Jump to content


Photo

Super Sluggish PC


  • This topic is locked This topic is locked
3 replies to this topic

#1 katmandu

katmandu

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 22 May 2017 - 07:39 PM

Hello Sirs!

 

     As the title says I'm running into a super slow PC with sluggish load times from the internet. My O/S is windows 7. I've read your FAQ page and have ran the logs. My attempts to help the computer are as follows. I ran Mal-Ware bytes in which it found 7 threats that were quarantined. I tried a system restore to a previous default settings. None of these have helped. If you would be able to point me in the right direction to resolve this I would appreciate it!!

 

FARBAR SCAN

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017
Ran by Paradigm (administrator) on PARADIGM-PC (21-05-2017 20:36:00)
Running from C:\Users\Paradigm\Downloads
Loaded Profiles: Paradigm (Available Profiles: Paradigm)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\Paradigm\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.551\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [ALU] => C:\Program Files\eMachines\eMachines Updater\ALU.exe [2419104 2016-06-06] (Acer Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3930469662-734786788-2123210846-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-20] (Google Inc.)
HKU\S-1-5-21-3930469662-734786788-2123210846-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-3930469662-734786788-2123210846-1001\...\Run: [BingSvc] => C:\Users\Paradigm\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3930469662-734786788-2123210846-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\eMachines.scr [425984 2009-08-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76C09F17-3DAB-4FF0-8A0B-AE83015E5F44}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3930469662-734786788-2123210846-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
HKU\S-1-5-21-3930469662-734786788-2123210846-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1330&r=1736021775dha87647325g97612b67
HKU\S-1-5-21-3930469662-734786788-2123210846-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1330&r=1736021775dha87647325g97612b67
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-3930469662-734786788-2123210846-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3930469662-734786788-2123210846-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3930469662-734786788-2123210846-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS731
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2009-11-20] (Google Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-02-11] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2009-11-20] (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-02-11] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-02-11] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-02-11] (Google Inc.)
Toolbar: HKU\S-1-5-21-3930469662-734786788-2123210846-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-02-11] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2qq2opy0.default
FF ProfilePath: C:\Users\Paradigm\AppData\Roaming\Mozilla\Firefox\Profiles\2qq2opy0.default [2017-05-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2qq2opy0.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\2qq2opy0.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\2qq2opy0.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\2qq2opy0.default -> hxxp://www.msn.com/?pc=U143&ocid=U143DHP&osmkt=en-us
hxxps://support.mozilla.org/en-US/kb/update-firefox-latest-version
FF Keyword.URL: Mozilla\Firefox\Profiles\2qq2opy0.default -> hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Extension: (Bing Search) - C:\Users\Paradigm\AppData\Roaming\Mozilla\Firefox\Profiles\2qq2opy0.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-02-11]
FF Extension: (PackageTracker) - C:\Users\Paradigm\AppData\Roaming\Mozilla\Firefox\Profiles\2qq2opy0.default\Extensions\newtabsearch@apackagetracker.com.xpi [2017-02-19]
FF SearchPlugin: C:\Users\Paradigm\AppData\Roaming\Mozilla\Firefox\Profiles\2qq2opy0.default\searchplugins\bing-.xml [2017-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [257440 2016-06-08] (Acer Incorporated)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-18] (McAfee, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [257440 2016-06-08] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-20] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-20] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-20] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-21] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-21 20:36 - 2017-05-21 20:38 - 00012813 _____ C:\Users\Paradigm\Downloads\FRST.txt
2017-05-21 20:35 - 2017-05-21 20:36 - 00000000 ____D C:\FRST
2017-05-21 20:34 - 2017-05-21 20:34 - 02429952 _____ (Farbar) C:\Users\Paradigm\Downloads\FRST64.exe
