Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 7

Notices

Reply
 
Topic Tools
  #1  
Old January 12th, 2017, 05:32 PM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
Please Help - Security Center will not turn on and System Restore not working.

Hi all,

First off, my apologies if this is in the incorrect section, if it is please feel free to move to the correct place.

I'll try a write as things happened.

The laptop in question is a Sony Vaio VGN-NS20E with Windows Vista SP2 32bit.

Yesterday I noticed that my windows last updated back in about June 2016, I went into the "check for updates" on my computer and this just stayed on the "checking for updates" for hours and hours. I eventually stopped this and started doing a few searches on this via google (wish I hadn't now), this is all I wanted to fix (the windows update). This was the only problem, but from this I've ended up with this problem and some others too.

I followed and tried a few things but nothing worked, google pages showed lots and lots of pages reflecting this issue so I didn't think I was the only one having this problem. After following one set of instructions which included deleting the data from file (I think it was) C/Windows/SoftwareDistribution my problems were not corrected and actually seemed worse.

The updates were still "hanging" on "checking for updates" and not updating, but also I noticed the red cross in the bottom right hand corner of my screen indicating my security center was off. I went to this and went to the "turn on now" button, the reply was "the security center cannot be started". This is how it stands now. I started to look at these issues, but no help, I used windows tweaking tool, but this hasn't helped and has probably made the laptop slower now, upon startup anyway.

Prior to the update issue the laptop has been working perfect.

After trying a few unsuccessful attempts to cure the security center issue, I decided to use the system restore tool.

The system restore tool does not start up, but in task manager it states it's running. After about 2 hours (no exaggeration) of waiting it started up, I went to the latest restore but it gives me a error code and doesn't work (sorry I can't remember the exact code). I have tried various ways of fixing this and by checking/starting certain applications in services but all efforts have not worked.

I think if I could get system restore working, I should be able to restore to about 10 days ago and hopefully all should be good.

The problems I have to summarise are:

Windows update is not working
Security Center is off and I can not turn it on
System Restore does not work.

Any help at all on this would be greatly appreciated to enable me to get the laptop back running as it should be and protected.

I believe this all started and got worse from deleting those files out of the software distribution folder.

Thanks,

JIO22.

Last edited by JIO22; January 12th, 2017 at 05:35 PM.
Reply With Quote


  #2  
Old January 13th, 2017, 12:50 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,872
Howdy JIO22,


Let's take a look.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


If you know how, it's best to disable your antivirus while doing these steps.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Reply With Quote
  #3  
Old January 13th, 2017, 01:52 PM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
Hi Jintan, thanks for the quick reply.

I'll post both below:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2017
Ran by Ben (administrator) on BEN-PC (13-01-2017 12:38:08)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sony Corporation) C:\Program Files\sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Sony Corporation) C:\Program Files\sony\VAIO Update\VUAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [LManager] => "C:\Program Files\Launch Manager\LManager.exe"
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [831576 2016-08-18] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2008-12-09] (Sony Corporation)
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\Control Panel\Desktop\\SCRNSAVE.EXE ->
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{82095513-6EBF-4CB5-B315-C794AB34A4F3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DFB36763-18C1-4E9D-9E2C-1DE555C9C05C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {E83252D4-35F3-4E7C-ADA8-88015CBC4015} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1289019028-3489076271-160467946-1003 -> {E83252D4-35F3-4E7C-ADA8-88015CBC4015} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1289019028-3489076271-160467946-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_ 186.dll [2016-12-20] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638 .dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1 .dll [2016-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.bbc.co.uk/
CHR StartupUrls: Profile 1 -> "hxxp://www.bbc.co.uk/"
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-03-16]
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-12]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15]
CHR Extension: (Adguard AdBlocker) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-01-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-01] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [970632 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [470600 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [470600 2016-08-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1253352 2016-08-18] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S4 BFBackupUtilityService; C:\Program Files\BUFFALO\Backup_Utility\BUService.exe [320888 2010-08-20] (BUFFALO INC.)
S4 BFBackupUtilityVSSService; C:\Program Files\BUFFALO\Backup_Utility\BUVSSService.exe [247160 2010-04-28] (BUFFALO INC.)
S2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2571704 2012-12-03] (WIBU-SYSTEMS AG)
S4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-05-22] (Teruten) [File not signed]
S4 GoogleDesktopManager-092308-165331; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2008-10-22] (Google)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-11-05] (Sony Corporation) [File not signed]
S4 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-04-01] (Sony Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [72856 2012-03-06] (Sony Corporation)
S4 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [93336 2012-03-06] (Sony Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S4 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResou rceManager\VzHardwareResourceManager.exe [69632 2009-03-05] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2008-12-09] (Sony Corporation)
S4 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-09-05] (Sony Corporation)
S4 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [480624 2009-09-16] (Sony Corporation)
S4 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-03-05] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1220376 2016-03-31] (Sony Corporation)
S4 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-03-05] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [File not signed]
S2 wscsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 MSCSPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [X]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [X]
S3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [X]
S3 WsDrvInst; C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [115600 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140272 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2016-08-18] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2016-11-20] (CACE Technologies, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-03-08] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslb4ef8c18; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EE69858-0AC2-4DA6-9E4D-4BA041FC971F}\MpKslb4ef8c18.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 12:38 - 2017-01-13 12:40 - 00018222 _____ C:\Users\Ben\Desktop\FRST.txt
2017-01-13 12:37 - 2017-01-13 12:38 - 00000000 ____D C:\FRST
2017-01-13 11:03 - 2017-01-13 11:03 - 01761280 _____ (Farbar) C:\Users\Ben\Desktop\FRST.exe
2017-01-12 15:21 - 2008-11-28 06:55 - 00131000 ____R (Microsoft Corporation) C:\Windows\system32\Drivers\WimFltr.sys
2017-01-12 12:35 - 2017-01-12 12:35 - 00000062 _____ C:\Users\Ben\Desktop\Internet Speed Test - VoipReview.url
2017-01-11 23:07 - 2017-01-11 23:07 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BEN-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2017-01-11 20:20 - 2017-01-11 20:20 - 00000000 ____D C:\1276602e8b1dd97d76f25f
2017-01-11 20:17 - 2017-01-11 20:17 - 00000000 ____D C:\b19a0f84348ec7312936
2017-01-10 19:32 - 2016-08-18 14:52 - 00140272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-01-10 19:32 - 2016-08-18 14:52 - 00115600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-01-10 19:32 - 2016-08-18 14:52 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-01-10 19:32 - 2016-08-18 14:52 - 00018760 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2017-01-10 19:28 - 2017-01-10 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-10 19:28 - 2017-01-10 19:33 - 00000000 ____D C:\ProgramData\Avira
2017-01-10 19:28 - 2017-01-10 19:32 - 00000000 ____D C:\Program Files\Avira

