.3 (HKLM\...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)
ExpressVPN v3.626 (HKLM\...\ExpressVPN) (Version: v3.626 - ExpressVPN)
Facebook Password Extractor (HKLM\...\{B825B224-6F84-4E51-90C8-B335FED422B8}) (Version: 2.0.306.868 - Elcomsoft Co. Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Chrome (HKU\S-1-5-21-158745589-1102801140-2226643516-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.1.138 - PandoraTV)
LibreOffice 5.1.4.2 (HKLM\...\{D5D4AC5C-C757-4EB2-857C-B021DB22482C}) (Version: 5.1.4.2 - The Document Foundation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Panda Devices Agent (Version: 1.03.05 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
SiSoftware Sandra Lite 2014.RTM (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.10.2014.2 - SiSoftware)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02F04571-2FA5-4AD3-87EA-45BF36C52688} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-158745589-1102801140-2226643516-1000UA => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {0D4919C3-278C-4563-805B-B11AFD19EE98} - System32\Tasks\{89D7F0F3-E8E4-4A1F-A7FE-97DCEF587019} => pcalua.exe -a "C:\Program Files\ExpressVPN\bin\tapinstall.exe" -d "C:\Program Files\ExpressVPN\bin" -c install "C:\Program Files\ExpressVPN\driver\OemWin2k.inf" tap0901
Task: {0F8B5360-63CC-43AD-87B3-F8DA25CE30EA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23] (Adobe Systems Incorporated)
Task: {1045FFB3-C712-4830-B4CF-BE5BFED71B69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
Task: {22619B7A-16CA-4EFF-8327-7CEAEB12EDAA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {2EF35B96-AF20-4C9C-9F3F-E20916217D68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {353167E2-FC3E-409D-A60E-BAB1E3A0AE11} - System32\Tasks\SafeZone scheduled Autoupdate 1459691808 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {4BA859E5-30A7-40DF-BACE-F98AB18CED97} - System32\Tasks\Opera N Saturday => C:\Program Files\Opera\launcher.exe 
Task: {598AFECD-1B15-47F9-BDC9-E83DFA15E1C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
Task: {608D6E50-CDA1-4476-9EBA-9BE74B786CC4} - System32\Tasks\Opera N Sunday => C:\Program Files\Opera\launcher.exe 
Task: {8D06894A-BEA5-4F42-9D06-BB01D1A8AB55} - \DllKitPRO -> No File <==== ATTENTION
Task: {9D4DA868-46D5-466D-9D56-9570AF8B5C34} - System32\Tasks\Opera scheduled Autoupdate 1448860237 => C:\Program Files\Opera\launcher.exe 
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {ABACD63F-4A89-4257-912D-FF1676271308} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-158745589-1102801140-2226643516-1000Core => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {B5851C7C-FA58-4A38-A7B3-85DF62607FA1} - System32\Tasks\Opera N => C:\Program Files\Opera\launcher.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-08-30 08:29 - 2016-08-30 08:29 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-24 22:12 - 2017-02-24 22:12 - 05989072 _____ () C:\Program Files\AVAST Software\Avast\defs\17022401\algo.dll
2016-08-30 08:29 - 2016-08-30 08:29 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-02 05:39 - 2016-07-02 05:39 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-06 22:18 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\HP\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 22:18 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\HP\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 10:23 - 2015-09-07 22:09 - 00000765 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-158745589-1102801140-2226643516-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{40FC588B-6E08-4E5D-959B-608CF5983A77}] => (Allow) LPort=80
FirewallRules: [{25153010-618E-4FB7-83D7-8444CBC5DCE7}] => (Allow) LPort=80
FirewallRules: [{7F5CDE73-E0B1-4417-A651-09D11D86625F}] => (Allow) LPort=80
FirewallRules: [{CD54F2F9-4944-477F-A3C5-2B65C0B97187}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9916BC45-EDA3-4120-95A3-1C47DDD79F8F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{13A0905C-9270-4644-9F64-96E7B5098892}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe
FirewallRules: [{63356C3E-BE61-4398-BE31-462BB5CC1EC3}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x86\RpcSandraSrv.exe
FirewallRules: [{DDAA98F4-DCFE-4581-85D7-A65F10B962BE}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0EF3\HPDiagnosticCoreUI.exe
FirewallRules: [{C2A4761D-B9A6-48CF-8A8A-60206995BC70}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0EF3\HPDiagnosticCoreUI.exe
FirewallRules: [{ED9FC0A6-A13A-4690-8F35-5C1E5FDCF343}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0FB3\HPDiagnosticCoreUI.exe
FirewallRules: [{9B4DE12B-203F-4E7D-9419-D3C2D102CC33}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0FB3\HPDiagnosticCoreUI.exe
FirewallRules: [{7B6DA5BF-1AFB-40F3-ACC3-DF98C80DB9AB}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1B3F\HPDiagnosticCoreUI.exe
FirewallRules: [{3DC91FD8-47D6-4F71-B19D-DE3D32828E9E}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1B3F\HPDiagnosticCoreUI.exe
FirewallRules: [{2D7D0E8B-AF4E-4F3C-BE53-1B84B1B6B106}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3953\HPDiagnosticCoreUI.exe
FirewallRules: [{18D4CB3B-A4C0-4EA3-B7B7-3E82BCB19421}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3953\HPDiagnosticCoreUI.exe
 
