Results 1 to 10 of 10
  1. #1
    Member
    Join Date
    Jan 2011
    Posts
    26
    Points
    0

    Default progrms stop responding, have to use button to shut off computer nd restart

    Hi! I would appreciate any help you can offer. My computer works fine for a few minutes, then some program, either the browser, pictures, notepad, whatever, stops responding. it can take up to an hour for it to load a page. I can shut down and retart the computer by turning it off with the button, and it will work for a few more minutes.

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:58:30 AM, on 1/24/2018
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18860)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\UltimateZip\uzqkst.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\lara\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f (User 'Default user')
    O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files (x86)\UltimateZip\uzqkst.exe
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

    --
    End of file - 9220 bytes


    Sending the next two reports in the next post

  2. #2
    Member
    Join Date
    Jan 2011
    Posts
    26
    Points
    0

    Default

    Here are the other two reports

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:58:30 AM, on 1/24/2018
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18860)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\UltimateZip\uzqkst.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\lara\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f (User 'Default user')
    O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files (x86)\UltimateZip\uzqkst.exe
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

    --
    End of file - 9220 bytes


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/24/2018 at 02:17 PM

    Application Version : 6.0.1254
    Database Version : 14329

    Scan type : Quick Scan
    Total Scan Time : 00:01:09

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 556
    Memory items detected : 0
    Registry items scanned : 57112
    Registry items detected : 0
    File items scanned : 8286
    File items detected : 38

    Adware.Tracking Cookie
    .gigya.com\apiDomain_3_L9tKcr_U0jIkc8uIG9sVMK2HdTEAm99_yglWxy6o8DQ-SiSJuUuURkAhPM9wt69w [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .onesignal.com\__cfduid [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .softonic.com\persistent.softonic_mobile.page_views.counter [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .softonic.com\session.softonic_mobile.page_views.counter [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .config.parsely.com\parsely_network_uuid [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .investors.com\welcome_ad_count [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .btrll.com\BR_APS [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com\APID [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com\IDSYNC [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com\adaptv_unique_user_cookie [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsrvr.org\TDID [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net\wfivefivec [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net\matchbrx [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tapad.com\TapAd_TS [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tapad.com\TapAd_DID [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsrvr.org\TDCPM [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tapad.com\TapAd_TTD_SYNC [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com\rtbData0 [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .geo-um.btrll.com\jncJJ2GP [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .geo-um.btrll.com\jncOYU6I [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .geo-um.btrll.com\jncMVEQ6 [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .geo-um.btrll.com\jncMBPV2 [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .geo-um.btrll.com\jnc25N37 [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .capitaloneservices.tt.omtrdc.net\mboxSession [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .capitaloneservices.tt.omtrdc.net\mboxPC [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    itxqzymj.micpn.com\_micpn [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    itxqzymj.micpn.com\_mibhv [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .criteo.com\uid [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .reson8.com\RCID2 [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net\LivePersonID [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .theguardian.com\_gat_allEditorialPropertyTracker [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .krxd.net\_kuid_ [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .exelator.com\DNT [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ixiaa.com\_c_IEI [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .eyeota.net\mako_uid [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .agkn.com\ab [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .agkn.com\u [ C:\USERS\LARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cw.addthis.com [ C:\USERS\LARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T6YCGQRP.DEFAULT\COOKIES.SQLITE ]

    ============
    End of Log
    ============


    Thanks again for any help!!

  3. #3
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi tarjebie,

    You posted the HijackThis log a second time in your second post instead of the Malwarebytes log. Could you look for and post the Malwarebytes log in your next post, please?

    The SuperAnyiSpyware log was posted just fine.

    Also, let's see if the follow scan will show us more...

    Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

    Note: You will need to run the version compatible with your system. If you are not sure which version (32 or 64-bit) applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Make sure that FRST is on the desktop of the infected system
    • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


    In your next reply, please include the following 3 logs:

    Malwarebytes
    FRST.txt
    Additions.txt


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  4. #4
    Member
    Join Date
    Jan 2011
    Posts
    26
    Points
    0

    Default

    Hi Donna,

    Here are the reports you asked for. The Malwarebytes file is at the end. Thanks!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
    Ran by lara (administrator) on LARA-HP (26-01-2018 09:53:19)
    Running from C:\Users\lara\Desktop
    Loaded Profiles: lara (Available Profiles: lara)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Amazon.com Inc.) C:\Users\lara\AppData\Local\Amazon Drive\AmazonDrive.exe
    (SWE von Schleusen) C:\Program Files (x86)\UltimateZip\uzqkst.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dinotify.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-20] (Synaptics Incorporated)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-361261179-3496240118-3681631677-1001\...\Run: [Amazon Drive] => C:\Users\lara\AppData\Local\Amazon Drive\AmazonDrive.exe [6312624 2017-12-17] (Amazon.com Inc.)
    HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
    HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
    Startup: C:\Users\lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk [2018-01-23]
    ShortcutTarget: UltimateZip Quick Start.lnk -> C:\Program Files (x86)\UltimateZip\uzqkst.exe (SWE von Schleusen)
    GroupPolicyScripts: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
    Tcpip\..\Interfaces\{92DE9069-7C42-4E20-AE2F-41C5837895CC}: [DhcpNameServer] 192.168.24.2
    Tcpip\..\Interfaces\{E9868430-005E-4393-9C99-6BCAC7694878}: [DhcpNameServer] 192.168.0.1 205.171.2.25