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 12:37 - 2012-04-23 12:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-13 11:34 - 2016-11-19 00:26 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\Mozilla
2017-01-13 11:24 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-13 11:24 - 2006-11-02 12:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-13 11:24 - 2006-11-02 12:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-13 11:24 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-13 11:22 - 2011-09-28 10:18 - 00000012 _____ C:\Windows\bthservsdp.dat
2017-01-13 11:22 - 2006-11-02 13:01 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-12 15:52 - 2011-08-16 06:36 - 00000000 ____D C:\Update
2017-01-12 11:00 - 2014-11-23 12:44 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-12 10:58 - 2011-08-13 13:57 - 00108520 _____ C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-12 10:48 - 2014-11-16 12:54 - 00622242 _____ C:\Windows\ntbtlog.txt
2017-01-12 00:11 - 2006-11-02 12:47 - 00400232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-11 23:49 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-01-11 23:49 - 2006-11-02 10:33 - 00829422 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-11 22:51 - 2016-06-29 20:21 - 00531878 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-01-11 22:44 - 2011-08-25 19:44 - 00000000 ____D C:\Users\Ben\Documents\Jemma
2017-01-10 20:09 - 2011-08-13 14:35 - 00000000 ___RD C:\Users\Ben\Desktop\Shortcuts
2017-01-10 19:28 - 2015-09-23 16:04 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-10 19:27 - 2014-11-22 18:46 - 00001945 _____ C:\Windows\epplauncher.mif
2017-01-07 19:49 - 2016-08-19 16:30 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2016-12-31 15:18 - 2014-12-02 15:06 - 00000000 ____D C:\Users\Ben\AppData\Local\CrashDumps
2016-12-24 20:51 - 2016-03-17 18:35 - 00002337 _____ C:\Users\Public\Desktop\Skype.lnk
2016-12-20 14:08 - 2011-08-13 13:57 - 00000000 ____D C:\Users\Ben\AppData\Local\Adobe
2016-12-20 14:07 - 2012-04-23 12:20 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-20 14:07 - 2012-04-23 12:20 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-20 14:07 - 2011-08-13 20:51 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-19 20:51 - 2011-08-13 13:57 - 00000000 ___RD C:\Users\Ben\Downloads

==================== Files in the root of some directories =======

2016-04-16 18:23 - 2016-04-15 06:23 - 0000040 ____H () C:\Program Files\0d8f4ba4.tmp
2013-07-23 20:05 - 2013-07-22 08:05 - 0000044 ____H () C:\Program Files\3345f390.tmp
2014-11-23 14:53 - 2016-03-16 13:24 - 0141629 _____ () C:\Users\Ben\AppData\Local\ars.cache
2014-11-23 14:53 - 2016-03-16 13:24 - 0174447 _____ () C:\Users\Ben\AppData\Local\census.cache
2011-08-13 13:57 - 2013-10-17 18:55 - 0002708 _____ () C:\Users\Ben\AppData\Local\d3d9caps.dat
2011-08-25 22:12 - 2016-11-13 20:53 - 0050176 _____ () C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-23 14:18 - 2014-11-23 14:18 - 0000036 _____ () C:\Users\Ben\AppData\Local\housecall.guid.cache
2013-03-21 22:26 - 2013-03-21 22:26 - 0000218 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2014-11-23 14:45 - 2016-03-16 13:12 - 0000010 _____ () C:\Users\Ben\AppData\Local\sponge.last.runtime.cac he
2016-06-02 21:27 - 2016-06-02 21:27 - 0000000 _____ () C:\Users\Ben\AppData\Local\{97A3B52A-51AB-41E5-B755-EA3A597D2699}
2014-09-20 21:09 - 2014-09-20 21:09 - 0000000 _____ () C:\Users\Ben\AppData\Local\{A25E4021-2E72-450C-91F8-46F693974C2B}
2012-04-04 12:03 - 2012-04-04 12:03 - 0000000 ____R () C:\ProgramData\-W2WzTYvMPLGoPo
2012-04-04 12:03 - 2012-04-04 12:03 - 0000168 ____R () C:\ProgramData\-W2WzTYvMPLGoPor
2014-03-08 22:08 - 2014-03-08 22:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2011-08-24 22:53 - 2011-08-24 23:32 - 0001935 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Ben\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 11:31