==================== Restore Points =========================
 
26-07-2016 22:50:47 Restore Operation
15-08-2016 11:25:13 Installed Easy fix 50450
16-08-2016 07:04:01 Installed Easy fix 50450
16-09-2016 04:09:47 SiSoftware Sandra Lite
16-09-2016 04:28:43 SiSoftware Sandra Lite
29-09-2016 22:00:59 Auslogics Regisry Defrag - before defragmentation
26-10-2016 03:04:26 Restore Operation
01-12-2016 04:00:16 Device Driver Package Install: HP Printers
01-12-2016 04:01:50 Device Driver Package Install: Hewlett-Packard Imaging devices
01-12-2016 04:02:17 Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
21-01-2017 09:27:38 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/24/2017 10:13:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 11:39:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 09:34:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 05:52:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 05:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 05:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 02:01:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 01:25:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/23/2017 09:51:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/23/2017 12:43:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/24/2017 10:11:57 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 11:38:11 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 09:33:03 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 05:17:26 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 01:51:56 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 01:24:53 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/23/2017 09:50:06 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/23/2017 12:42:30 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/23/2017 11:13:47 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/23/2017 09:47:32 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
 
CodeIntegrity:
===================================
  Date: 2017-02-24 22:31:09.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-24 22:31:08.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-24 22:31:08.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-24 22:31:08.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-24 22:31:07.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-24 22:31:07.648
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-24 22:31:07.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-24 22:31:07.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-24 22:31:06.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-24 22:31:06.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 79%
Total physical RAM: 2037.27 MB
Available physical RAM: 423.89 MB
Total Virtual: 4321.81 MB
Available Virtual: 2645.96 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:244.14 GB) (Free:186.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:221.62 GB) (Free:221.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 4094529C)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)
 

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 25 February 2017 - 08:10 AM

Hello John in Oman and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
    
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 ====================================

Are you still with there  ? What types of specific problems you are experiencing right now?

Sincerely
:hello:
 
 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 25 February 2017 - 06:05 PM

Yes i am still here!! I live in the Philippines so there is like to be delays in  my replying to you. Rest assured my English will be perfect for you!

 

I am glad you are able to review the logs. That is a relief for me as the Malwarebytes forum i was referred to, asked for them again.  i am a total dummy with computer stuff. so that would have been a problem as their Forum would not take the cut&paste job i did!

 

Thanks Yilmaz.