2017-05-20 02:01 - 2017-05-21 14:00 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-20 02:01 - 2017-05-20 02:11 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-20 02:01 - 2017-05-20 02:11 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-20 02:01 - 2017-05-20 02:01 - 00187320 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-20 02:00 - 2017-05-20 02:11 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-20 02:00 - 2017-05-20 02:00 - 00001876 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-20 02:00 - 2017-05-20 02:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-20 02:00 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-20 01:59 - 2017-05-20 01:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-20 01:59 - 2017-05-20 01:59 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-20 01:58 - 2017-05-20 01:58 - 63364552 _____ (Malwarebytes ) C:\Users\Paradigm\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-20 01:20 - 2017-05-20 01:20 - 00000000 ____D C:\Users\Paradigm\AppData\Local\ElevatedDiagnostics
2017-05-16 20:13 - 2017-05-16 20:14 - 09398496 _____ (McAfee, Inc.) C:\Users\Paradigm\Downloads\Setup_serial_e2M4x046hu6vy6HqXr5EYg2_key.exe
2017-05-16 20:02 - 2017-05-16 20:03 - 06654960 _____ (AVAST Software) C:\Users\Paradigm\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-05-10 23:48 - 2017-05-10 23:48 - 00246096 _____ (Mozilla) C:\Users\Paradigm\Downloads\Firefox Setup Stub 53.0.2(1).exe
2017-05-10 23:47 - 2017-05-10 23:47 - 00246096 _____ (Mozilla) C:\Users\Paradigm\Downloads\Firefox Setup Stub 53.0.2.exe
2017-05-06 01:40 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-04 23:47 - 2017-05-04 23:47 - 02559864 _____ (Microsoft Corporation) C:\Users\Paradigm\Downloads\DefaultPack(3).EXE
2017-05-04 23:33 - 2017-05-04 23:33 - 02559864 _____ (Microsoft Corporation) C:\Users\Paradigm\Downloads\DefaultPack(2).EXE
2017-05-03 20:27 - 2017-05-03 20:27 - 05604776 _____ ( ) C:\Users\Paradigm\Downloads\sscsrua3.exe
2017-05-03 20:25 - 2017-05-03 20:25 - 01631704 _____ (Skype Technologies S.A.) C:\Users\Paradigm\Downloads\SkypeSetup(5).exe
2017-05-03 20:23 - 2017-05-03 20:23 - 01631704 _____ (Skype Technologies S.A.) C:\Users\Paradigm\Downloads\SkypeSetup(4).exe
2017-05-03 20:22 - 2017-05-03 20:22 - 01631704 _____ (Skype Technologies S.A.) C:\Users\Paradigm\Downloads\SkypeSetup(3).exe
2017-05-03 19:58 - 2017-05-03 19:58 - 01631704 _____ (Skype Technologies S.A.) C:\Users\Paradigm\Downloads\SkypeSetup(2).exe
2017-05-03 19:58 - 2017-05-03 19:58 - 01631704 _____ (Skype Technologies S.A.) C:\Users\Paradigm\Downloads\SkypeSetup(1).exe
2017-05-03 19:57 - 2017-05-03 19:57 - 01632216 _____ (Skype Technologies S.A.) C:\Users\Paradigm\Downloads\SkypeSetup.exe
2017-05-01 20:48 - 2017-05-01 20:48 - 00003996 _____ C:\Windows\System32\Tasks\UALU notificatin
2017-04-30 17:30 - 2017-04-30 17:30 - 00001973 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-04-30 17:30 - 2017-04-30 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-04-30 17:29 - 2017-04-30 17:29 - 00000000 ____D C:\ProgramData\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-20 13:33 - 2017-02-11 19:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-20 02:20 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-20 02:20 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-20 02:19 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-20 02:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-05-20 02:13 - 2017-02-11 19:45 - 00000000 ____D C:\Users\Paradigm\AppData\LocalLow\Mozilla
2017-05-20 02:11 - 2017-02-11 19:54 - 00000000 ____D C:\Users\Paradigm\Tracing
2017-05-20 02:10 - 2017-03-04 03:02 - 00000000 ____D C:\Users\Paradigm\AppData\Local\792d
2017-05-20 02:10 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-20 01:12 - 2009-11-20 15:22 - 00000000 ____D C:\ProgramData\WildTangent
2017-05-20 01:12 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-11 03:07 - 2017-02-11 20:26 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-11 03:07 - 2017-02-11 20:26 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-11 03:07 - 2017-02-11 20:26 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-11 03:06 - 2017-02-11 20:26 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-11 03:06 - 2009-11-20 15:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-10 03:40 - 2017-02-11 21:09 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-10 03:28 - 2017-02-11 20:13 - 00000000 ____D C:\Windows\system32\MRT
2017-05-10 03:14 - 2017-02-11 20:13 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-06 04:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-05-06 03:25 - 2017-02-11 20:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-06 03:25 - 2017-02-11 20:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-05-06 03:25 - 2017-02-11 19:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-01 04:00 - 2017-02-11 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-30 17:30 - 2017-02-11 20:59 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-04-28 05:15 - 2017-02-11 19:34 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 05:15 - 2017-02-11 19:34 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some files in TEMP:
====================
2017-02-19 21:01 - 2017-02-19 21:01 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Paradigm\AppData\Local\Temp\BSvcProcessor.exe
2017-02-19 21:01 - 2017-02-19 21:01 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Paradigm\AppData\Local\Temp\BSvcUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-13 14:18