==================== End of FRST.txt ============================
Reply With Quote
  #4  
Old January 13th, 2017, 01:55 PM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2017
Ran by Ben (13-01-2017 12:40:38)
Running from C:\Users\Ben\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X86) (2011-08-13 20:40:57)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1289019028-3489076271-160467946-500 - Administrator - Disabled)
Ben (S-1-5-21-1289019028-3489076271-160467946-1003 - Administrator - Enabled) => C:\Users\Ben
Guest (S-1-5-21-1289019028-3489076271-160467946-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D 1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.39 - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version: - ArcSoft)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Big Fish Games Game Suite (HKLM\...\BFG-Big Fish Games Game Suite) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO Backup Utility (HKLM\...\UN091222) (Version: - )
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.73.04270 - Sony Corporation)
Click to Disc (Version: 1.2.73.04270 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 2.0.03.04150 - Sony Corporation)
Click to Disc Editor (Version: 2.0.02 - Sony Corporation) Hidden
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Easy Phone Sync (HKLM\...\{02007371-F011-4016-A664-ED99890331AB}) (Version: 63 - Media Mushroom Limited)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F300 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
F300_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
F300Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.8.0809.23506 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUB SYS_104D0200) (Version: - )
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
LeapFrog Connect (HKLM\...\UPCShell) (Version: 7.0.7.20035 - LeapFrog)
LeapFrog Connect (Version: 7.0.7.20035 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (Version: 7.0.6.19846 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Me&My VAIO (HKLM\...\{76D7CCD6-8369-405C-B494-5F34FAE67249}) (Version: 1.0.0.11140 - Sony Corporation)
Media Player Codec Pack 4.2.0 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.0 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Expression Web (HKLM\...\WebDesigner) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Expression Web Service Pack 1 (SP1) (HKLM\...\{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}) (Version: - Microsoft)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
MyFreeCodec (HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\MyFreeCodec) (Version: - )
OpenMG Secure Module 5.4.00 (HKLM\...\InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}) (Version: 5.4.00.04020 - Sony Corporation)
OpenMG Secure Module 5.4.00 (Version: 5.4.00.04020 - Sony Corporation) Hidden
PingPlotter 4.12.0 (HKLM\...\{D59AF474-7881-48B7-9120-F23D093BC447}) (Version: 4.12.0.9 - Pingman Tools, LLC)
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Roxio Easy Media Creator 10 LJ (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.2.0.10150 - Sony Corporation)
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SMPlayer 0.6.10 (HKLM\...\SMPlayer) (Version: 0.6.10 - Ricardo Villalba)
Software Info for Me&My VAIO (HKLM\...\{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}) (Version: 1.0.0.09110 - Sony Corporation)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sony Home Network Library (HKLM\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 1.4.5.15070 - Sony Corporation)
Sony Home Network Library (Version: 1.4.5.15070 - Sony Corporation) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.3.01.09300 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.5.00 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.13.0 - Synaptics)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.1.0.08260 - Sony Corporation)
VAIO Content Folder Watcher (HKLM\...\{327B75F0-92AF-420A-988F-FA596A218E0B}) (Version: 1.0.01.09030 - Sony Corporation)
VAIO Content Folder Watcher (Version: 1.0.01.09030 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}) (Version: 3.6.1.12010 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.6.1.12010 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM\...\{12D0BE8D-538C-4AB1-86DE-C540308F50DA}) (Version: 3.6.0.09240 - Sony Corporation)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}) (Version: 3.6.0.09080 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.6.0.09080 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.2.0.09120 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.4.1.15040 - Sony Corporation)
VAIO Entertainment Platform (Version: 3.4.1.15040 - Sony Corporation) Hidden
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.2.1.12090 - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.2.0.09090 - Sony Corporation)
VAIO Marketing Tools (HKLM\...\MarketingTools) (Version: - Sony Corporation)
VAIO Media plus (HKLM\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 1.4.5.15070 - Sony Corporation)
VAIO Media plus (Version: 1.2.0.10230 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.5.01.05120 - Sony Corporation)
VAIO Movie Story (Version: 1.3.01.08060 - Sony Corporation) Hidden
VAIO Movie Story 1.5 Upgrade (Version: 1.5.01.05120 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.5.01.05120 - Sony Corporation)
VAIO MusicBox (HKLM\...\{D613E659-6503-42A8-9617-4F599061EAD5}) (Version: 2.3.0.09250 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO Original Function Settings (HKLM\...\{7C404084-C5A6-42FF-B731-0BAC79A6E134}) (Version: 2.0.2.02240 - Sony Corporation)
VAIO Original Function Settings (Version: 2.0.2.02240 - Sony Corporation) Hidden
VAIO Power Management (HKLM\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.2.0.10060 - Sony Corporation)
VAIO Presentation Support (HKLM\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 1.1.0.08250 - Sony Corporation)
VAIO Smart Network (HKLM\...\{3B659FAD-E772-44A3-B7E7-560FF084669F}) (Version: 2.2.0.11050 - Sony Corporation)
VAIO Update (HKLM\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.2.0.16270 - Sony Corporation)
VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.3.0.10310 - Sony Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VUx86 (Version: 1.2.0 - Sony Corporation) Hidden
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D ) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.602 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B9.602 - InterVideo Inc.) Hidden
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.8.6 (32-bit) (HKLM\...\Wireshark) (Version: 1.8.6 - The Wireshark developer community, hxxp://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1289019028-3489076271-160467946-1003_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {130A83F4-AE35-44F7-8185-43771079D4E1} - \Microsoft\Microsoft Antimalware\MpIdleTask -> No File <==== ATTENTION
Task: {23148F49-7AF8-47D5-B94E-82F54ED45F5D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {266587F0-ED3D-4FF5-BBC9-BF143756347C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2016-12-20] (Adobe Systems Incorporated)
Task: {2EF9C327-6175-4AA3-B015-BD8858DAFE4D} - \avast! Emergency Update -> No File <==== ATTENTION
Task: {64B44BB4-7D74-4E96-8AEF-4DED2458C80E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2016-03-31] (Sony Corporation)
Task: {6AC34FDD-4CFF-409F-8733-64E3644B0B6A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2016-04-25] (Sony Corporation)
Task: {7CD8B328-34D1-481D-B30B-9BED7C4C72EB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {895F5C51-A83F-4648-BBAD-16E2197976CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {9C82627B-1ABF-4605-A85A-590AE7543348} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A30BCA5E-F7F7-4658-99FE-558BC1AF132C} - System32\Tasks\{F13BD795-7442-4C89-B770-6B4E18124C08} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {BDB3B981-0DB7-435E-9B80-DA629FBA8AE1} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2016-03-31] (Sony Corporation)
Task: {BE290D13-5E66-42E7-885E-E47D088D0D0A} - System32\Tasks\SONY\Me&My VAIO\Me&My VAIO => C:\Program Files\Sony\Me&My VAIO\QLGuide.exe [2008-11-17] (Sony Corporation)
Task: {C09690DE-DFF4-47EA-87C5-5C55B6080095} - System32\Tasks\{07D85107-B6C9-4FC2-85AA-694B3F10B1E8} => pcalua.exe -a C:\Users\Ben\AppData\Local\temp\GLF2D6\DPInst.exe -d C:\Users\Ben\AppData\Local\temp\GLF2D6 <==== ATTENTION
Task: {E5F0B323-7F87-4D75-9F32-90172DF22B52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-24 08:46 - 2014-11-24 08:46 - 00879104 _____ () C:\Program Files\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2011-08-13 21:23 - 2008-12-09 08:27 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2011-08-13 21:23 - 2008-12-09 08:27 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30 [138]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE trusted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\cybertechhelp.com -> hxxp://www.cybertechhelp.com
IE trusted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\ebay.co.uk -> hxxp://www.ebay.co.uk
IE trusted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\metcheck.com -> hxxp://www.metcheck.com
IE trusted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\orange.co.uk -> hxxp://www.orange.co.uk
IE trusted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\speedtest.net -> hxxp://www.speedtest.net
IE trusted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\thesun.co.uk -> hxxp://www.thesun.co.uk
IE trusted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\youtube.com -> hxxp://www.youtube.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\1-se.com -> 1-se.com