    Internet Explorer:
    ==================
    HKU\S-1-5-21-361261179-3496240118-3681631677-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM/1
    HKU\S-1-5-21-361261179-3496240118-3681631677-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
    SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
    SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-361261179-3496240118-3681631677-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-361261179-3496240118-3681631677-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
    SearchScopes: HKU\S-1-5-21-361261179-3496240118-3681631677-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
    Toolbar: HKU\S-1-5-21-361261179-3496240118-3681631677-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

    FireFox:
    ========
    FF DefaultProfile: t6ycgqrp.default
    FF ProfilePath: C:\Users\lara\AppData\Roaming\Mozilla\Firefox\Profiles\t6ycgqrp.default [2018-01-24]
    FF Homepage: Mozilla\Firefox\Profiles\t6ycgqrp.default -> hxxps://www.ixquick.com/graphics/firefox_arrow.png
    FF Extension: (AdBlocker Ultimate) - C:\Users\lara\AppData\Roaming\Mozilla\Firefox\Profiles\t6ycgqrp.default\Extensions\adblockultimate@adblockultimate.net.xpi [2017-12-23]
    FF Extension: (Flash and Video Download) - C:\Users\lara\AppData\Roaming\Mozilla\Firefox\Profiles\t6ycgqrp.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-23]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.igoogle.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://mysearch.avg.com/?cid={E91D3D5C-CBCF-453B-BB40-D9BCED0F4254}&mid=52509098f8ac47d3ab2b65fc69ca5a54-5a48d1a73e12f57cb7b23ee89dff9a0b3fc73034&lang=en&ds=AVG&pr=pr&d=2013-05-27%2000:28:31&v=15.2.0.5&pid=safeguard&sg=1&sap=hp","hxxp://mysearch.avg.com/?cid={E91D3D5C-CBCF-453B-BB40-D9BCED0F4254}&mid=52509098f8ac47d3ab2b65fc69ca5a54-5a48d1a73e12f57cb7b23ee89dff9a0b3fc73034&lang=en&ds=AVG&pr=pr&d=2013-05-27%2000:28:31&v=15.3.0.11&pid=safeguard&sg=0&sap=hp","hxxp://home.speedbit.com/?pid=%s&aid=%s"
    CHR DefaultSearchURL: Default -> hxxps://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english
    CHR DefaultSearchKeyword: Default -> ixquick.com_
    CHR Profile: C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default [2018-01-26]
    CHR Extension: (Google Drive) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
    CHR Extension: (YouTube) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
    CHR Extension: (Adblock Plus) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]
    CHR Extension: (Google Search) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
    CHR Extension: (MaskMe) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2015-06-24]
    CHR Extension: (Google Calendar) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
    CHR Extension: (Blur) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2018-01-19]
    CHR Extension: (Sheets) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
    CHR Extension: (Google Docs Offline) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
    CHR Extension: (Pinterest Save Button) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-14]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-01-09]
    CHR Extension: (Evernote Web) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-06-27]
    CHR Extension: (Google Play Books) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-04-21]
    CHR Extension: (LastPass Vault) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2015-06-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
    CHR Extension: (WorkFlowy Bookmark) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknfkolnjpnnnnmafomkfieledeepfdo [2015-06-27]
    CHR Extension: (Outlook.com) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-06-27]
    CHR Extension: (Gmail) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]
    CHR Extension: (Chrome Media Router) - C:\Users\lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
    CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-24] (Xobni Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-26] (Malwarebytes)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-11-15] (Microsoft Corporation) [File not signed]
    S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-11-15] (Microsoft Corporation) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-26 09:53 - 2018-01-26 09:55 - 000017310 _____ C:\Users\lara\Desktop\FRST.txt
    2018-01-26 09:53 - 2018-01-26 09:53 - 000000000 ____D C:\FRST
    2018-01-26 09:51 - 2018-01-26 09:51 - 002393088 _____ (Farbar) C:\Users\lara\Desktop\FRST64.exe
    2018-01-26 09:46 - 2018-01-26 09:46 - 001754112 _____ (Farbar) C:\Users\lara\Desktop\FRST.exe
    2018-01-24 17:48 - 2018-01-24 17:48 - 000001260 _____ C:\Users\lara\Desktop\Amazon Backup.lnk
    2018-01-24 17:43 - 2018-01-24 17:48 - 000000000 ____D C:\Users\lara\AppData\Roaming\Amazon Cloud Drive
