Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.02.2018 02 Ran by Admin (administrator) on BOBS-LAPTOP (27-02-2018 23:51:27) Running from C:\Users\Admin\Desktop\FRST DOCs Loaded Profiles: Admin & Betty Tremblay & Guest (Available Profiles: Admin & Betty Tremblay & Guest) Platform: Microsoft® Windows Vista™ Home Basic (X86) Language: English (United States) Internet Explorer Version 7 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\Program Files\ATK Hotkey\ASLDRSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe () C:\TOSHIBA\IVP\ISM\pinger.exe (Microsoft Corporation) C:\Windows\System32\Locator.exe () C:\TOSHIBA\IVP\swupdate\swupdtmr.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe () C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (Farbar) C:\Users\Admin\Desktop\FRST (1).exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-08-09] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [NDSTray.exe] => NDSTray.exe HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation) HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION) HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [292824 2018-02-26] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-07] (Google Inc.) HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.) HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation) HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {d1c358bb-15d6-11e8-9c21-00164417c642} - E:\setupSNK.exe HKU\S-1-5-21-144978628-2293470025-642614174-1001\...\Run: [TOSCDSPD] => TOSCDSPD.EXE HKU\S-1-5-21-144978628-2293470025-642614174-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-07] (Google Inc.) HKU\S-1-5-21-144978628-2293470025-642614174-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIUE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-144978628-2293470025-642614174-1001\...\MountPoints2: {f5343400-0c08-11e4-ac9d-001d60f1eb19} - E:\setupSNK.exe HKU\S-1-5-21-144978628-2293470025-642614174-501\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-07] (Google Inc.) HKU\S-1-5-21-144978628-2293470025-642614174-501\...\MountPoints2: E - E:\setupSNK.exe HKU\S-1-5-21-144978628-2293470025-642614174-501\...\MountPoints2: F - F:\LaunchU3.exe HKU\S-1-5-21-144978628-2293470025-642614174-501\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2006-11-02] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{6884B05B-300C-4221-B775-EAD2BD1D1BD8}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-144978628-2293470025-642614174-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-144978628-2293470025-642614174-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart HKU\S-1-5-21-144978628-2293470025-642614174-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart HKU\S-1-5-21-144978628-2293470025-642614174-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart SearchScopes: HKLM -> DefaultScope {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}; SearchScopes: HKLM -> {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}; SearchScopes: HKU\S-1-5-21-144978628-2293470025-642614174-1001 -> DefaultScope {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};&rlz=1I7TSHB_enUS565 SearchScopes: HKU\S-1-5-21-144978628-2293470025-642614174-1001 -> {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};&rlz=1I7TSHB_enUS565 SearchScopes: HKU\S-1-5-21-144978628-2293470025-642614174-501 -> DefaultScope {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};&rlz=1I7TSHB_enUS565 SearchScopes: HKU\S-1-5-21-144978628-2293470025-642614174-501 -> {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};&rlz=1I7TSHB_enUS565 BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION) BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-08-09] (Sun Microsystems, Inc.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-144978628-2293470025-642614174-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-144978628-2293470025-642614174-501 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 [2018-02-17] FF Session Restore: Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 -> is enabled. FF Extension: (AdBlock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-12-15] FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi [2017-12-14] FF Extension: (Spider Solitaire) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{a8bec30a-4733-4f9b-8c29-f391ba02ce2c}.xpi [2017-12-14] FF Extension: (Flash and Video Download) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-16] FF Extension: (Adblock Plus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-07] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-19] [Legacy] [not