There are 11597 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2017-01-11 23:46 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1289019028-3489076271-160467946-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BFBackupUtilityService => 2
MSCONFIG\Services: BFBackupUtilityVSSService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: GoogleDesktopManager-092308-165331 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: NSUService => 2
MSCONFIG\Services: PACSPTISVR => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDBSvr => 3
MSCONFIG\Services: SOHDms => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SOHPlMgr => 3
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: VAIO Entertainment TV Device Arbitration Service => 3
MSCONFIG\Services: VAIO Event Service => 2
MSCONFIG\Services: VAIO Power Management => 2
MSCONFIG\Services: VCFw => 2
MSCONFIG\Services: VcmIAlzMgr => 3
MSCONFIG\Services: Vcsw => 3
MSCONFIG\Services: VUAgent => 3
MSCONFIG\Services: VzCdbSvc => 2
MSCONFIG\Services: XAudioService => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MarketingTools => C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: Monitor => "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: NSUFloatingUI => "C:\Program Files\Sony\Network Utility\LANUtil.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{19A9B568-A117-46C1-8FF0-12D01B2ABEFF}] => LPort=80
FirewallRules: [{EEB669B6-CFB2-4317-B56E-102BFE59B531}] => LPort=80
FirewallRules: [{0CAE3949-3AFB-4E2B-8BB6-3F9D76825591}] => LPort=80
FirewallRules: [{7D84453F-0EA8-4C23-8089-110E1C5570D4}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2BC1E23F-9DD9-44F2-BD2F-947EE4525022}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7FBCE151-8AB0-4854-A0BB-43A340CF8D19}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{65E8EB5C-BAC4-4267-8AE3-797A39A28927}C:\program files\java\jre6\bin\java.exe] => C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{C606D6E9-DC08-470F-9ABF-2F4EC03460F9}C:\program files\java\jre6\bin\java.exe] => C:\program files\java\jre6\bin\java.exe
FirewallRules: [{16ACD425-2E79-4BB8-ACDF-80F631C4F2BB}] => C:\Windows\System32\muzapp.exe
FirewallRules: [{0235CFB2-4BCB-43DC-B9C1-34878231E059}] => C:\Windows\System32\muzapp.exe
FirewallRules: [TCP Query User{304B195F-96FD-404A-86DB-8142E1006D04}C:\program files\pfportchecker\pfportchecker.exe] => C:\program files\pfportchecker\pfportchecker.exe
FirewallRules: [UDP Query User{D12C0AF1-3FFC-4005-BA08-C9A3A4C580C4}C:\program files\pfportchecker\pfportchecker.exe] => C:\program files\pfportchecker\pfportchecker.exe
FirewallRules: [TCP Query User{B0489444-10B8-419C-BDC7-F2413C53C425}C:\program files\java\jre7\bin\java.exe] => C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{F861117F-190A-417D-B13D-E9B4AAD33088}C:\program files\java\jre7\bin\java.exe] => C:\program files\java\jre7\bin\java.exe
FirewallRules: [{1555CFC5-7EB2-4A40-BAE4-CAC3F12E1F9E}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
FirewallRules: [TCP Query User{CC14696E-FF35-4C6F-BF99-4A1868D5C32A}C:\program files\java\jre7\bin\java.exe] => C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{8E074770-C9B3-4CF2-B181-47ABEDE8E321}C:\program files\java\jre7\bin\java.exe] => C:\program files\java\jre7\bin\java.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => LPort=80
FirewallRules: [{70097CC3-FE4A-4683-9409-37652717E98B}] => C:\Windows\System32\muzapp.exe
FirewallRules: [{B0A4D8EF-D68A-4235-8D8A-D9A353D713D6}] => C:\Windows\System32\muzapp.exe
FirewallRules: [TCP Query User{E4BA58DA-F439-498F-8378-77F79FFD9316}C:\program files\java\jre7\bin\jp2launcher.exe] => C:\program files\java\jre7\bin\jp2launcher.exe
FirewallRules: [UDP Query User{34A0EE26-53E3-4A10-B843-B5BD7FCAB743}C:\program files\java\jre7\bin\jp2launcher.exe] => C:\program files\java\jre7\bin\jp2launcher.exe
FirewallRules: [TCP Query User{7A4E3961-C9AE-4530-86FB-BA8D9A407941}C:\program files\java\jre1.8.0_20\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_20\bin\jp2launcher.exe
