Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Failed to Start, System Repair Can't Discover Problem


  • This topic is locked This topic is locked
13 replies to this topic

#1 Duffin

Duffin

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 April 2017 - 06:22 AM

Hi I'm new to this site but have come across it when looking for help in repairing my system.

 

I can't get the system past the start up, it enters Startup repair and then tries to send information on the problem to Microsoft.

 

The Windows Repair Problem Signature
Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.7600.16385
Problem Signature 2: 6.1.7600.16385
Problem Signature 3: Unknown
Problem Signature 4: 21200389
Problem Signature 5: AutoFailover
Problem Signature 6: 21
Problem Signature 7: CorruptFile
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

 

I looked at previous solutions to this so got as far as running:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

 

That log gave me the below results but I'm afraid that it means nothing to me...

 

Hopefully you can help!!!

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2017 01
Ran by SYSTEM on MININT-1LP4I03 (23-04-2017 11:25:31)
Running from e:\
Platform: Windows 7 Starter (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2011-03-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1252272 2011-03-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-07-13] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-23] ()
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-20] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] => C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992056 2017-02-27] (Webroot)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2183752 2017-03-05] ()
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-03] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
S2 vToolbarUpdater40.3.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-03-05] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992056 2017-02-27] (Webroot)
S2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [976456 2016-08-17] ()
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [227808 2015-05-19] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [0 2017-02-27] () <==== ATTENTION (zero byte File/Folder)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
S2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [141264 2017-02-27] (Webroot)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-23 10:23 - 2017-04-23 11:25 - 00000000 ____D C:\FRST
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)

Some files in TEMP:
====================
2011-10-06 11:43 - 2011-10-06 11:43 - 3089056 _____ (Adobe Systems, Inc.) C:\Users\Chris\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
2012-05-30 08:31 - 2012-09-08 06:30 - 25653936 _____ (Skype Technologies S.A.) C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
2016-06-22 12:04 - 2016-06-22 12:04 - 0895960 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate344902.exe
2016-07-06 12:55 - 2016-07-06 12:55 - 0896984 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate354137.exe
2015-08-28 04:03 - 2015-08-28 04:03 - 0828888 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate377647.exe
2013-05-22 08:28 - 2013-05-22 08:28 - 0735728 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate383794049.exe
2013-02-19 00:25 - 2013-02-19 00:25 - 0724360 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate419595.exe
==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Association (Whitelisted) =============

==================== Restore Points  =========================

==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 1014.12 MB
Available physical RAM: 630.76 MB
Total Virtual: 1014.12 MB
Available Virtual: 624.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:8.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:117.75 GB) NTFS
Drive e: () (Removable) (Total:7.48 GB) (Free:7.48 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 426F69B0)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=117.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: EB958F28)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
LastRegBack: 2016-01-22 06:24
==================== End of FRST.txt ============================

Edited by hamluis, 23 April 2017 - 08:14 AM.
Moved from Crashes/BSODs to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:49 PM

Posted 23 April 2017 - 01:19 PM

Welcome. :)

 

May be due to a third party driver. There seems to be a zero bites AVG driver. Which antivirus is active in your computer? Is FRST saved in a USB Flash Drive?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Duffin

Duffin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 April 2017 - 01:34 PM

Hi & thanks!

Nothing upto date, maybe a free version of AVG or I think it came with Webroots but both as I said pretty out of date.
Yes, still have it on a flash drive.

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:49 PM

Posted 23 April 2017 - 01:45 PM

Download the attached file [attachment=193433:Fixlist.txt] and save it in the same place FRST is saved.

  • Start FRST as you did before.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 

Try to boot and let me know of any difference.


Edited by JSntgRvr, 23 April 2017 - 01:46 PM.
typo

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Duffin

Duffin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 April 2017 - 02:36 PM

Log file as below, rebooting has now worked.
 
Is there anything else I should do and what had gone wrong?
 