==================== End of FRST.txt ============================

 

 

FARBAR ADDITION

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-05-2017
Ran by Paradigm (21-05-2017 20:39:12)
Running from C:\Users\Paradigm\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-02-11 23:03:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3930469662-734786788-2123210846-500 - Administrator - Disabled)
Guest (S-1-5-21-3930469662-734786788-2123210846-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3930469662-734786788-2123210846-1002 - Limited - Enabled)
Paradigm (S-1-5-21-3930469662-734786788-2123210846-1001 - Administrator - Enabled) => C:\Users\Paradigm

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3503 - Acer Incorporated)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.551.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{809d6195-c786-46ba-814e-b02504c1f473}) (Version:  - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {37A8C543-8B25-46E4-9CA7-004AECFECF23} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\eMachines\eMachines Recovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {5E07284B-A4CE-4767-A4A2-06415D01201A} - System32\Tasks\UALU notificatin => C:\Program Files\eMachines\eMachines Updater\UALU.exe [2016-06-08] (Acer Incorporated)
Task: {85E07A83-47DA-4037-91E6-1C9788ECA5DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-11] (Google Inc.)
Task: {AEAE2B00-B791-41D5-9E51-124545176C0E} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {CE01BB74-E1F9-4FE3-90B1-AE436C1EB1A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-11] (Google Inc.)
Task: {EC5F8DB8-AEAF-4B02-BB09-8E736089547B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-22 18:26 - 2015-09-22 18:26 - 00287736 _____ () C:\Program Files\KODAK VERITE\KOBAA\KOabmini.dll
2009-04-19 11:34 - 2009-04-19 11:34 - 00625184 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-04-19 11:34 - 2009-04-19 11:34 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-04-19 11:34 - 2009-04-19 11:34 - 00578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2017-05-20 02:00 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2009-04-19 11:34 - 2009-04-19 11:34 - 00207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-04-30 17:30 - 00000857 _____ C:\Windows\system32\Drivers\etc\hosts


0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3930469662-734786788-2123210846-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paradigm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4518D8C9-C8D5-4497-BFE0-FB8F84401062}] => (Allow) svchost.exe
FirewallRules: [{367086BE-7AEC-45CD-82FA-8563540FC69E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{5C0AEEBF-192E-44BC-8358-F8808063A4FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C0E93CB-EFEE-4580-B0DD-2F0B514FF351}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2017 11:23:55 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80042308).

Error: (05/20/2017 11:23:55 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308).

Error: (05/20/2017 11:23:53 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy12 - 0000000000000058,0x00560038,0000000000200FE0,0,00000000000FE5F0,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (05/20/2017 03:02:07 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11 - 00000000000000FC,0x00560038,0000000000350FE0,0,00000000000FE5F0,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (05/19/2017 03:05:32 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy24 - 00000000000000F0,0x00560038,00000000003A0FE0,0,000000000038E5F0,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (05/18/2017 03:04:01 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy23 - 0000000000000184,0x00560038,0000000000290FE0,0,000000000044E5F0,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (05/17/2017 03:03:37 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy22 - 0000000000000184,0x00560038,00000000002D0FE0,0,000000000044E5F0,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (05/16/2017 07:57:44 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80042308).

Error: (05/16/2017 07:57:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308).

Error: (05/16/2017 07:57:31 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy21 - 00000000000000F0,0x00560038,0000000000430FE0,0,00000000005DE310,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider


System errors:
=============
Error: (05/21/2017 08:27:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/21/2017 04:11:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2017-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4019264).

Error: (05/21/2017 03:10:08 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/21/2017 03:10:02 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume eMachines encountered a non-retryable error and could not start.  The data contains the error code.