    2018-01-24 17:43 - 2018-01-24 17:44 - 000000000 ____D C:\Users\lara\AppData\Local\Amazon Drive
    2018-01-24 17:43 - 2018-01-24 17:43 - 000001137 _____ C:\Users\lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Drive.lnk
    2018-01-24 17:42 - 2018-01-24 17:42 - 000875184 _____ (Amazon) C:\Users\lara\Downloads\AmazonDriveSetup.exe
    2018-01-24 10:56 - 2018-01-24 10:56 - 000388608 _____ (Trend Micro Inc.) C:\Users\lara\Downloads\HijackThis.exe
    2018-01-23 17:13 - 2018-01-23 17:13 - 000194888 _____ C:\Users\lara\Documents\TaxReturn2017.pdf
    2018-01-23 14:38 - 2018-01-23 15:16 - 000000000 ____D C:\Users\lara\Documents\TradeIdeasPro
    2018-01-23 14:38 - 2018-01-23 14:38 - 000000000 ____D C:\Users\lara\AppData\Local\Trade-Ideas_LLC
    2018-01-23 14:38 - 2018-01-23 14:38 - 000000000 ____D C:\Users\lara\AppData\Local\CefSharp
    2018-01-23 14:37 - 2018-01-23 14:37 - 000001344 _____ C:\Users\lara\Desktop\Trade-Ideas Pro 4.lnk
    2018-01-23 14:37 - 2018-01-23 14:37 - 000000000 ____D C:\ProgramData\TradeIdeasPro
    2018-01-23 14:37 - 2018-01-23 14:37 - 000000000 ____D C:\ProgramData\Package Cache
    2018-01-23 14:37 - 2018-01-23 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trade-Ideas Pro
    2018-01-23 14:36 - 2018-01-23 14:36 - 000000000 ____D C:\Program Files (x86)\Trade-Ideas
    2018-01-23 14:35 - 2018-01-23 14:35 - 048041264 _____ (Trade Ideas LLC ) C:\Users\lara\Downloads\TIPro_setup_4.2.5.exe
    2018-01-23 14:22 - 2018-01-23 14:22 - 000000000 ____D C:\Users\lara\AppData\Roaming\UltimateZip
    2018-01-23 13:33 - 2018-01-23 13:33 - 000000988 _____ C:\Users\lara\AppData\Roaming\Microsoft\Windows\Start Menu\UltimateZip.lnk
    2018-01-23 13:33 - 2018-01-23 13:33 - 000000964 _____ C:\Users\lara\Desktop\UltimateZip.lnk
    2018-01-23 13:33 - 2018-01-23 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateZip
    2018-01-23 13:33 - 2018-01-23 13:33 - 000000000 ____D C:\Program Files (x86)\UltimateZip
    2018-01-23 13:31 - 2018-01-23 13:31 - 006060088 _____ (SWE von Schleusen ) C:\Users\lara\Downloads\uzsetup (1).exe
    2018-01-23 12:44 - 2018-01-23 12:44 - 006060088 _____ (SWE von Schleusen ) C:\Users\lara\Downloads\uzsetup.exe
    2018-01-23 12:30 - 2018-01-23 12:32 - 231062129 _____ C:\Users\lara\Downloads\AmazonDriveDownload.zip
    2018-01-23 12:11 - 2018-01-24 12:11 - 000000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f5881789-1f9a-4441-942f-5e9aa648d88b.job
    2018-01-23 12:11 - 2018-01-23 12:20 - 000000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cff310dd-78a6-4685-93d2-72952acf4675.job
    2018-01-23 12:11 - 2018-01-23 12:11 - 000003578 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task cff310dd-78a6-4685-93d2-72952acf4675
    2018-01-23 12:11 - 2018-01-23 12:11 - 000003504 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f5881789-1f9a-4441-942f-5e9aa648d88b
    2018-01-23 12:10 - 2018-01-23 12:10 - 031682904 _____ (SUPERAntiSpyware) C:\Users\lara\Downloads\SUPERAntiSpyware.exe
    2018-01-23 12:06 - 2018-01-23 12:06 - 031682904 _____ (SUPERAntiSpyware) C:\Users\lara\Downloads\af860f4a-5744-4023-aa16-024bb20ddbd9.tmp
    2018-01-23 12:05 - 2018-01-23 12:06 - 031682904 _____ (SUPERAntiSpyware) C:\Users\lara\Downloads\Unconfirmed 499114.crdownload
    2018-01-21 08:31 - 2018-01-23 11:30 - 000000000 ____D C:\Users\lara\Documents\catnip
    2018-01-12 17:51 - 2018-01-12 17:51 - 002207539 _____ C:\Users\lara\Downloads\attachments.zip
    2018-01-02 12:40 - 2018-01-02 12:40 - 000002152 _____ C:\Users\Public\Desktop\HP OfficeJet 6950.lnk
    2018-01-02 12:40 - 2018-01-02 12:40 - 000001124 _____ C:\Users\Public\Desktop\Shop for Supplies - HP OfficeJet 6950.lnk
    2018-01-02 12:40 - 2018-01-02 12:40 - 000000962 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    2018-01-02 12:40 - 2018-01-02 12:40 - 000000000 ____D C:\Program Files\HP
    2018-01-02 12:40 - 2018-01-02 12:40 - 000000000 ____D C:\Program Files (x86)\HP
    2018-01-02 12:40 - 2016-11-22 11:59 - 000840328 ____N (HP Inc.) C:\Windows\system32\HPDiscoPM0F54.dll
    2018-01-02 12:39 - 2018-01-02 12:40 - 000000000 ____D C:\ProgramData\HP
    2018-01-02 12:37 - 2018-01-02 12:38 - 173128392 _____ C:\Users\lara\Downloads\OJ6950__Full_WebPack_1094.exe
    2018-01-02 12:03 - 2018-01-02 12:41 - 000000000 ____D C:\Users\lara\AppData\Local\HP
    2018-01-02 12:02 - 2018-01-02 12:38 - 000000000 ____D C:\Users\lara\AppData\Roaming\HP_Easy_Start
    2018-01-02 12:01 - 2018-01-02 12:01 - 005971872 _____ C:\Users\lara\Downloads\HPEasyStart_6_5_3442_26.exe
    2017-12-30 12:44 - 2017-12-30 12:44 - 000000165 ____H C:\Users\lara\Downloads\~$TransactionsHistory-2017-12-30-20-34-37.xlsx
    2017-12-30 12:42 - 2017-12-30 12:47 - 000014613 _____ C:\Users\lara\Downloads\TransactionsHistory-2017-12-30-20-34-37.xlsx
    2017-12-28 14:01 - 2017-12-28 15:00 - 000000000 ____D C:\Users\lara\Documents\aaastarting a business 2018

