Jump to content

Painfully slow, weird--won't sync with time server


Recommended Posts

Hello there,

I am helping a friend with his PC, it's an older dell with windows XP. It is very slow, it won't sync with any time servers, and I believe there may be some malware in there. I have run malwarebytes and zemana so far and it has come up with a couple things: Revizer, Amonetize.

Any help would be appreciated.

Link to post
Share on other sites

Here are the logs if anyone can help:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by esther (administrator) on HOME-PC (13-04-2017 19:28:53)
Running from C:\Users\esther\Desktop
Loaded Profiles: esther (Available Profiles: esther)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Geek Unіnstaller) C:\Users\esther\Desktop\geek.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\esther\Desktop\FRST-15.03.2017.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
HKU\S-1-5-21-1426848440-783321390-1561973993-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7348440 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1426848440-783321390-1561973993-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{045F92B2-8D4D-4A86-A046-02270758B5B8}: [DhcpNameServer] 192.168.0.1
ManualProxies: 

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1426848440-783321390-1561973993-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1426848440-783321390-1561973993-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-03-19] (RealPlayer)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-23] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-08-13] (Adblock Plus)
Toolbar: HKU\S-1-5-21-1426848440-783321390-1561973993-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1426848440-783321390-1561973993-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF Extension: (SySaver) - C:\Program Files\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-01-28] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-19] [not signed]
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2011-03-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2011-03-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-03-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-03-19] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://login.comcast.net/login?forceAuthn=false&ts=25b3a688&ipAddrAuthn=false&lang=en&s=portal&deviceAuthn=false&r=comcast.net&continue=http%3A%2F%2Fxfinity.comcast.net%2F&passive=false&rm=2"
CHR Profile: C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default [2017-04-13]
CHR Extension: (Google Docs) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]
CHR Extension: (Google Drive) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-06]
CHR Extension: (Google Search) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (AdBlock) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Email Access Online) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmbmhlfpgbjlgcgfnhabhmljbmkpjin [2016-10-25]
CHR Extension: (Gmail) - C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Profile: C:\Users\esther\AppData\Local\Google\Chrome\User Data\System Profile [2016-02-22]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-03-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-21] (Avanquest Software) [File not signed]
S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-04-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-04-12] (Zemana Ltd.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 19:28 - 2017-04-13 19:29 - 00011285 _____ C:\Users\esther\Desktop\FRST.txt
2017-04-13 19:28 - 2017-04-13 19:28 - 00000000 ____D C:\FRST
2017-04-13 19:27 - 2017-04-13 19:27 - 01766912 _____ (Farbar) C:\Users\esther\Desktop\FRST-15.03.2017.exe
2017-04-13 13:30 - 2017-04-13 13:30 - 04089296 _____ C:\Users\esther\Downloads\adwcleaner_6.045 (1).exe
2017-04-13 13:30 - 2017-04-13 13:30 - 01663672 _____ (Malwarebytes) C:\Users\esther\Downloads\JRT.exe
2017-04-12 19:57 - 2017-04-13 19:28 - 00680264 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-04-12 19:57 - 2017-04-13 19:28 - 00668850 _____ C:\Windows\ZAM.krnl.trace
2017-04-12 19:57 - 2017-04-12 19:57 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-04-12 19:56 - 2017-04-12 19:57 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-04-12 19:56 - 2017-04-12 19:56 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-04-12 19:56 - 2017-04-12 19:56 - 00000000 ____D C:\Users\esther\AppData\Local\Zemana
2017-04-12 19:56 - 2017-04-12 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-04-12 19:55 - 2017-04-12 19:55 - 05774688 _____ (Zemana Ltd. ) C:\Users\esther\Downloads\Zemana.AntiMalware.Setup.exe
2017-04-12 19:52 - 2017-04-12 19:52 - 04089296 _____ C:\Users\esther\Downloads\adwcleaner_6.045.exe
2017-04-12 19:34 - 2017-04-12 19:36 - 00000000 ____D C:\Users\esther\AppData\Local\SquirrelTemp
2017-04-12 19:32 - 2017-04-12 19:47 - 00000000 ____D C:\Users\esther\AppData\Roaming\Geek Uninstaller
2017-03-22 12:00 - 2017-02-11 11:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-03-19 12:12 - 2017-02-11 11:22 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-19 12:12 - 2017-02-09 13:11 - 03610856 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-19 12:12 - 2017-02-09 13:11 - 03558120 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-19 12:11 - 2017-01-28 13:02 - 01253888 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-19 12:10 - 2017-02-11 12:54 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-19 12:10 - 2017-02-11 12:53 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-19 12:10 - 2017-02-11 12:16 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2017-03-19 12:10 - 2017-02-11 12:16 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-03-19 12:10 - 2017-02-11 12:16 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2017-03-19 12:10 - 2017-02-11 12:16 