FirewallRules: [UDP Query User{F5E00B22-E819-4195-96B1-791C1983C898}C:\program files\java\jre1.8.0_20\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_20\bin\jp2launcher.exe
FirewallRules: [TCP Query User{6883ABEF-9115-4FF6-82EA-43DE712FAEC9}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{A6C72938-1A6A-45FE-B90F-4DBFFA068F52}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [TCP Query User{CBDEB1F4-790A-4317-90FB-C456DE8F5CD8}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => C:\program files\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{80FC1A4A-8B77-499A-BA53-67781C4EBC75}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => C:\program files\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{04607867-A184-44B8-B509-E66C856FC6AE}] => C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{5617863F-368E-46DE-B8DE-A9F68627DF37}] => C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{4A17AA89-2A3C-4CC4-8E04-D02BD26F76A9}] => C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{D4B0179E-2F00-45F5-BEAB-7024F824366C}] => C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{15DF3D68-2ECA-4787-AA38-C5F817A18017}C:\program files\kodi\kodi.exe] => C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{2219C559-B364-4AE2-AFDD-5747CDD60192}C:\program files\kodi\kodi.exe] => C:\program files\kodi\kodi.exe
FirewallRules: [TCP Query User{3B01EA7E-9890-4658-A8FC-B15CDE6586FE}C:\program files\kodi\kodi.exe] => C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{2A7E0DC3-026B-4EA5-B701-CB619D48A69E}C:\program files\kodi\kodi.exe] => C:\program files\kodi\kodi.exe
FirewallRules: [{155D02B3-11D4-47FB-BAF3-63306428A36A}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6388B3EE-0EC6-4354-BB94-5231530A751C}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E00514F9-7986-4C49-BCF4-0482350A5AEE}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{36D99BA0-85B0-48C0-80B2-93F1E94E4B4A}C:\program files\java\jre1.8.0_73\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_73\bin\jp2launcher.exe
FirewallRules: [UDP Query User{D80F0C78-A278-4090-8EED-9EE599A9BF82}C:\program files\java\jre1.8.0_73\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_73\bin\jp2launcher.exe
FirewallRules: [TCP Query User{324B0E5E-BC31-4C8D-ABB1-214EF2BA9AE8}C:\program files\jrt studio\isyncr\isyncr.exe] => C:\program files\jrt studio\isyncr\isyncr.exe
FirewallRules: [UDP Query User{FA37C349-1687-4162-A752-AA391F080C0F}C:\program files\jrt studio\isyncr\isyncr.exe] => C:\program files\jrt studio\isyncr\isyncr.exe
FirewallRules: [TCP Query User{E0119C9A-8BA4-4F07-9E10-4C1F86C0A1D1}C:\program files\java\jre1.8.0_77\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_77\bin\jp2launcher.exe
FirewallRules: [UDP Query User{E336C7D2-E475-439C-9D75-33CD2F2C0267}C:\program files\java\jre1.8.0_77\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_77\bin\jp2launcher.exe
FirewallRules: [{26E1900D-2693-4016-80BB-C4332BA4C924}] => C:\Program Files\The Bit Studio\Synctunes Desktop\Synctunes.exe
FirewallRules: [{6348C224-3B1A-4608-AAD0-372CA2494FBF}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{07EEB454-8C9E-4C97-AB96-6DD98B405A18}] => C:\Program Files\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [TCP Query User{969DFAA4-52A8-4B64-A29E-7E6190C2C341}C:\program files\netgear genie\bin\netgeargenie.exe] => C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{336AAA0A-CE33-48F4-9EBB-E528D844F5E4}C:\program files\netgear genie\bin\netgeargenie.exe] => C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{A5BD227C-AADF-4FE6-8EE8-415216CE7EC0}C:\program files\java\jre1.8.0_111\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_111\bin\jp2launcher.exe
FirewallRules: [UDP Query User{15C0F063-FC21-4CEA-A4F9-212462B47277}C:\program files\java\jre1.8.0_111\bin\jp2launcher.exe] => C:\program files\java\jre1.8.0_111\bin\jp2launcher.exe