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-26 09:03 - 2009-07-13 20:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-01-26 09:03 - 2009-07-13 20:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-01-26 08:50 - 2009-07-13 21:13 - 000783180 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-01-26 08:50 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
    2018-01-26 08:42 - 2017-12-26 17:35 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-01-26 08:41 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-01-25 06:31 - 2015-07-10 18:08 - 000000000 ____D C:\Users\lara\AppData\Local\CrashDumps
    2018-01-24 17:55 - 2009-07-13 21:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2018-01-24 17:34 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\system32\NDF
    2018-01-24 17:28 - 2017-07-01 12:27 - 000000000 ____D C:\Users\lara\AppData\LocalLow\Mozilla
    2018-01-23 13:29 - 2011-11-15 14:28 - 000000000 ____D C:\ProgramData\WinZip
    2018-01-23 13:24 - 2011-11-15 14:20 - 000000000 ____D C:\Program Files (x86)\HP Games
    2018-01-23 13:24 - 2011-11-15 14:19 - 000000000 ____D C:\ProgramData\WildTangent
    2018-01-23 13:24 - 2009-07-13 21:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2018-01-23 13:22 - 2015-09-30 11:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    2018-01-23 13:22 - 2015-09-30 11:03 - 000000000 ____D C:\ProgramData\EPSON
    2018-01-23 13:22 - 2011-11-15 14:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2018-01-23 13:21 - 2015-09-30 11:06 - 000000000 ____D C:\Program Files (x86)\epson
    2018-01-23 13:16 - 2017-07-01 12:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-01-23 13:16 - 2017-07-01 12:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-01-23 12:11 - 2017-02-22 15:58 - 000001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2018-01-23 12:11 - 2017-02-22 15:58 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2018-01-10 14:37 - 2017-07-02 19:15 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2018-01-10 14:37 - 2017-07-02 19:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2018-01-10 14:37 - 2017-07-02 19:15 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2018-01-10 14:37 - 2017-07-02 19:15 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2018-01-10 14:37 - 2017-07-02 19:15 - 000000000 ____D C:\Windows\system32\Macromed
    2018-01-10 14:37 - 2011-11-15 14:18 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2018-01-09 23:03 - 2017-04-11 18:49 - 000000000 ____D C:\Windows\system32\MRT
    2018-01-09 23:00 - 2017-10-11 05:50 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2018-01-09 22:59 - 2017-04-11 18:48 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-01-09 09:10 - 2017-08-13 17:43 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-01-09 09:10 - 2017-08-13 17:43 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-01-06 17:32 - 2015-06-30 12:37 - 000000000 ____D C:\Users\lara\Documents\various sites sign in info
    2018-01-02 14:04 - 2015-06-24 20:07 - 000059152 _____ C:\Users\lara\AppData\Local\GDIPFONTCACHEV1.DAT
    2018-01-02 14:02 - 2009-07-13 20:45 - 000273080 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-01-02 12:40 - 2011-11-15 14:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2017-12-30 13:01 - 2011-11-15 14:32 - 000000000 ____D C:\Program Files\Java
    2017-12-30 12:42 - 2015-07-22 11:10 - 000000000 ____D C:\Users\lara\AppData\Roaming\SoftGrid Client