signed] FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-12] (Google, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://google%20chrome/ CHR StartupUrls: Default -> "hxxps://www.facebook.com/" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-02-27] CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-27] CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2018-02-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed] R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [301648 2018-02-26] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5981760 2018-02-26] (AVG Technologies CZ, s.r.o.) R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed] R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [581104 2015-10-04] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation) R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes) R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] () R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] () R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [File not signed] R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed] R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-08-09] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [157320 2018-02-26] (AVG Technologies CZ, s.r.o.) R1 avgbdisk; C:\Windows\System32\drivers\avgbdiskx.sys [135808 2018-02-26] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [249160 2018-02-26] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [150952 2018-02-26] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [270272 2018-02-26] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [43920 2018-02-26] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35192 2018-02-26] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [116784 2018-02-26] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\Windows\System32\drivers\avgRdr.sys [62968 2018-02-26] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [63208 2018-02-26] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [775992 2018-02-26] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [383728 2018-02-26] (AVG Technologies CZ, s.r.o.) R3 avgStmXP; C:\Windows\System32\drivers\avgStmXP.sys [197736 2018-02-26] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [303168 2018-02-26] (AVG Technologies CZ, s.r.o.) S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation) S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed] R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-02-07] (Malwarebytes) R0 MrFilter; C:\Windows\system32\Drivers\MrFilter.sys [12384 2003-10-16] (Roxio) [File not signed] R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed] R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation ) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-26 22:43 - 2018-02-26 22:44 - 000000000 ____D C:\Users\Admin\Desktop\AVG Free 2018-02-26 22:42 - 2018-02-26 22:43 - 000000000 ____D C:\Users\Admin\Desktop\ESET Scanner A 2018-02-26 22:41 - 2018-02-26 22:42 - 000000000 ____D C:\Users\Admin\Desktop\RGSA Security Analysis 2018-02-26 22:39 - 2018-02-26 22:41 - 000000000 ____D C:\Users\Admin\Desktop\Geekstogo. Files for fixing 2018-02-26 22:30 - 2018-02-26 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2018-02-26 22:29 - 2018-02-26 22:29 - 000775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000383728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000320440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe 2018-02-26 22:29 - 2018-02-26 22:29 - 000303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000249160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000197736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStmXP.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000157320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000062968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys 2018-02-26 22:29 - 2018-02-26 22:29 - 000035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys 2018-02-26 22:27 - 2018-02-26 22:27 - 000000000 ____D C:\Program Files\AVG 2018-02-25 00:27 - 2018-02-25 00:27 - 000001226 _____ C:\Users\Admin\Desktop\Malwarebytes Scan and Quaratine Report.txt 2018-02-24 00:44 - 2018-02-24 00:44 - 000001637 _____ C:\Users\Admin\Desktop\Paint.lnk 2018-02-22 18:20 - 2018-02-22 18:20 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\Admin\Documents\flashplayer28pp_ha_install (1).exe 2018-02-22 14:41 - 2018-02-22 14:41 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\Admin\Documents\flashplayer28pp_ha_install.exe 