Edited by John in Oman, 25 February 2017 - 06:23 PM.


#4 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 25 February 2017 - 06:26 PM

A few points which might help. My only Antivirus stuff i Avast and MWBs. Although uninstalled ages ago, i believe traces of Panda are still lurking in there. Maybe Opera too.  I do have a VPN installed for reasons to do with my Trading activities. We are 8 hours ahead of GMT here in Manila!

 

Have a good day and thanks again..

 

John



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 26 February 2017 - 06:39 AM

Hi John in Oman,
 
I live also in the İstanbul. No problem.I understand you

 

I can see afew files Panda softwe. The antivirus softwares always, with their own lifting devices, need to remove.

 

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Panda Devices Agent
McAfee Security Scan Plus

 

Please run Panda Uninstaller.
https://www.bleepingcomputer.com/download/panda-antivirus-uninstaller/

And PC restart now.

==================================================================

 

 

Run FRST fixlist

 

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
CreateRestorePoint:
CloseProcesses:
Task: {8D06894A-BEA5-4F42-9D06-BB01D1A8AB55} - \DllKitPRO -> No File <==== ATTENTION
C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
GroupPolicy: Restriction ? <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-158745589-1102801140-2226643516-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKU\S-1-5-21-158745589-1102801140-2226643516-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF NewTab: Mozilla\Firefox\Profiles\xfcp7s22.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\xfcp7s22.default -> hxxps://www.malwarebytes.org/restorebrowser/index.html?f=1&a=plk_mdaffafterdownload_15_48&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0AzyzyyEyDtB0F0AtByByEtN0D0Tzu0StCyEtBzytN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzz0C0Bzy0AtDyCtGtAyDtAyEtGtDyC0DzytGtC0E0ByCtGyEyB0CyEyBzz0ByE0Bzz0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0Czy0A0D0AtCtGyE0FtA0EtGyE0Dzy0CtG0AtB0CyEtG0DyBtCzy0FyDyCyDtD0AtD0C2QtN0A0LzuyE&cr=1059949928&ir=
about:preferences
Task: {4BA859E5-30A7-40DF-BACE-F98AB18CED97} - System32\Tasks\Opera N Saturday => C:\Program Files\Opera\launcher.exe
Task: {608D6E50-CDA1-4476-9EBA-9BE74B786CC4} - System32\Tasks\Opera N Sunday => C:\Program Files\Opera\launcher.exe
Task: {9D4DA868-46D5-466D-9D56-9570AF8B5C34} - System32\Tasks\Opera scheduled Autoupdate 1448860237 => C:\Program Files\Opera\launcher.exe
Task: {B5851C7C-FA58-4A38-A7B3-85DF62607FA1} - System32\Tasks\Opera N => C:\Program Files\Opera\launcher.exe
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Users\HP\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.YMALKRNGAUOM7RE2HUI6DAZQPA - C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-07-23] (Panda Security, S.L.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [50992 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [64760 2015-07-09] ()
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [140024 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105208 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168696 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113912 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124664 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
2016-03-27 03:24 - 2016-03-27 03:24 - 0237974 _____ () C:\ProgramData\1459048770.bdinstall.bin
2016-04-02 13:18 - 2016-04-02 13:18 - 0037408 _____ () C:\ProgramData\1459603111.bdinstall.bin
2016-04-02 13:21 - 2016-04-02 13:21 - 0058739 _____ () C:\ProgramData\1459603120.bdinstall.bin
2016-04-02 22:49 - 2016-04-02 22:49 - 0096655 _____ () C:\ProgramData\1459613978.bdinstall.bin
2016-12-01 03:59 - 2016-12-01 03:59 - 0000057 _____ () C:\ProgramData\Ament.ini
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\FileSyncShell.dll => No File
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
FirewallRules: [{DDAA98F4-DCFE-4581-85D7-A65F10B962BE}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0EF3\HPDiagnosticCoreUI.exe
FirewallRules: [{C2A4761D-B9A6-48CF-8A8A-60206995BC70}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0EF3\HPDiagnosticCoreUI.exe
FirewallRules: [{ED9FC0A6-A13A-4690-8F35-5C1E5FDCF343}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0FB3\HPDiagnosticCoreUI.exe
FirewallRules: [{9B4DE12B-203F-4E7D-9419-D3C2D102CC33}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0FB3\HPDiagnosticCoreUI.exe
FirewallRules: [{7B6DA5BF-1AFB-40F3-ACC3-DF98C80DB9AB}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1B3F\HPDiagnosticCoreUI.exe
FirewallRules: [{3DC91FD8-47D6-4F71-B19D-DE3D32828E9E}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1B3F\HPDiagnosticCoreUI.exe
FirewallRules: [{2D7D0E8B-AF4E-4F3C-BE53-1B84B1B6B106}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3953\HPDiagnosticCoreUI.exe
FirewallRules: [{18D4CB3B-A4C0-4EA3-B7B7-3E82BCB19421}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3953\HPDiagnosticCoreUI.exe
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
Reboot:
End