    ==================== Files in the root of some directories =======

    2015-11-29 18:39 - 2015-11-29 18:39 - 000001854 _____ () C:\Users\lara\AppData\Roaming\GhostObjGAFix.xml
    2017-09-16 08:31 - 2017-09-16 08:35 - 000000038 ___SH () C:\Users\lara\AppData\Local\32cd2b0451e261ee292289.21073168
    2016-09-25 20:33 - 2017-11-10 16:28 - 000007600 _____ () C:\Users\lara\AppData\Local\Resmon.ResmonCfg

    Some files in TEMP:
    ====================
    2018-01-24 17:42 - 2018-01-24 17:43 - 060423112 _____ () C:\Users\lara\AppData\Local\Temp\AmazonDriveSetupQ.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-11-30 12:32

    ==================== End of FRST.txt ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
    Ran by lara (26-01-2018 09:55:31)
    Running from C:\Users\lara\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2015-06-25 04:04:07)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-361261179-3496240118-3681631677-500 - Administrator - Disabled)
    Guest (S-1-5-21-361261179-3496240118-3681631677-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-361261179-3496240118-3681631677-1002 - Limited - Enabled)
    lara (S-1-5-21-361261179-3496240118-3681631677-1001 - Administrator - Enabled) => C:\Users\lara