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2017-03-19 12:10 - 2017-02-11 11:35 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-03-19 12:10 - 2017-02-11 11:34 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-03-19 12:10 - 2017-02-11 11:25 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-03-19 12:10 - 2017-02-11 11:23 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-19 12:10 - 2017-02-11 11:23 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-19 12:10 - 2017-02-09 13:04 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-19 12:10 - 2017-02-09 11:33 - 02074112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-19 12:09 - 2017-01-13 16:16 - 00739840 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-19 12:09 - 2017-01-05 12:58 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-19 10:09 - 2017-03-03 20:33 - 01816064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-19 10:09 - 2017-03-03 20:32 - 12841472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-19 10:09 - 2017-03-03 20:28 - 09756160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-19 10:09 - 2017-03-03 20:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-19 10:09 - 2017-03-03 20:28 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-19 10:09 - 2017-03-03 20:27 - 01805312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-19 10:09 - 2017-03-03 20:27 - 01130496 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-19 10:09 - 2017-03-03 20:27 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-19 10:09 - 2017-03-03 20:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-19 10:09 - 2017-03-03 20:26 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-19 10:09 - 2017-03-03 20:26 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-03-19 10:09 - 2017-03-03 20:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-03-19 10:09 - 2017-03-03 20:26 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 19:26 - 2006-11-02 08:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-13 19:26 - 2006-11-02 08:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-13 13:27 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2017-04-13 13:27 - 2006-11-02 06:33 - 00751014 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-13 13:21 - 2009-11-27 14:49 - 00000000 ____D C:\Users\esther
2017-04-13 13:19 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-13 13:13 - 2006-11-02 09:01 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-13 12:53 - 2015-04-21 08:28 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-04-13 12:15 - 2012-12-12 10:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-04-12 21:24 - 2015-06-29 00:54 - 00000000 ____D C:\AdwCleaner
2017-04-12 20:20 - 2010-05-05 08:32 - 00000000 ____D C:\Users\esther\AppData\Roaming\Yahoo!
2017-04-12 20:15 - 2014-01-29 14:13 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-12 19:50 - 2011-12-01 15:05 - 00000000 ____D C:\Users\esther\AppData\Local\CrashDumps
2017-04-12 19:42 - 2007-01-06 13:31 - 00000000 ____D C:\Program Files\CCleaner
2017-04-12 19:35 - 2007-01-06 14:01 - 00001945 _____ C:\Windows\epplauncher.mif
2017-04-12 19:35 - 2007-01-06 13:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-04-12 19:31 - 2017-01-26 09:08 - 06960664 _____ (Geek Unіnstaller) C:\Users\esther\Desktop\geek.exe
2017-04-11 18:39 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2017-04-07 18:06 - 2009-11-28 10:12 - 00430248 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-19 12:33 - 2006-11-02 08:47 - 00228936 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-19 12:30 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Movie Maker
2017-03-19 12:09 - 2013-08-16 03:11 - 00000000 ____D C:\Windows\system32\MRT
2017-03-19 12:02 - 2006-11-02 06:24 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2015-04-21 08:27 - 2015-04-21 08:27 - 0000037 _____ () C:\Users\esther\AppData\Roaming\mbam.context.scan
2014-01-28 11:08 - 2015-05-05 11:38 - 0000110 _____ () C:\Users\esther\AppData\Roaming\WB.CFG
2009-11-27 14:49 - 2014-07-28 08:55 - 0001356 _____ () C:\Users\esther\AppData\Local\d3d9caps.dat
2010-05-18 10:28 - 2010-05-18 10:28 - 0003584 _____ () C:\Users\esther\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 20:29 - 2014-02-03 20:29 - 0000000 _____ () C:\Users\esther\AppData\Local\{1C7D3C7B-09EA-44D2-B94E-6BC18D35BCA4}
2014-07-28 07:10 - 2014-07-28 07:10 - 0000000 _____ () C:\Users\esther\AppData\Local\{1D06E9EC-9751-4665-8EBC-79E4D83F3386}
2014-08-04 11:52 - 2014-08-04 11:52 - 0000000 _____ () C:\Users\esther\AppData\Local\{1F09F8AE-E306-45DB-B83E-52A706F38AD1}
2014-10-21 10:11 - 2014-10-21 10:11 - 0000000 _____ () C:\Users\esther\AppData\Local\{33B11449-EF1D-4E8C-B719-77A036FC2E78}
2014-02-02 13:52 - 2014-02-02 13:52 - 0000000 _____ () C:\Users\esther\AppData\Local\{4D1FCD32-00EA-4923-827C-49795A121F83}
2014-09-10 07:52 - 2014-09-10 07:52 - 0000000 _____ () C:\Users\esther\AppData\Local\{68D1B714-15C4-4526-BE45-E93F18FF9D66}
2014-09-10 07:52 - 2014-09-10 07:53 - 0000000 _____ () C:\Users\esther\AppData\Local\{C3E5BFF8-EDA6-40FD-ACCC-4CEF4A13B20A}
2014-08-22 09:37 - 2014-08-22 09:38 - 0000000 _____ () C:\Users\esther\AppData\Local\{E63F41C6-838E-4D4D-8BA8-A5EB06507049}
2015-01-23 13:11 - 2015-01-23 13:11 - 0000000 _____ () C:\Users\esther\AppData\Local\{E6DD172C-8093-4E6F-9EB6-0ACCBE127876}
2014-02-04 19:05 - 2014-02-04 19:05 - 0000000 _____ () C:\Users\esther\AppData\Local\{F00171EF-2221-4329-B5A6-34F1BC87BB46}
2012-06-17 13:06 - 2012-06-17 13:06 - 0000000 _____ () C:\ProgramData\63367755e7d38e37468cfb63f0373e0e_c
2014-02-01 15:06 - 2014-02-02 13:25 - 0002763 _____ () C:\ProgramData\connector.swf
2010-07-27 08:57 - 2010-08-02 14:54 - 0001248 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-04-12 20:01 - 2015-06-24 15:21 - 10113976 _____ (SurfRight B.V.) C:\Users\esther\AppData\Local\Temp\HitmanPro.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-13 13:59