NOTICE: This script is written specifically for this computer!!!

  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press the Fix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

===============================================================================

 

 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

=================================================================================

Run MalwareBytes 3:

  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 26 February 2017 - 08:46 AM

Many thanks Olgun.

 

I will do all you suggest tomorrow morning as it  is getting late here and i have things to do on my laptop before goiing to bed!

 

Thank you and have a good evening.

 

Regards.

John



#7 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 26 February 2017 - 05:36 PM

Sorry a Problem.  I have Fixlist on my Desktop. I opened Frst from my Documents and pressed FIX.  It said it needed a file to fix. I have been unable to attach the file from the Desktop ikon.  Being the  'dummy' that i have already said i am, i don't know how to proceed!

 

I had better explain that i was only able to send the above Log to my Desktop by pasting it into a new document via Libre Office first. I tried following instructions i found from Google but it didn't work.

 

Thanks again.  John



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 26 February 2017 - 06:01 PM

I have Fixlist on my Desktop. I opened Frst from my Documents and pressed FIX. 

FRST software also should be on your Desktop
So, FRST software + Fixlist file ==> on your Desktop
Then please press Fix button


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 26 February 2017 - 06:37 PM

No FIRST is not on my Desktop and never has been!



#10 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 26 February 2017 - 06:55 PM

I have found First in my Documents and transferred it to my Desktop.  Will now try to continue as per your instructions!



#11 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 26 February 2017 - 07:41 PM

I have a Log from FRST which is follows. That is as far as i can go before going on to the Adware Scan and Malwarebytes. as my head is spinning and this old codger needs  a rest Lol!

 