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
    Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
    Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
    Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
    Amazon Drive (HKU\S-1-5-21-361261179-3496240118-3681631677-1001\...\Amazon Drive) (Version: 5.0.11 - Amazon.com, Inc.)
    Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
    Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP OfficeJet 6950 Basic Device Software (HKLM\...\{1A16A2DD-2552-4FAD-991B-8D028B4E3C6B}) (Version: 40.7.1094.16327 - HP Inc.)
    HP OfficeJet 6950 Help (HKLM-x32\...\{1AD6651F-F6C0-4C95-811F-78FFDD66E7C7}) (Version: 40.0.0 - HP)
    HP On Screen Display (HKLM-x32\...\{124DB96E-CBF5-44FB-AB59-7D2444DEC777}) (Version: 1.0.7 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}) (Version: 5.1.11.1 - Hewlett-Packard Company)
    HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
    HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
    Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc)
    PokerSnowie (HKLM-x32\...\PokerSnowie_is1) (Version: - Snowie Games Ltd)
    PokerTH (HKLM-x32\...\PokerTH 1.1.1) (Version: 1.1.1 - www.pokerth.net)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.10.0416 - REALTEK Semiconductor Corp.)
    Recovery Manager (HKLM-x32\...\{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}) (Version: 1.0.22 - Hewlett-Packard) Hidden
    Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.3 - Synaptics Incorporated)
    Trade-Ideas Pro 4 (HKLM-x32\...\Trade-Ideas Pro 4_is1) (Version: 4.2.5.0 - Trade Ideas LLC)
    UltimateZip 7.0 (HKLM-x32\...\UltimateZip_is1) (Version: 7.0.8.1 - SWE von Schleusen)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)
    Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [UltimateZip] -> {2F860D81-AF3C-11D4-BDB3-00E0987D2490} => C:\Program Files (x86)\UltimateZip\uzshlex64.dll [2014-01-02] ()
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-12-16] (Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [UltimateZip] -> {2F860D81-AF3C-11D4-BDB3-00E0987D2490} => C:\Program Files (x86)\UltimateZip\uzshlex64.dll [2014-01-02] ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {13AD0A4B-F1AE-4E53-A4D0-A417FB87884F} - System32\Tasks\SUPERAntiSpyware Scheduled Task f5881789-1f9a-4441-942f-5e9aa648d88b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {412691B0-D16A-4D73-9010-F3AF858178E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-01] (Hewlett-Packard Company)
    Task: {5347871D-80FA-471B-B5FE-39BB05F8FE51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
    Task: {5C0B3559-462E-44BD-9622-14127D9ED0B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
    Task: {653EA4F0-D772-418D-BC15-292BC9D761EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-11-20] (Microsoft)
    Task: {7CC88EA5-A63F-4737-B535-FF72DF528622} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
    Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
    Task: {9EC374B1-31D2-4900-8555-BCFB962DC5BF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {A601A2BF-6077-42C5-A3A8-461B54321826} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
    Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {AF236E08-D229-45A3-8F2A-E50722A22FC9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {BD106022-1BDB-46C8-ABCE-CED046295270} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-11-20] (Microsoft)
    Task: {BF1A5F5A-C135-4087-978F-ABA445CDDA53} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink)
    Task: {C118BA30-B868-455F-9B3D-F43D6BAF03E3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-10] (Adobe Systems Incorporated)
    Task: {C87C60C3-8E1A-43A0-9CC3-E1D3AA2234F9} - System32\Tasks\SUPERAntiSpyware Scheduled Task cff310dd-78a6-4685-93d2-72952acf4675 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {D94CF5BF-1F2E-4AE7-ADC1-49C994AE5321} - System32\Tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe [2015-11-20] (Hewlett-Packard)
    Task: {EDEC153B-704D-4FE4-941E-DE6ECA8DE03C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
    Task: {F503CBE5-58FA-4459-A97F-2AC018E6DCD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    Task: {FC299C8F-F149-40B8-BF8C-F51796C95097} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-01] (Hewlett-Packard Company)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Norton Product Installer.job => C:\Users\lara\AppData\Local\Temp\7zS7F1D.tmp\SymInstallStub.exeK/partnerid=symantec /productlist=nss /staging=false /delay=0 /launchedby=2 C:\Users\lara\AppData\Local\Temp\7zS7F1D.tmp <==== ATTENTION
    Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Users\lara\AppData\Local\Temp\7zS7F1D.tmp\SymInstallStub.exeK/partnerid=symantec /productlist=nss /staging=false /delay=0 /launchedby=4 C:\Users\lara\AppData\Local\Temp\7zS7F1D.tmp <==== ATTENTION
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cff310dd-78a6-4685-93d2-72952acf4675.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f5881789-1f9a-4441-942f-5e9aa648d88b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-01-23 13:33 - 2014-01-02 13:36 - 002573312 _____ () C:\Program Files (x86)\UltimateZip\uzshlex64.dll
    2010-12-16 16:37 - 2010-12-16 16:37 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2017-12-26 13:40 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2010-07-21 14:33 - 2010-07-21 14:33 - 000267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    2010-02-28 01:33 - 2010-02-28 01:33 - 000077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    2018-01-09 09:10 - 2018-01-03 01:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
    2018-01-09 09:10 - 2018-01-03 01:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
    2017-11-15 18:01 - 2017-11-15 18:01 - 000799744 _____ () C:\Users\lara\AppData\Local\Amazon Drive\sqlite3.dll
    2012-07-03 13:17 - 2010-09-13 17:28 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501.SYS => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2009-06-10 13:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-361261179-3496240118-3681631677-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lara\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1 - 205.171.2.25
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: EpsonScanSvc => 2
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: IconMan_R => 2
    MSCONFIG\Services: pdfcDispatcher => 2
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    MSCONFIG\startupreg: EPLTarget =>
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_9285F6B91641FDD2D4BE09F9C134158D => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    MSCONFIG\startupreg: HP OfficeJet 6950 (NET) => "C:\Program Files\HP\HP OfficeJet 6950\Bin\ScanToPCActivationApp.exe" -deviceID "TH69E2106V:NW" -scfn "HP OfficeJet 6950 (NET)" -AutoStart 1
    MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{1DF1E985-9756-4B49-9FB3-E14C9E213139}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{70899835-28BE-4DAA-B45E-A7D7F04219A7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{594B26FC-45F2-4C23-B9C0-4A1BC19E7842}] => (Allow) LPort=2869
    FirewallRules: [{5F6DD72D-01B4-4E21-A102-6E195F66C46D}] => (Allow) LPort=1900
    FirewallRules: [{4BD6E210-6546-4D66-971A-9CD03B08F53B}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{C7AFE183-99E7-4071-A784-0159EE2C8A67}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{2FDE0024-2D28-4191-A1B0-90DF39281F07}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{1CE58951-C6A2-412E-BA7B-4DC59A1D80CD}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [TCP Query User{758EA655-F0C7-4784-91E9-9F2CFCE904AD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{4961DC75-7071-4EF8-8C6E-A59A52AA2828}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{E7306CBC-05CB-42CA-A49C-0183FADEE026}] => (Allow) C:\Users\lara\AppData\Local\Temp\7zSCFFB.tmp\SymNRT.exe
    FirewallRules: [{EA657866-5EC9-4A2A-B28E-230D94596509}] => (Allow) C:\Users\lara\AppData\Local\Temp\7zSCFFB.tmp\SymNRT.exe
    FirewallRules: [{4D180ADC-0E23-41FF-B7D1-94A5F27F6456}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{766BC966-E555-4A92-9EC7-038465A6662A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{5A0E1995-226C-4567-A051-6AC9C43A391E}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
    FirewallRules: [{6FA92B18-F86F-4733-9164-376DCA2521E6}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
    FirewallRules: [{A88B211E-ED1C-4CA3-B93C-887EE235D274}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    FirewallRules: [{77970E26-6FFA-42C9-9BAB-3AA0F8FD2489}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
    FirewallRules: [{C26DAFCD-7BD0-4901-BEDF-F12C1BE21ECD}] => (Allow) C:\Users\lara\AppData\Local\Temp\7zS49C7\HP.EasyStart.exe
    FirewallRules: [{1CC124CD-94A6-4E0F-A905-A7B3B3A33FF1}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\bin\FaxApplications.exe
    FirewallRules: [{4A0D3A42-AEBE-40C1-851F-A9656E8D3A99}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\bin\DigitalWizards.exe
    FirewallRules: [{0DCA1912-08F5-49FE-A6FD-973B8BFAEA25}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\bin\SendAFax.exe
    FirewallRules: [{F54BB1C9-D989-4050-994E-3983ABCAB774}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\bin\FaxPrinterUtility.exe
    FirewallRules: [{839BA511-70DB-4BC3-BD3C-D43C854F344C}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\Bin\DeviceSetup.exe
    FirewallRules: [{5EB16679-DC4D-4BEE-A40B-342BD0C07112}] => (Allow) LPort=5357
    FirewallRules: [{AB8BE850-6643-4FD6-B0DC-2BB151228776}] => (Allow) C:\Program Files\HP\HP OfficeJet 6950\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{666AF680-8054-478C-AF1F-D7F49C4ED450}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    23-01-2018 14:37:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660
    24-01-2018 10:07:47 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/26/2018 08:45:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/25/2018 04:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/25/2018 06:53:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/25/2018 06:31:24 AM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\22478b54e1cc995a45aafd8e6482de96\mscorlib.ni.dll for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Amazon Drive because of this error.