Cheers for the help!
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 22-04-2017 01
Ran by SYSTEM (23-04-2017 19:33:30) Run:3
Running from e:\
Boot Mode: Recovery
==============================================
fixlist content:
*****************
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [0 2017-02-27] () <==== ATTENTION (zero byte File/Folder)
2011-10-06 11:43 - 2011-10-06 11:43 - 3089056 _____ (Adobe Systems, Inc.) C:\Users\Chris\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
2012-05-30 08:31 - 2012-09-08 06:30 - 25653936 _____ (Skype Technologies S.A.) C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
2016-06-22 12:04 - 2016-06-22 12:04 - 0895960 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate344902.exe
2016-07-06 12:55 - 2016-07-06 12:55 - 0896984 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate354137.exe
2015-08-28 04:03 - 2015-08-28 04:03 - 0828888 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate377647.exe
2013-05-22 08:28 - 2013-05-22 08:28 - 0735728 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate383794049.exe
2013-02-19 00:25 - 2013-02-19 00:25 - 0724360 _____ (Webroot) C:\Users\Chris\AppData\Local\Temp\WRupdate419595.exe
*****************
HKLM\System\ControlSet001\Services\Avglogx => key removed successfully.
Avglogx => service removed successfully.
C:\Users\Chris\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe => moved successfully
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Chris\AppData\Local\Temp\WRupdate344902.exe => moved successfully
C:\Users\Chris\AppData\Local\Temp\WRupdate354137.exe => moved successfully
C:\Users\Chris\AppData\Local\Temp\WRupdate377647.exe => moved successfully
C:\Users\Chris\AppData\Local\Temp\WRupdate383794049.exe => moved successfully
C:\Users\Chris\AppData\Local\Temp\WRupdate419595.exe => moved successfully
==== End of Fixlog 19:33:31 ====


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:49 PM

Posted 23 April 2017 - 05:18 PM

Remove AVG throughout the Control Panel > Programs Features, and after uninstalling, download and run the AVG Removal Tool.

 

Lets take a deeper look:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Duffin

Duffin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 26 April 2017 - 12:02 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2017 01
Ran by Chris (administrator) on CHRIS-NETBOOK (25-04-2017 22:18:08)
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
() C:\Windows\System32\AsusService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\SHE\SuperHybridEngine.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(ASUS) C:\Program Files\Asus\CapsHook\CapsHook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2011-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1252272 2011-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-07-13] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-24] ()
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] => C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992056 2017-02-27] (Webroot)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
HKU\S-1-5-21-25280435-3955699743-4244378631-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-25280435-3955699743-4244378631-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-25280435-3955699743-4244378631-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll [2010-09-02] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll [2010-09-02] ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {6B78A880-15CA-468f-8422-A7960AD6FBB9} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {4EE7A346-5845-471e-9FAB-002EAF83F8B0} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {53DABC15-4F29-44ad-B09A-E0D0F9A3D075} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {493FC96E-B938-4924-9B38-C4088E9B8AC2} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-02-10]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5F4214D9-9F79-4B37-8E2D-419530E019ED}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-25280435-3955699743-4244378631-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={E972605B-1B71-4CD3-ADE3-B462F0A2DCED}&mid=e5279eae0b3047cdac50c593afe7e9f6-e41618c0a3412d124351ed12a3d2682437770052&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2016-03-22 21:43:53&v=4.3.1.831&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-25280435-3955699743-4244378631-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-25280435-3955699743-4244378631-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-25280435-3955699743-4244378631-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-25280435-3955699743-4244378631-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E972605B-1B71-4CD3-ADE3-B462F0A2DCED}&mid=e5279eae0b3047cdac50c593afe7e9f6-e41618c0a3412d124351ed12a3d2682437770052&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-03-22 21:43:53&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll => No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\canlky59.default [2017-04-25]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\canlky59.default -> AVG Secure Search
FF NetworkProxy: Mozilla\Firefox\Profiles\canlky59.default -> no_proxies_on", "*.local"
FF NetworkProxy: Mozilla\Firefox\Profiles\canlky59.default -> type", 0
FF Extension: (LogMeIn, Inc. Remote Access Plugin) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\canlky59.default\Extensions\LogMeInClient@logmein.com [2014-12-01] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-06-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-27] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992056 2017-02-27] (Webroot)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 athr; C:\windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 tmactmon; C:\windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
R1 tmcomm; C:\windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
R1 tmevtmgr; C:\windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
R2 tmtdi; C:\windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
R0 WRkrn; C:\windows\System32\drivers\WRkrn.sys [141264 2017-04-25] (Webroot)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-25 22:18 - 2017-04-25 22:22 - 00015991 _____ C:\Users\Chris\Downloads\FRST.txt
2017-04-25 22:15 - 2017-04-25 22:15 - 02426368 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2017-04-25 22:15 - 2017-04-25 22:15 - 01767936 _____ (Farbar) C:\Users\Chris\Downloads\FRST.exe
2017-04-24 21:38 - 2017-04-25 21:30 - 00000000 ____D C:\AVG_Remover
2017-04-24 21:37 - 2017-04-24 21:37 - 07986864 _____ ( ) C:\Users\Chris\Downloads\AVG_Remover(1).exe
2017-04-24 21:35 - 2017-04-24 21:36 - 07986864 _____ ( ) C:\Users\Chris\Downloads\AVG_Remover.exe
2017-04-24 21:33 - 2017-04-24 21:33 - 01676909 _____ C:\Users\Chris\Desktop\AVGInstLog.cab
2017-04-24 21:32 - 2017-04-24 21:33 - 00246040 _____ (Mozilla) C:\Users\Chris\Downloads\Firefox Setup Stub 53.0.exe
2017-04-23 19:23 - 2017-04-25 22:18 - 00000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-25 22:18 - 2012-03-12 19:43 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Skype
2017-04-25 22:18 - 2011-12-26 10:58 - 00000000 ____D C:\ProgramData\WRData
2017-04-25 22:15 - 2012-03-29 23:00 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-04-25 22:04 - 2011-04-21 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Park
2017-04-25 22:03 - 2009-07-14 05:34 - 00016160 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-25 22:03 - 2009-07-14 05:34 - 00016160 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-25 21:29 - 2015-11-01 11:17 - 00000000 ____D C:\Users\Chris\AppData\Local\Avg
2017-04-25 21:28 - 2012-02-09 19:08 - 00000828 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2017-04-25 21:28 - 2011-12-26 10:59 - 00141264 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2017-04-25 21:28 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-04-24 21:55 - 2016-11-30 12:00 - 00000000 ____D C:\ProgramData\Avg
2017-04-24 21:52 - 2015-06-17 21:57 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-24 21:48 - 2016-03-22 22:15 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2017-04-24 21:00 - 2009-07-27 11:11 - 00806982 _____ C:\windows\system32\PerfStringBackup.INI
2017-04-24 21:00 - 2009-07-14 03:37 - 00000000 ____D C:\windows\inf