2018-02-22 10:58 - 2018-02-22 10:31 - 002602438 _____ C:\Users\Admin\Documents\System Diagnostics report--2-22-2018.html 2018-02-22 00:49 - 2018-02-22 00:49 - 000032868 _____ C:\Users\Admin\Documents\download.htm 2018-02-22 00:22 - 2018-02-22 00:22 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers 2018-02-19 21:00 - 2018-02-19 21:01 - 000001633 _____ C:\Users\Admin\Desktop\Fixlog A.txt 2018-02-19 20:55 - 2018-02-17 18:20 - 000023350 _____ C:\Users\Admin\Documents\ConfigFree Diagnostic Log 2-17-2018.txt 2018-02-19 20:45 - 2018-02-19 20:48 - 000030465 _____ C:\Users\Admin\Desktop\Addition A2 (2).txt 2018-02-19 20:44 - 2018-02-19 20:46 - 000026517 _____ C:\Users\Admin\Desktop\FRST A 2 (2).txt 2018-02-19 20:42 - 2018-02-19 20:42 - 000000302 _____ C:\Users\Admin\Desktop\fixlist A 2 (2) - Shortcut.lnk 2018-02-19 20:38 - 2018-02-19 20:36 - 000000179 _____ C:\fixlist (2).txt 2018-02-19 20:12 - 2018-02-19 20:12 - 000000000 ____D C:\Users\Admin\AppData\Roaming\EncryptStick 2018-02-19 20:03 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt.txt 2018-02-19 19:57 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt 2018-02-16 21:49 - 2018-02-18 21:19 - 000000000 ____D C:\Users\Admin\AppData\Roaming\U3 2018-02-16 21:15 - 2018-02-16 21:15 - 000000000 ____D C:\BETTYSLAPTOP 2018-02-16 12:58 - 2018-02-16 12:58 - 000000000 ____D C:\RTL8187B_5_6.1135.0625.2008_Silent_Install 2018-02-16 12:56 - 2018-02-16 12:47 - 010216537 _____ C:\RTL8187B_5_6.1135.0625.2008_Silent_Install.zip 2018-02-14 17:57 - 2018-02-17 20:35 - 000000000 ____D C:\AdwCleaner 2018-02-14 16:47 - 2018-02-23 20:26 - 000027190 _____ C:\Users\Admin\Desktop\FRST A.txt 2018-02-14 16:47 - 2018-02-22 07:47 - 000030718 _____ C:\Users\Admin\Desktop\Addition A.txt 2018-02-14 16:15 - 2018-02-14 16:15 - 000026843 _____ C:\Users\Admin\Documents\Scan result of Farbar Recovery Scan Tool (FRST) 02.2-12-18.txt 2018-02-14 15:43 - 2018-02-27 23:51 - 000000000 ___RD C:\Users\Admin\Desktop\FRST DOCs 2018-02-12 17:36 - 2018-02-12 17:36 - 000031217 _____ C:\Users\Admin\Documents\Addition-log 2-11-18.txt 2018-02-12 16:45 - 2018-02-12 16:45 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup (1).exe 2018-02-12 11:39 - 2018-02-12 11:39 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup.exe 2018-02-11 20:13 - 2018-02-11 20:13 - 001764352 _____ (Farbar) C:\Users\Admin\Desktop\FRST (1).exe 2018-02-11 18:55 - 2018-02-11 18:55 - 000000000 ____D C:\ProgramData\SecuritySuite 2018-02-10 16:29 - 2018-02-10 16:29 - 000143736 _____ C:\Windows\Minidump\Mini021018-01.dmp 2018-02-08 20:27 - 2018-02-08 20:27 - 000114688 _____ C:\Users\Admin\Documents\forum screen shot 2.wps 2018-02-08 20:26 - 2018-02-08 20:26 - 000101888 _____ C:\Users\Admin\Documents\forum screen shot 1.wps 2018-02-08 19:52 - 2018-02-08 19:52 - 000171520 _____ C:\Users\Admin\Documents\Farbar Recovry Scan Tool 2-8-18.wps 2018-02-08 19:49 - 2018-02-14 15:59 - 000026843 _____ C:\Users\Admin\Documents\FRST.wps.wps 2018-02-08 19:47 - 2018-02-27 23:51 - 000000000 ____D C:\FRST 2018-02-08 09:36 - 2018-02-08 09:36 - 000533504 _____ C:\Users\Admin\Documents\Untitled Document.wps 2018-02-08 09:29 - 2018-02-08 09:29 - 000584192 _____ C:\Users\Admin\Documents\System.wps 2018-02-08 09:23 - 2018-02-08 09:36 - 000288256 _____ C:\Users\Admin\Documents\Bookmarks.wps 2018-02-07 20:57 - 2018-02-07 20:57 - 000098304 _____ C:\Users\Admin\Documents\Trojan.wps 2018-02-07 20:56 - 2018-02-25 12:52 - 000001068 _____ C:\Users\Admin\AppData\Roaming\wklnhst.dat 2018-02-07 20:56 - 2018-02-07 20:56 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Template 2018-02-07 16:13 - 2018-02-07 16:13 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk 2018-02-07 16:13 - 2018-02-07 16:13 - 000000000 ____D C:\Program Files\Microsoft Office 2018-02-07 16:12 - 2018-02-07 16:12 - 000000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk 2018-02-07 16:10 - 2018-02-07 16:12 - 000000000 ____D C:\Program Files\Microsoft Works 2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ C:\Program Files\GUT4C8B.tmp 2018-02-06 20:55 - 2018-02-06 20:55 - 001129816 _____ (Google Inc.) C:\Users\Guest\Downloads\ChromeSetup.exe 2018-02-06 20:55 - 2018-02-06 20:55 - 000000000 ____D C:\Program Files\GUM4C6B.tmp 2018-02-06 20:24 - 2018-02-06 20:24 - 000000000 ____D C:\Users\Guest\AppData\Local\CEF 2018-02-06 18:10 - 2018-02-08 16:03 - 000000000 ___SD C:\Users\Admin\AppData\LocalLow\Temp 2018-02-06 17:48 - 2018-02-12 16:46 - 000001954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-05 22:25 - 2018-02-05 22:26 