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2017 02:30:20 PM) (Source: System Restore) (EventID: 8199) (User: )
Description: Failed to initiate System Restore (Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026).

Error: (01/12/2017 02:30:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.


Operation:
Abort Backup

Context:
Execution Context: Requestor
Current State: SnapshotSetCreated

Error: (01/12/2017 02:30:20 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
Abort Backup

Context:
Execution Context: Requestor
Current State: SnapshotSetCreated

Error: (01/12/2017 02:30:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.


Operation:
Gathering Writer Data
Executing Asynchronous Operation

Context:
Execution Context: Requestor
Current State: GatherWriterMetadata

Error: (01/12/2017 02:30:20 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
Gathering Writer Data
Executing Asynchronous Operation

Context:
Execution Context: Requestor
Current State: GatherWriterMetadata

Error: (01/12/2017 02:20:37 PM) (Source: System Restore) (EventID: 8199) (User: )
Description: Failed to initiate System Restore (Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026).

Error: (01/12/2017 02:20:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.
Reply With Quote
  #5  
Old January 13th, 2017, 01:55 PM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
Operation:
Abort Backup

Context:
Execution Context: Requestor
Current State: SnapshotSetCreated

Error: (01/12/2017 02:20:37 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
Abort Backup

Context:
Execution Context: Requestor
Current State: SnapshotSetCreated

Error: (01/12/2017 02:20:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.


Operation:
Gathering Writer Data
Executing Asynchronous Operation

Context:
Execution Context: Requestor
Current State: GatherWriterMetadata

Error: (01/12/2017 02:20:37 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
Gathering Writer Data
Executing Asynchronous Operation

Context:
Execution Context: Requestor
Current State: GatherWriterMetadata


System errors:
=============
Error: (01/13/2017 11:34:23 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (01/13/2017 11:26:17 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (01/13/2017 11:24:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Event-ID 10000

Error: (01/13/2017 10:58:59 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (01/13/2017 10:58:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (01/13/2017 10:55:48 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Event-ID 10000

Error: (01/13/2017 10:46:45 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (01/13/2017 10:44:51 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (01/13/2017 10:43:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Event-ID 10000

Error: (01/12/2017 06:37:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-01-12 11:54:05.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 11:54:04.353
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 11:54:03.229
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 11:54:01.738
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 11:54:00.730
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 11:53:59.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 11:53:58.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 11:53:57.462
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 11:53:56.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-12 11:53:55.429
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 71%
Total physical RAM: 2938.31 MB
Available physical RAM: 851.84 MB
Total Virtual: 6104.89 MB
Available Virtual: 3665.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.5 GB) (Free:127.32 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 1E87FF0F)
Partition 1: (Not Active) - (Size=9.6 GB) - (Type=27)
Partition 2: (Active) - (Size=288.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #6  
Old January 13th, 2017, 11:59 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,872
Actually, if the WMI repair steps were done right, deleting the files from the Repository folder should have fixed things. We'll tackle that in a bit.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.



Uninstall this - of no use to the end user:

Mozilla Maintenance Service

-----------

Go to Start, Search, type notepad in the Search box, and hit Enter. In the open Notepad text box, copy and past the following (inside the Code box):


Code:
start:
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\Control Panel\Desktop\\SCRNSAVE.EXE ->
BootExecute: autocheck autochk * sdnclean.exe
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
S1 MpKslb4ef8c18; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EE69858-0AC2-4DA6-9E4D-4BA041FC971F}\MpKslb4ef8c18.sys [X]
Task: {130A83F4-AE35-44F7-8185-43771079D4E1} - \Microsoft\Microsoft Antimalware\MpIdleTask -> No File <==== ATTENTION
Task: {C09690DE-DFF4-47EA-87C5-5C55B6080095} - System32\Tasks\{07D85107-B6C9-4FC2-85AA-694B3F10B1E8} => pcalua.exe -a C:\Users\Ben\AppData\Local\temp\GLF2D6\DPInst.exe -d C:\Users\Ben\AppData\Local\temp\GLF2D6 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30 [138]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TweakingRemoveSafeBoot => ""="Service"
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
FirewallRules: [{19A9B568-A117-46C1-8FF0-12D01B2ABEFF}] => LPort=80
FirewallRules: [{EEB669B6-CFB2-4317-B56E-102BFE59B531}] => LPort=80
FirewallRules: [{0CAE3949-3AFB-4E2B-8BB6-3F9D76825591}] => LPort=80
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => LPort=80
end
Save it to C:\Users\Ben\Desktop (the same location as FRST.exe) as fixlist.txt

Then open FRST, and click the Fix button. Once it is done a text will open - post that back here please.