dditional scan result of Farbar Recovery Scan Tool (x86) Version: 26-02-2017
Ran by HP (27-02-2017 00:30:45)
Running from C:\Users\HP\Documents\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2015-09-01 12:15:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-158745589-1102801140-2226643516-500 - Administrator - Disabled)
Guest (S-1-5-21-158745589-1102801140-2226643516-501 - Limited - Disabled)
HP (S-1-5-21-158745589-1102801140-2226643516-1000 - Administrator - Enabled) => C:\Users\HP
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIMP3 (HKLM\...\AIMP3) (Version: v3.55.1338, 31.01.2014 - AIMP DevTeam)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.42.0.0 - Conexant)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DiskCheckup v3.3 (HKLM\...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)
ExpressVPN v3.626 (HKLM\...\ExpressVPN) (Version: v3.626 - ExpressVPN)
Facebook Password Extractor (HKLM\...\{B825B224-6F84-4E51-90C8-B335FED422B8}) (Version: 2.0.306.868 - Elcomsoft Co. Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Chrome (HKU\S-1-5-21-158745589-1102801140-2226643516-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.1.138 - PandoraTV)
LibreOffice 5.1.4.2 (HKLM\...\{D5D4AC5C-C757-4EB2-857C-B021DB22482C}) (Version: 5.1.4.2 - The Document Foundation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
SiSoftware Sandra Lite 2014.RTM (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.10.2014.2 - SiSoftware)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-158745589-1102801140-2226643516-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02F04571-2FA5-4AD3-87EA-45BF36C52688} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-158745589-1102801140-2226643516-1000UA => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {0D4919C3-278C-4563-805B-B11AFD19EE98} - System32\Tasks\{89D7F0F3-E8E4-4A1F-A7FE-97DCEF587019} => pcalua.exe -a "C:\Program Files\ExpressVPN\bin\tapinstall.exe" -d "C:\Program Files\ExpressVPN\bin" -c install "C:\Program Files\ExpressVPN\driver\OemWin2k.inf" tap0901
Task: {0F8B5360-63CC-43AD-87B3-F8DA25CE30EA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23] (Adobe Systems Incorporated)
Task: {1045FFB3-C712-4830-B4CF-BE5BFED71B69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
Task: {22619B7A-16CA-4EFF-8327-7CEAEB12EDAA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {2EF35B96-AF20-4C9C-9F3F-E20916217D68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {353167E2-FC3E-409D-A60E-BAB1E3A0AE11} - System32\Tasks\SafeZone scheduled Autoupdate 1459691808 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {4BA859E5-30A7-40DF-BACE-F98AB18CED97} - System32\Tasks\Opera N Saturday => C:\Program Files\Opera\launcher.exe 
Task: {598AFECD-1B15-47F9-BDC9-E83DFA15E1C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
Task: {608D6E50-CDA1-4476-9EBA-9BE74B786CC4} - System32\Tasks\Opera N Sunday => C:\Program Files\Opera\launcher.exe 
Task: {8D06894A-BEA5-4F42-9D06-BB01D1A8AB55} - \DllKitPRO -> No File <==== ATTENTION
Task: {9D4DA868-46D5-466D-9D56-9570AF8B5C34} - System32\Tasks\Opera scheduled Autoupdate 1448860237 => C:\Program Files\Opera\launcher.exe 
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {ABACD63F-4A89-4257-912D-FF1676271308} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-158745589-1102801140-2226643516-1000Core => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {B5851C7C-FA58-4A38-A7B3-85DF62607FA1} - System32\Tasks\Opera N => C:\Program Files\Opera\launcher.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-08-30 08:29 - 2016-08-30 08:29 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-26 11:27 - 2017-02-26 11:27 - 05885952 _____ () C:\Program Files\AVAST Software\Avast\defs\17022600\algo.dll
2016-08-30 08:29 - 2016-08-30 08:29 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-02 05:39 - 2016-07-02 05:39 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 10:23 - 2015-09-07 22:09 - 00000765 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-158745589-1102801140-2226643516-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{40FC588B-6E08-4E5D-959B-608CF5983A77}] => (Allow) LPort=80
FirewallRules: [{25153010-618E-4FB7-83D7-8444CBC5DCE7}] => (Allow) LPort=80
FirewallRules: [{7F5CDE73-E0B1-4417-A651-09D11D86625F}] => (Allow) LPort=80
FirewallRules: [{CD54F2F9-4944-477F-A3C5-2B65C0B97187}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9916BC45-EDA3-4120-95A3-1C47DDD79F8F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{13A0905C-9270-4644-9F64-96E7B5098892}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe
FirewallRules: [{63356C3E-BE61-4398-BE31-462BB5CC1EC3}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x86\RpcSandraSrv.exe
FirewallRules: [{DDAA98F4-DCFE-4581-85D7-A65F10B962BE}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0EF3\HPDiagnosticCoreUI.exe
FirewallRules: [{C2A4761D-B9A6-48CF-8A8A-60206995BC70}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0EF3\HPDiagnosticCoreUI.exe
FirewallRules: [{ED9FC0A6-A13A-4690-8F35-5C1E5FDCF343}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0FB3\HPDiagnosticCoreUI.exe
FirewallRules: [{9B4DE12B-203F-4E7D-9419-D3C2D102CC33}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0FB3\HPDiagnosticCoreUI.exe
FirewallRules: [{7B6DA5BF-1AFB-40F3-ACC3-DF98C80DB9AB}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1B3F\HPDiagnosticCoreUI.exe
FirewallRules: [{3DC91FD8-47D6-4F71-B19D-DE3D32828E9E}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1B3F\HPDiagnosticCoreUI.exe
FirewallRules: [{2D7D0E8B-AF4E-4F3C-BE53-1B84B1B6B106}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3953\HPDiagnosticCoreUI.exe
FirewallRules: [{18D4CB3B-A4C0-4EA3-B7B7-3E82BCB19421}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3953\HPDiagnosticCoreUI.exe
 