==================== Files in the root of some directories =======

2011-04-21 01:56 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-22 15:24

==================== End of FRST.txt ============================



#8 Duffin

Duffin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 26 April 2017 - 12:03 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2017 01
Ran by Chris (25-04-2017 22:24:13)
Running from C:\Users\Chris\Downloads
Microsoft Windows 7 Starter  Service Pack 1 (X86) (2011-09-17 17:14:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-25280435-3955699743-4244378631-500 - Administrator - Disabled)
Chris (S-1-5-21-25280435-3955699743-4244378631-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-25280435-3955699743-4244378631-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Webroot SecureAnywhere (Disabled - Out of date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Disabled - Out of date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Trend Micro Titanium (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScreensaver (HKLM\...\{99E77016-BCF2-48C8-9119-43ECF5815F65}) (Version: 1.05 - AsusTek Computer Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bing Bar (HKLM\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink PowerRecover (HKLM\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave)
Eee Docking 3.8.3 (HKLM\...\Eee Docking_is1) (Version: 3.8.3 - ASUSTek Computer Inc.)
ETDWare PS/2-x86 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
ExpressGateCloud (HKLM\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.7.29.198 - VideACE Co.)
ExpressGateCloud (Version: 2.7.29.198 - VideACE Co.) Hidden
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM\...\{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1) (Version: 6.2.0.3 - Oberon Media, Inc.)
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-25280435-3955699743-4244378631-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.38 - AsusTek Computer Inc.)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
InstantOn (HKLM\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.0.0 - ASUS)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2364 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}) (Version: 12.2.1.16 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.29 - AsusTek Computer Inc.)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6186 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.17 - AsusTek Computer)
syncables desktop SE (HKLM\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Trend Micro Titanium (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 3.00 - Trend Micro Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 9.0.15.40 - Webroot)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-25280435-3955699743-4244378631-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A7740B2-AF35-42E7-9C82-B3B0BFE84F3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {22F6B475-83E0-4981-A51D-8EE6CB5A4688} - System32\Tasks\InsOnWMI => C:\Program Files\Common Files\InstantOn\InsOnWMI.exe [2011-04-12] (ASUS)
Task: {7D5EB0C1-B576-4C62-AAFC-8175885C0F5B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-02 12:08 - 2010-09-02 12:08 - 00118784 _____ () C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll
2011-04-21 02:19 - 2011-03-04 00:33 - 00224680 _____ () C:\windows\system32\AsusService.exe
2011-04-21 02:38 - 2010-09-17 09:32 - 00049152 _____ () C:\PROGRAM FILES\TREND MICRO\AMSP\boost_thread-vc80-mt-1_36.dll
2011-04-21 02:38 - 2010-09-17 09:32 - 00057344 _____ () C:\PROGRAM FILES\TREND MICRO\AMSP\boost_date_time-vc80-mt-1_36.dll
2011-01-13 00:22 - 2011-01-13 00:22 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-12-25 02:51 - 2010-12-25 02:51 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-01-04 01:08 - 2011-01-04 01:08 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2011-07-13 17:38 - 2011-07-13 17:38 - 00181664 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2011-03-24 04:33 - 2011-03-24 04:33 - 00045448 _____ () C:\ExpressGateUtil\VAWinAgent.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [143]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2011-12-10 17:06 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-25280435-3955699743-4244378631-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BAF7435B-578D-471D-BF62-6ECDEE6629E1}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C5E3C9ED-BB47-432C-9821-0D3D264CF425}] => (Allow) LPort=2869
FirewallRules: [{CA3E3652-B45B-4453-854C-8560416431CA}] => (Allow) LPort=1900
FirewallRules: [{9DF15337-4E25-42D6-AFE8-E4F24E383B81}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{BA6DF6ED-66E8-4241-8E9E-991536B4990C}] => (Allow) LPort=5353
FirewallRules: [{A58E7306-2B16-433F-B710-E19B85524A0A}] => (Allow) LPort=8182
FirewallRules: [{ECF20256-F828-4A4D-823C-76411F972F79}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B99F62A-59FC-4793-8294-978AFD3D39A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15C293D6-66DD-4E84-BF13-4008BE24DC9D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{23D5C402-1F9E-489A-9215-3C650D9FF126}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{6E98C33D-EC60-4F66-8D2D-E97E15882693}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{9D92B9A3-E91D-4B96-8502-0963ADCE8641}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{81F228F5-19FA-4DCA-8E8A-D71567616F91}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F472BA92-6F85-4394-A2F6-72545E801912}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BB98A1D8-D84F-48F9-BDB2-61FBD58B9C81}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F70445F2-DA26-467B-BA7A-5FE9183FB12A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C79345B1-E5C1-4F5D-A8DB-7BC8FE2FE8B1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