    Program: Amazon Drive
    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\22478b54e1cc995a45aafd8e6482de96\mscorlib.ni.dll

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C00000B5
    Disk type: 3

    Error: (01/25/2018 06:31:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AmazonDrive.exe, version: 5.0.11.167, time stamp: 0x5a3748af
    Faulting module name: mscorlib.ni.dll, version: 4.7.2117.0, time stamp: 0x59cf500c
    Exception code: 0xc0000006
    Fault offset: 0x00c695ac
    Faulting process id: 0xbe8
    Faulting application start time: 0x01d395e8a7aee513
    Faulting application path: C:\Users\lara\AppData\Local\Amazon Drive\AmazonDrive.exe
    Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\22478b54e1cc995a45aafd8e6482de96\mscorlib.ni.dll
    Report Id: 6ae8c473-01dc-11e8-8657-b4b52f2eb3a7

    Error: (01/25/2018 06:31:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/25/2018 06:31:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: AmazonDrive.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Runtime.InteropServices.SEHException
    at System.Threading.Tasks.TaskCompletionSource`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TrySetException(System.Exception)
    at Amazon.CloudDrive.Services.CloudDrive.CloudDriveService.UploadTimeout(System.Threading.Tasks.TaskCompletionSource`1<Amazon.CloudDrive.Services.AmazonHttpResponse`1<Amazon.CloudDrive.Services.CloudDrive.Model.Node>>, Amazon.CloudDrive.Helpers.CancellableStream, Amazon.CloudDrive.Helpers.ObservableStreamTimeoutReason)
    at Amazon.CloudDrive.Services.CloudDrive.CloudDriveService+<>c__DisplayClass55_0.<UploadFileWithTimeoutAsync>b__2(Amazon.CloudDrive.Helpers.CancellableStream, Amazon.CloudDrive.Helpers.ObservableStreamTimeoutReason)
    at Amazon.CloudDrive.Helpers.ObservableStreamExtensions+<>c__DisplayClass3_0.<SlidingReadTimeout>b__1(System.Exception)
    at System.Reactive.AnonymousSafeObserver`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception)
    at System.Reactive.Sink`1+_[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnError(System.Exception)
    at System.Reactive.Linq.ObservableImpl.Throw`1+_[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Invoke()
    at System.Reactive.Concurrency.Scheduler.Invoke(System.Reactive.Concurrency.IScheduler, System.Action)
    at System.Reactive.Concurrency.ImmediateScheduler.Schedule[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon, System.Func`3<System.Reactive.Concurrency.IScheduler,System.__Canon,System.IDisposable>)
    at System.Reactive.Concurrency.Scheduler.Schedule(System.Reactive.Concurrency.IScheduler, System.Action)
    at System.Reactive.Linq.ObservableImpl.Throw`1+_[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run()
    at System.Reactive.Linq.ObservableImpl.Throw`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.IObserver`1<Int32>, System.IDisposable, System.Action`1<System.IDisposable>)
    at System.Reactive.Producer`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Reactive.Concurrency.IScheduler, State<Int32>)
    at System.Reactive.Concurrency.ScheduledItem`2[[System.TimeSpan, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Reactive.Producer`1+State[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], System.Reactive.Core, Version=2.2.5.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]].InvokeCore()
    at System.Reactive.Concurrency.CurrentThreadScheduler+Trampoline.Run(System.Reactive.Concurrency.SchedulerQueue`1<System.TimeSpan>)
    at System.Reactive.Concurrency.CurrentThreadScheduler.Schedule[[System.Reactive.Producer`1+State[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], System.Reactive.Core, Version=2.2.5.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]](State<Int32>, System.TimeSpan, System.Func`3<System.Reactive.Concurrency.IScheduler,State<Int32>,System.IDisposable>)
    at System.Reactive.Concurrency.LocalScheduler.Schedule[[System.Reactive.Producer`1+State[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], System.Reactive.Core, Version=2.2.5.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]](State<Int32>, System.Func`3<System.Reactive.Concurrency.IScheduler,State<Int32>,System.IDisposable>)
    at System.Reactive.Producer`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SubscribeRaw(System.IObserver`1<Int32>, Boolean)
    at System.ObservableExtensions.SubscribeSafe[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.IObservable`1<Int32>, System.IObserver`1<Int32>)
    at System.Reactive.Linq.ObservableImpl.Timeout`1+TimeR[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Timeout(System.Reactive.Concurrency.IScheduler, UInt64)
    at System.Reactive.Concurrency.DefaultScheduler+<>c__DisplayClass4`1[[System.UInt64, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<Schedule>b__3(System.Object)
    at System.Reactive.Concurrency.ConcurrencyAbstractionLayerImpl+Timer.Tick(System.Object)
    at System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.TimerQueueTimer.CallCallback()
    at System.Threading.TimerQueueTimer.Fire()
    at System.Threading.TimerQueue.FireNextTimers()
    at System.Threading.TimerQueue.AppDomainTimerCallback()