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by esther (13-04-2017 19:29:29)
Running from C:\Users\esther\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2009-11-27 17:46:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1426848440-783321390-1561973993-500 - Administrator - Disabled)
esther (S-1-5-21-1426848440-783321390-1561973993-1000 - Administrator - Enabled) => C:\Users\esther
Guest (S-1-5-21-1426848440-783321390-1561973993-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adblock Plus for IE (32-bit) (HKLM\...\{4653FE0D-2762-41B6-A757-8C4F00B790C3}) (Version: 1.0 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AVG 2012 (Version: 12.0.2433 - AVG Technologies) Hidden
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Comcast Access (HKLM\...\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1) (Version: ComcastAccess-1.59 - Comcast Cable Communications Management LLC)
Comcast Access (Version: 1.59 - Comcast Cable Communications Management LLC) Hidden
Comcast High-Speed Internet Install Wizard (HKLM\...\ComcastHSI) (Version:  - Comcast Cable Communications, LLC)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKU\S-1-5-21-1426848440-783321390-1561973993-1000\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.23.0 - SaveSense) Hidden <==== ATTENTION
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
Hardware Helper (HKLM\...\Hardware Helper_is1) (Version:  - Driver-Soft Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Digital Camera Updater (HKLM\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Master 2 (HKLM\...\{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}) (Version: 1.0.13 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM\...\{04B5B5DD-A55E-4A9D-A17E-C7E80222379D}) (Version: 1.0.2 - OLYMPUS IMAGING CORP.)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5408 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody MP3 Download Manager (HKLM\...\{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}) (Version: 1.0.4.219 - RealNetworks)
Simple Adblock (HKLM\...\{A9A75A7F-4785-430D-8013-77BC1FD13A4C}) (Version: 1.1.5 - Simple Adblock)
Supple -- Episode 1 (remove only) (HKLM\...\Supple -- Episode 1) (Version:  - )
UTH Calling Card (HKLM\...\{C2835850-FCEB-4A1A-A213-57E7A9A8EC62}) (Version: 7.0.454 - LogMeIn, Inc.)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {097523D3-C5D6-47AC-856F-2C95FC03E969} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {1CCD98B0-113A-477F-8922-CAEF7436D577} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1426848440-783321390-1561973993-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {2CB7A841-3A95-4B5E-A93F-7466F8ACB1F5} - System32\Tasks\{1687D340-94F6-4E96-9801-83416BA765C6} => pcalua.exe -a E:\Launcher.exe -d E:\
Task: {40A54D1A-4907-4B43-A705-3C0D1AA7C5FF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1426848440-783321390-1561973993-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {4B11D352-4AB4-4A55-97A4-D4AD4ABF41A3} - System32\Tasks\ReclaimerUpdateXML_esther => C:\Users\esther\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-30] (RealNetworks, Inc.)
Task: {52670497-692D-49D6-9343-662AA082F8E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {83F15CAC-B2FB-455A-8AA1-3CDFA7B3DAD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {A8F2B9CC-B5A5-4254-A55E-18E4FF896D34} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-25] (Adobe Systems Incorporated)
Task: {BCE5A883-3BFE-407C-9677-1F4BCB8F60A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {C35CF2DD-7CD8-485F-BC3F-5C8F768DA264} - \OffersWizard Update -> No File <==== ATTENTION