24-04-2017 21:16:52 Removed AVG 2015

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2017 09:35:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9360

Error: (04/25/2017 09:35:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9360

Error: (04/25/2017 09:35:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/25/2017 09:25:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6435322

Error: (04/25/2017 09:25:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6435322

Error: (04/25/2017 09:25:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/25/2017 09:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6431359

Error: (04/25/2017 09:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6431359

Error: (04/25/2017 09:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/25/2017 07:38:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25677


System errors:
=============
Error: (04/25/2017 09:28:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/25/2017 09:27:32 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The WRSVC service did not shut down properly after receiving a preshutdown control.

Error: (04/24/2017 09:49:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/24/2017 09:49:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/24/2017 09:45:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (04/24/2017 09:45:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error:
An instance of the service is already running.

Error: (04/24/2017 09:45:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG AVI Loader Driver service failed to start due to the following error:
%%-536805315

Error: (04/24/2017 09:45:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/24/2017 09:25:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (04/24/2017 09:12:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
cdrom


==================== Memory info ===========================

Processor: Intel® Atom™ CPU N570 @ 1.66GHz
Percentage of memory in use: 78%
Total physical RAM: 1014.12 MB
Available physical RAM: 217.5 MB
Total Virtual: 2038.12 MB
Available Virtual: 803.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:8.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:117.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 426F69B0)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=117.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

==================== End of Addition.txt ============================



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:49 PM

Posted 26 April 2017 - 01:58 PM

Logs look clear. How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Duffin

Duffin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 28 April 2017 - 03:43 AM

It seems much better at the moment, thank you.

So what was wrong with it and how did we fix it?

 

Should i get some anti-virus and are there any you recomend? Cheaper the better, I don't use this machine much.

 

Thanks again



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:49 PM

Posted 28 April 2017 - 10:02 AM

There was an AVG zero bytes driver attempting to load at startup.

 

Lets cleanup.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

 

Always keep an antivirus active and updated. I would recommend AVAST as an antivirus.

 

Best regards.   :hello:


Edited by JSntgRvr, 28 April 2017 - 10:03 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Duffin

Duffin
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 01 May 2017 - 08:38 AM

# DelFix v1.013 - Logfile created 01/05/2017 at 13:39:02
# Updated 17/04/2016 by Xplode
# Username : Chris - CHRIS-NETBOOK
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Chris\Downloads\Addition.txt
Deleted : C:\Users\Chris\Downloads\FRST.exe
Deleted : C:\Users\Chris\Downloads\FRST.txt
Deleted : C:\Users\Chris\Downloads\FRST64.exe

########## - EOF - ##########

 

What else can i do to speed it up?!

 

Cheers



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:49 PM

Posted 01 May 2017 - 08:54 AM

Run Msconfig (Windows key+R), deselect all programs except for your security. Most of these programs are available throughout the Start Menu.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:49 PM

Posted 05 May 2017 - 07:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users