-------------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.

Agree to the language prompt, and place a check next to:

Install 32 and 64 bits versions (Recommended for Technicians).

Then click Next until you get to the Finish button, and click it. RogueKiller will then open.

Click the Start Scan button, then again the Start Scan button.
Reply With Quote
  #7  
Old January 14th, 2017, 12:19 AM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
Thanks for clear instructions to follow, I'm going to do the other scan now.

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-01-2017
Ran by Ben (13-01-2017 23:11:09) Run:1
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start:
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\Control Panel\Desktop\\SCRNSAVE.EXE ->
BootExecute: autocheck autochk * sdnclean.exe
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
S1 MpKslb4ef8c18; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EE69858-0AC2-4DA6-9E4D-4BA041FC971F}\MpKslb4ef8c18.sys [X]
Task: {130A83F4-AE35-44F7-8185-43771079D4E1} - \Microsoft\Microsoft Antimalware\MpIdleTask -> No File <==== ATTENTION
Task: {C09690DE-DFF4-47EA-87C5-5C55B6080095} - System32\Tasks\{07D85107-B6C9-4FC2-85AA-694B3F10B1E8} => pcalua.exe -a C:\Users\Ben\AppData\Local\temp\GLF2D6\DPInst.exe -d C:\Users\Ben\AppData\Local\temp\GLF2D6 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30 [138]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TweakingRemoveSafeBoot => ""="Service"
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
FirewallRules: [{19A9B568-A117-46C1-8FF0-12D01B2ABEFF}] => LPort=80
FirewallRules: [{EEB669B6-CFB2-4317-B56E-102BFE59B531}] => LPort=80
FirewallRules: [{0CAE3949-3AFB-4E2B-8BB6-3F9D76825591}] => LPort=80
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => LPort=80
end
*****************

start: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\\NoLowDiskSpaceChecks => value removed successfully.
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\Control Panel\Desktop\\SCRNSAVE.EXE => value restored successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00011 => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\0000000 00012 => key removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-1289019028-3489076271-160467946-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\System\CurrentControlSet\Services\MpKslb4ef8c 18 => key removed successfully.
MpKslb4ef8c18 => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{130A83 F4-AE35-44F7-8185-43771079D4E1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{130A83 F4-AE35-44F7-8185-43771079D4E1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Microsoft Antimalware\MpIdleTask => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C09690 DE-DFF4-47EA-87C5-5C55B6080095} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C09690 DE-DFF4-47EA-87C5-5C55B6080095} => key removed successfully.
C:\Windows\System32\Tasks\{07D85107-B6C9-4FC2-85AA-694B3F10B1E8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07D8510 7-B6C9-4FC2-85AA-694B3F10B1E8} => key removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully..
C:\ProgramData\TEMP => ":F0D7EE30" ADS removed successfully..
HKLM\System\CurrentControlSet\Control\SafeBoot\\De fault => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\Al ternateShell => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\De fault => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\Al ternateShell => value restored successfully
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\{19A9B5 68-A117-46C1-8FF0-12D01B2ABEFF} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\{EEB669 B6-CFB2-4317-B56E-102BFE59B531} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\{0CAE39 49-3AFB-4E2B-8BB6-3F9D76825591} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\{7B0956 BD-F3D2-483D-B46D-8A8571258DC6} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\{8AB470 CC-8166-471A-8F5F-8CF24CBF9CE7} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\{E72885 C9-C635-4DBF-9775-C607C77F0F91} => value removed successfully.

==== End of Fixlog 23:11:10 ====
Reply With Quote
  #8  
Old January 14th, 2017, 12:31 AM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
Hi Jintan,

When the scan completes do you want me to post it back on here or anything else?

Cheers,

Ben.
Reply With Quote
  #9  
Old January 14th, 2017, 03:35 PM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
Hi,

I have run the scan on roguekiller, it completed and came up with 18 threats detected.

I'm unsure of next step but I have clicked the 'open report' button at the end of the scan, then the 'open txt' button, this opened a note pad documnet. I'll copy that contents here, I haven't removed any of the threats and I have left the screen report etc open at the end of the scan. I'll wait for your next instructions.

Thanks.


RogueKiller V12.9.2.0 [Jan 9 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ben [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 01/14/2017 13:16:30 (Duration : 01:02:38)

Processes : 0

Registry : 12
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} (C:\Program Files\MyFree Codec\1.0b beta\AC-3\ac3dx.ax) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.e xe) -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\DriverTuner -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\DriverTuner_Init -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\OCS -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\Microsoft\Windows\CurrentVersion\Uni nstall\MyFreeCodec -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S WDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\R tkAudioService (C:\Windows\RtkAudioService.exe) -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bbc.co.uk/ -> Found

Tasks : 0

Files : 3
[PUP.Gen1][Folder] C:\Users\Ben\AppData\Local\SlimWare Utilities Inc -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec -> Found
[PUP.Gen1][Folder] C:\Program Files\MyFree Codec -> Found

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 3
[PUM.HomePage][Firefox:Config] 41z0j4bg.default-1465414280271 : user_pref("browser.startup.homepage", "http://www.bbc.co.uk/"); -> Found
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : homepage [http://www.bbc.co.uk/] -> Found
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [http://www.bbc.co.uk/] -> Found

MBR Check :
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] c72be885698472241ac5116a796a071b
[BSP] 92d29d5efefd4ddb26c956e24cc9fecb : HP MBR Code
Reply With Quote
  #10  
Old January 15th, 2017, 01:30 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,872
I just realized I haven't finished running this newer version of RogueKiller, so haven't created the next handy steps to follow (though I'm doing it now). So in general:

Run the RogueKiller scan again.