Task: {CC7AA49F-5C02-4C6E-ADF6-D52F5254ED0F} - System32\Tasks\{E1F5820E-28F4-4FD0-A610-466479EFFD99} => pcalua.exe -a E:\setup.exe -d E:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-04-12 19:57 - 2017-04-12 19:57 - 00130928 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2014-05-28 13:06 - 2012-07-27 04:27 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AmmyyAdmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AmmyyAdmin_31C => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AmmyyAdmin_6F4 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1426848440-783321390-1561973993-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1426848440-783321390-1561973993-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AmmyyAdmin => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: OV3_Monitor => "C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe" /OS
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{C7FAFDB4-4D7E-4557-9A65-AD419C55745D}] => (Allow) LPort=80
FirewallRules: [{D288A750-0312-49D4-88D4-83BA56E01D95}] => (Allow) LPort=80
FirewallRules: [{D5698ADA-74CA-4F34-9436-9BB1025E89E7}] => (Allow) LPort=80
FirewallRules: [{BB99781F-8A54-463C-A0CE-815431038A92}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{C24AE363-E921-4176-B6C0-B8A75718CB44}C:\users\esther\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\esther\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{66F4856B-950C-48F6-ABB1-DA5107F4CD89}C:\users\esther\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\esther\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{BF313E19-7195-4A45-BF15-1EB03C9B7589}C:\logmein rescue calling card\callingcard.exe] => (Block) C:\logmein rescue calling card\callingcard.exe
FirewallRules: [UDP Query User{86FBAAF5-CCA7-4453-A989-A810A0005D3E}C:\logmein rescue calling card\callingcard.exe] => (Block) C:\logmein rescue calling card\callingcard.exe
FirewallRules: [{C910226C-E8AC-477B-B9D4-6CB91A4DFB99}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-02-2017 18:19:04 Windows Update
06-02-2017 12:16:09 Scheduled Checkpoint
13-02-2017 21:07:29 Windows Update
17-02-2017 13:29:08 Windows Update
19-02-2017 16:24:03 Scheduled Checkpoint
21-02-2017 07:28:20 Scheduled Checkpoint
21-02-2017 07:40:52 Windows Update
22-02-2017 19:13:58 Scheduled Checkpoint
23-02-2017 13:00:22 Windows Update
25-02-2017 09:44:53 Scheduled Checkpoint
02-03-2017 09:51:55 Scheduled Checkpoint
02-03-2017 10:02:49 Windows Update
04-03-2017 10:22:55 Scheduled Checkpoint
08-03-2017 19:24:30 Scheduled Checkpoint
08-03-2017 19:37:14 Windows Update
10-03-2017 19:11:53 Scheduled Checkpoint
11-03-2017 11:55:54 Scheduled Checkpoint
13-03-2017 08:48:18 Windows Update
16-03-2017 08:06:37 Scheduled Checkpoint
19-03-2017 12:00:18 Windows Update
21-03-2017 19:45:22 Scheduled Checkpoint
22-03-2017 12:00:28 Windows Update
23-03-2017 20:46:33 Scheduled Checkpoint
27-03-2017 16:40:03 Scheduled Checkpoint
27-03-2017 16:52:33 Windows Update
30-03-2017 17:27:55 Windows Update
04-04-2017 10:26:51 Windows Update
06-04-2017 17:04:05 Scheduled Checkpoint
10-04-2017 08:51:52 Scheduled Checkpoint
10-04-2017 09:05:14 Windows Update
11-04-2017 19:08:04 Scheduled Checkpoint
12-04-2017 08:53:12 Scheduled Checkpoint
13-04-2017 13:37:31 JRT Pre-Junkware Removal
13-04-2017 19:06:52 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

CodeIntegrity:
===================================
  Date: 2017-04-13 12:57:55.688
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-13 12:57:55.095
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-13 12:57:54.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-13 12:57:53.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-13 12:57:53.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-13 12:57:52.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-13 12:57:51.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-13 12:57:50.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-13 12:57:49.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-13 12:57:49.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 68%
Total physical RAM: 2036.45 MB
Available physical RAM: 646.25 MB
Total Virtual: 4319.94 MB
Available Virtual: 2199.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:198.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.