Error: (05/21/2017 03:10:02 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (05/21/2017 03:10:02 AM) (Source: nvstor64) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort1

Model: ST3500418AS

Firmware Version: CC44

Serial Number:             6VMEQZLW

Port: 0

Error: (05/21/2017 03:09:59 AM) (Source: nvstor64) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort1

Model: ST3500418AS

Firmware Version: CC44

Serial Number:             6VMEQZLW

Port: 0

Error: (05/21/2017 03:09:56 AM) (Source: nvstor64) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort1

Model: ST3500418AS

Firmware Version: CC44

Serial Number:             6VMEQZLW

Port: 0

Error: (05/21/2017 03:09:54 AM) (Source: nvstor64) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort1

Model: ST3500418AS

Firmware Version: CC44

Serial Number:             6VMEQZLW

Port: 0

Error: (05/21/2017 03:09:51 AM) (Source: nvstor64) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort1

Model: ST3500418AS

Firmware Version: CC44

Serial Number:             6VMEQZLW

Port: 0


==================== Memory info ===========================

Processor: AMD Athlon™ Processor LE-1660
Percentage of memory in use: 73%
Total physical RAM: 1790.49 MB
Available physical RAM: 467.53 MB
Total Virtual: 3580.98 MB
Available Virtual: 1576.86 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:453.66 GB) (Free:399.48 GB) NTFS
Drive g: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:419.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 58B5D82E)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

MAL-WARE BYTES

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/21/17
Scan Time: 2:43 AM
Log File: mal ware bytes log.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1986
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311033
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 8 hr, 16 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

 

ROCKET GRANNIE

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 22nd May, 2017
Running from:C:\Users\Paradigm\Downloads (20:42:58 - 05/21/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 25 NPAPI (25.0.0.171)
Malwarebytes (3.1.2.1733)
Microsoft Silverlight (5.1.50906.0)
Mozilla Firefox (53.0.2)
Windows Live Essentials (14.0.8089.726) ==> is out of Date

***----------------Analysis Complete-------------------------***



#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,051 posts

Posted 23 May 2017 - 08:15 AM

Hello katmandu and welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.


Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process should be completed. Even if your computer appears to be running better, it may still be infected as some infections are difficult to remove and can leave remnants on the System.


I suggest printing out each set of the following instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.
 
 

I do not see anything malicious in your logs. I will ask you to run a fix with FRST just to clean up some entries that are not needed and leftovers. After that I want to eliminate the possibility of the existence of remnants of infection so please proceed with AdwCleaner and ESET Online Scanner.


NOTICE: The following script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Accept any security warning that may appear.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Then paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-3930469662-734786788-2123210846-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3930469662-734786788-2123210846-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3930469662-734786788-2123210846-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS731
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2017-02-19 21:01 - 2017-02-19 21:01 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Paradigm\AppData\Local\Temp\BSvcProcessor.exe
2017-02-19 21:01 - 2017-02-19 21:01 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Paradigm\AppData\Local\Temp\BSvcUpdater.exe
End

Save the file as fixlist.txt in to the same place where FRST64 is (which in your case is in C:\Users\Paradigm\Downloads folder);
Right-click the FRST64 icon and select Run as administrator to run the tool;
Accept the security warning that may appear;
Click the Fix button only once and wait;
When finished FRST will generate a log on the computer's Desktop (fixlog.txt). Please post it to your reply;
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work;

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.



Next,

Please download Malwarebytes AdwCleaner by Malwarebytes and save it to your computer's Desktop.

  • Close all open programs and internet browsers.
  • Right-click on the icon and select Run as administrator to start the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If nothing is found exit from AdwCleaner., otherwise continue as follow:
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

 

Next,

Please scan your computer with ESET Online Scanner. This is a very thorough scan and may take some time to complete.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.



To summarize, please post the contents of the following logs:
fixlog.txt
AdwCleaner clean log
ESET log (if it produced one).


Let me know how is your computer running. Was there any improvement?

Thank you.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 katmandu

katmandu

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 24 May 2017 - 11:45 PM

Thanks so very much! I will apply your instructions and let you know when it is complete! Have a great day!



#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,051 posts

Posted 20 June 2017 - 09:32 AM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a New Topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!