It makes mistakes, so when it is done, make sure only the following items are checked:

[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\DriverTuner -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\DriverTuner_Init -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1289019028-3489076271-160467946-1003\Software\SlimWare Utilities Inc -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S WDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
[PUP.Gen1][Folder] C:\Users\Ben\AppData\Local\SlimWare Utilities Inc -> Found

Then have RogueKiller Delete those.

-----------

Not real sure we found any infection that would have caused these problems you mention though.


Go HERE and download CAT Crisis Aversion Tool, then click that cat.exe to run the tool.

When CAT opens, click the left-side Fixes tab. Place a check next to:

Repair SSL/HTTPS/Cryptographic Services
Reset Default Services Start States



When CAT is done, reboot the system, and try the Security Center and System Restore.
Reply With Quote
  #11  
Old January 15th, 2017, 02:06 AM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
Hi, no probs Jintan.

These problems started really from trying to do the fix for the windows update "hanging", prior to this it was ok. Some time back (last time) I used the system restore it was very delayed then in loading up but once it was on, it did work. I haven't used it since, until the other day.

I have removed those 6 items in rogue killer, the other items were left alone.

I've downloaded CAT, once started I selected those 2 items then clicked on "apply checked fixes", the laptop then throws a

"AutoIt Error" box up saying " Line 10667 (File "C:\Users\Ben\Desktop\CAT.exe"):
Error: Variable must be of type "Object".

The only choice I get is to click "ok", once I do this is stops CAT, I've tried a few times but it does the same.

Have you any ideas if I'm doing this wrong? Or how to continue it?

Thanks

Ben.
Reply With Quote
  #12  
Old January 15th, 2017, 03:55 PM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
The system restore error message is this, I tried it again but no joy:

System Restore didn't complete successfully. Your computer's system files and settings were not changed.

Details:

The volume shadow copy service used by system restore is not working. For more information view the event log. (0x81000202)

You might want to try system restore again and try a different restore point.
For more information see system restore frequently asked questions.


Just to note I have tried different restore points but no difference, it still gives the same error message.
Reply With Quote
  #13  
Old January 16th, 2017, 12:14 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,872
AutoIt is the software that made the CAT script an executable file, and really no reason this time it finds an error in a line of script.


Go to Control Panel - User Accounts - Manage another account - Create an account. Make a new user with Admin priveleges.

Restart the computer, log in under the new account, and try CAT again. This will also tell if it is a system thing (which is likely).

--------------

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:


Go to Start - Run, and type the following (Enter after):

chkdsk /r

It will likely find volumes in use and ask if you want it to run on reboot - select Y for yes, then reboot. This will scan for files as well a locate and repair bad sectors of the disk.
Reply With Quote
  #14  
Old January 16th, 2017, 12:16 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,872
Before you restart to the new account, try to place a copy of CAT on your C drive. That way it will be available on the new user account.
Reply With Quote
  #15  
Old January 17th, 2017, 11:38 PM
JIO22 JIO22 is offline
Senior Member
 
Join Date: Jun 2008
O/S: Windows 7 32-bit
Posts: 631
Hi Jintan,

My apologies for the delay. I haven't followed the last set of steps yet, but..... some good news.

Let me explain first and see what you think.

Before your last reply I done some research, I found this amongst the reading:

regsvr32 msxml4.dll
regsvr32 i eventcls.dll

regsvr32 es.dll

I executed these 3 into the cmd prompt, after doing this I tried system restore and it worked. It took a very long time (left over night) but it did restore in the end without showing that error what I had before. I'm not sure which one of the 3 worked or a combination of all of them but it did.

So with the system restore done, the laptop is back on.

The current state of play is:

The Security center will now turn on and there is no red cross in the bottom r/h corner of screen.

System restore is still incredibly slow to load up (to get it on the screen), takes about 90 mins.

Windows update is "checking for updates" and doesn't seem to update. When I first enter this screen it has a red cross by it, so I click on check for updates, then it stays on that and doesn't appear to be updating.

Windows Defender is saying it is out of date, click on "update definitions" but it just seems to hang the same as the windows update.

Laptop seems a bit slower in general, not quite as snappy.


Now moving on from this, recently I have had to :

Move from Chrome to Firefox, due to chrome not being supported on vista anymore.

Move from Microsoft Security Essentials to Avira due to vista support finishing.

Support for mozilla firefox ending for vista in April too.

I believe the support for vista in general is ending soon I think, April? So no more updates etc.


Could this be why I am having issues with updates to these different things, the fact support is finished/finishing for vista etc?

Please let me know what you think or if you have any clarity on when the support is ending.

I have been pondering upgrading the laptop for some time now but as it has been working so well I have been happy and there has be no need. Now I am thinking the time is right to perhaps do this, what do you think?

If this is the reason why I am having the issues (support ending), then it might be better to look at upgrading to the latest system.

I am also happy to continue any next steps (or last steps) to do to try and get the rest of these things corrected.

Thanks,

Ben.

Last edited by JIO22; January 17th, 2017 at 11:42 PM.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 04:59 PM.