==================== Restore Points =========================
 
26-07-2016 22:50:47 Restore Operation
15-08-2016 11:25:13 Installed Easy fix 50450
16-08-2016 07:04:01 Installed Easy fix 50450
16-09-2016 04:09:47 SiSoftware Sandra Lite
16-09-2016 04:28:43 SiSoftware Sandra Lite
29-09-2016 22:00:59 Auslogics Regisry Defrag - before defragmentation
26-10-2016 03:04:26 Restore Operation
01-12-2016 04:00:16 Device Driver Package Install: HP Printers
01-12-2016 04:01:50 Device Driver Package Install: Hewlett-Packard Imaging devices
01-12-2016 04:02:17 Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
21-01-2017 09:27:38 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/27/2017 12:31:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/27/2017 12:03:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/26/2017 11:46:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/26/2017 11:16:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/26/2017 10:46:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/26/2017 09:46:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/26/2017 09:25:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/26/2017 11:27:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/26/2017 08:50:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.912, time stamp 0x58811df5, faulting module Qt5Core.dll, version 5.6.2.0, time stamp 0x5849a177, exception code 0xc0000005, fault offset 0x00171473,
process id 0x9f8, application start time 0x01d2900d68219c57.
 
Error: (02/26/2017 08:48:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/27/2017 12:24:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (02/27/2017 12:24:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (02/27/2017 12:24:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/27/2017 12:24:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/27/2017 12:19:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/27/2017 12:19:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The XAudioService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/27/2017 12:19:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/27/2017 12:19:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (02/27/2017 12:19:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/27/2017 12:19:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-27 00:30:17.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 00:30:16.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 00:30:16.467
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 00:30:16.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 00:30:15.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 00:30:15.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 00:30:15.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 00:30:14.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 00:30:14.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 00:30:14.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 67%
Total physical RAM: 2037.27 MB
Available physical RAM: 653.02 MB
Total Virtual: 4319.81 MB
Available Virtual: 2888.07 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:244.14 GB) (Free:186.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:221.62 GB) (Free:221.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 4094529C)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)


#12 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 26 February 2017 - 08:20 PM

My continued thanks for your thanks Olgun!



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 27 February 2017 - 07:05 AM

Operation failed.

Running from C:\Users\HP\Documents\Downloads  ???????
Save it to the Desktop, and name it: fixlist.txt

Farbar Recovery Scan Tool and Fixlist file should be on the desktop. And press Fix button. Fixlist file will automatically be  in your the desktop.

 

OK ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 27 February 2017 - 09:54 AM

Yes they are all there BUT i am still being told No Fixlist file is found when i i tap the FIX button.  Really don't know what i should have done that i haven't done!

 

PS Late again here, so will carry on tomorrow morning when i am more up to it. and if you have any more suggestions.


Edited by John in Oman, 27 February 2017 - 10:01 AM.


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 27 February 2017 - 01:07 PM

Could you send FRST and Fixlist file desktop picture ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users