    Error: (01/25/2018 06:31:12 AM) (Source: SeaPort) (EventID: 9) (User: )
    Description: Exception at 0x73b39a4d in webio.dll: 0xc0000006 (0x8 0x73b39a4d)

    Error: (01/24/2018 05:56:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/24/2018 05:38:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    System errors:
    =============
    Error: (01/26/2018 08:48:12 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (01/26/2018 08:48:11 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (01/26/2018 08:48:11 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (01/26/2018 08:48:10 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (01/26/2018 08:48:10 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (01/25/2018 04:53:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

    Error: (01/25/2018 06:56:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Update service terminated with the following error:
    The class is configured to run as a security id different from the caller

    Error: (01/25/2018 06:51:07 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 6:50:09 AM on ‎1/‎25/‎2018 was unexpected.

    Error: (01/25/2018 06:31:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SeaPort service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/25/2018 06:31:10 AM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
    Percentage of memory in use: 59%
    Total physical RAM: 3947.86 MB
    Available physical RAM: 1605.55 MB
    Total Virtual: 7893.9 MB
    Available Virtual: 5345.03 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:451.11 GB) (Free:348.54 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.36 GB) (Free:1.78 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 02FE6C91)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.4 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of Addition.txt ============================

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/26/18
    Scan Time: 8:43 AM
    Log File: 081c4a4c-02b8-11e8-afab-b4b52f2eb3a7.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.262
    Update Package Version: 1.0.3793
    License: Free

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: System

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 242760
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 40 min, 17 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

  5. #5
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi tarjebie,

    Thank you for the logs. I see no indication of malware that could cause what you are experiencing. There were a few tracking cookies found by SuperAntiSpyware, but nothing of concern. My biggest concern is that I see no indication of you having an antivirus software installed on any of the logs posted.

    Windows Defender displays in the FRST log, though on Windows 7 Windows Defender serves as the built-in antispyware component, not an antivirus software like it was intended on Windows 8 and Windows 10.

    The following that I found in the Addition.txt does concerns me though:

    System errors:
    =============
    Error: (01/26/2018 08:48:12 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.
    That could be an indication that the hard drive is failing. The description of the problems you are describing in your first post can be symptoms that are related to failing hardware. I see that this is a Hewlett-Packard (HP) laptop. All HP's have built in diagnostics. I am going to ask you to click on the link below and follow the instructions to run the diagnostics on your HP laptop. Please share the results with me when finished.

    HP PCs - Testing for Hardware Failures

    There are other ways to test the hardware, but let's start there.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  6. #6
    Member
    Join Date
    Jan 2011
    Posts
    26
    Points
    0

    Default

    I ran the diagnostics and everything passed, except for the battery test, which was cancelled.

    Is it possible that there is accumulated dust in the laptop, making it run hot, and causing problems?

  7. #7
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    except for the battery test, which was cancelled.
    Hm? I wonder why... Battery issue or diagnostics test problem?

    Yes, it is possible. Another possibility is what I found in the Event logs section of the FRST log.

    Error: (01/26/2018 08:48:12 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.
    From what I have learned, the above could be the result of the cables connecting the hard drive to the mother board could be lose or the controller itself could be bad and in that case, since on a laptop, I do believe that the controller is built into the mother board which means that if that is the problem the motherboard will have to be replaced. Let me do some more research to see what I can find. I did some research last night and I have a couple links saved. I'll gather it all together and post as soon as possible.

    In the meantime, try taking the back off the laptop and give it a good cleaning with some compressed air and make sure all the hardware connections are secure.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  8. #8
    Member
    Join Date
    Jan 2011
    Posts
    26
    Points
    0

    Default

    okay, I will. Thnks so much!

  9. #9
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    You're welcome.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  10. #10
    Member
    Join Date
    Jan 2011
    Posts
    26
    Points
    0

    Default

    I cleaned the laptop, but no luck. Should I just plan to buy a new one?