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\chrome_cleanup_tool.exe 2018-02-05 21:55 - 2018-02-05 21:56 - 001129816 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe 2018-02-05 00:07 - 2018-02-05 00:07 - 005838920 _____ (Adobe Systems Inc.) C:\Users\Admin\Downloads\Shockwave_Installer_Slim.exe 2018-02-04 20:55 - 2018-02-07 13:06 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-02-04 20:55 - 2018-02-04 20:55 - 000001826 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-02-04 20:55 - 2018-02-04 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-02-04 20:55 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys 2018-02-04 20:54 - 2018-02-04 20:54 - 000000000 ____D C:\Program Files\Malwarebytes 2018-02-04 20:51 - 2018-02-04 20:52 - 081173944 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3857.exe 2018-02-04 20:43 - 2018-02-04 20:43 - 000000000 ____D C:\Program Files\Common Files\AVG 2018-02-04 20:42 - 2018-02-04 20:42 - 001142064 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll 2018-02-04 19:43 - 2018-02-04 19:43 - 000002152 _____ C:\Windows\epplauncher.mif ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-27 23:22 - 2014-08-03 11:23 - 000000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2018-02-27 23:20 - 2006-11-02 07:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-02-27 23:20 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2018-02-27 23:20 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2018-02-26 22:52 - 2006-11-02 07:58 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-02-26 22:30 - 2015-11-01 18:25 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AVG 2018-02-26 22:30 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Admin\AppData\Local\Avg 2018-02-26 22:26 - 2015-11-01 18:14 - 000000000 ____D C:\ProgramData\Avg 2018-02-26 18:18 - 2017-12-14 16:03 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET 2018-02-25 12:51 - 2013-12-07 09:44 - 000000000 ____D C:\Users\Admin\AppData\Local\Google 2018-02-22 18:27 - 2014-07-14 07:45 - 000000000 ____D C:\Windows\pss 2018-02-22 12:07 - 2017-09-18 18:41 - 000000000 ___RD C:\Users\Admin\Desktop\Bob 2018-02-22 10:28 - 2013-12-07 09:44 - 000082904 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2018-02-22 05:47 - 2006-11-02 07:44 - 000322440 _____ C:\Windows\system32\FNTCACHE.DAT 2018-02-19 19:56 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf 2018-02-19 19:56 - 2006-11-02 05:33 - 000716948 _____ C:\Windows\system32\PerfStringBackup.INI 2018-02-18 21:11 - 2017-06-15 23:17 - 000000000 ____D C:\c393470bc6f864048692b458 2018-02-17 11:53 - 2014-07-22 15:10 - 000000000 ____D C:\Users\Betty Tremblay 2018-02-17 11:53 - 2014-03-24 19:01 - 000000000 ____D C:\Users\Guest 2018-02-17 11:53 - 2013-12-07 09:42 - 000000000 ____D C:\Users\Admin 2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool 2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration 2018-02-17 11:53 - 2006-11-02 05:22 - 029884416 _____ C:\Windows\system32\config\software_previous 2018-02-17 11:53 - 2006-11-02 05:22 - 023592960 _____ C:\Windows\system32\config\system_previous 2018-02-17 11:53 - 2006-11-02 05:22 - 021233664 _____ C:\Windows\system32\config\components_previous 2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous 2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous 2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous 2018-02-14 18:10 - 2014-07-22 16:57 - 000000008 __RSH C:\ProgramData\ntuser.pol 2018-02-12 16:46 - 2017-10-19 13:47 - 000001942 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-11 19:32 - 2016-03-30 19:04 - 000000000 ____D C:\Users\Guest\AppData\Roaming\AVG 2018-02-11 19:32 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Guest\AppData\Local\Avg 2018-02-10 16:29 - 2013-12-12 15:39 - 000000000 ____D C:\Windows\Minidump 2018-02-10 16:28 - 2017-09-19 18:26 - 281696941 _____ C:\Windows\MEMORY.DMP 2018-02-07 16:12 - 2007-08-09 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works 2018-02-07 16:12 - 2006-11-02 06:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-02-07 13:05 - 2006-11-02 07:44 - 000058368 _____ C:\Windows\system32\umstartup.etl 2018-02-06 17:48 - 2007-08-09 19:01 - 000000000 ____D C:\Program Files\Google 2018-02-05 22:55 - 2013-12-27 16:36 - 000000000 ____D C:\Users\Admin\Desktop\Unused Programs 2018-02-05 19:52 - 2013-12-25 19:53 - 000014336 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-02-04 23:00 - 2007-08-09 18:57 - 000000000 ____D C:\ProgramData\Adobe 2018-02-04 22:58 - 2007-08-09 18:43 - 000000000 ____D C:\Windows\system32\Macromed 2018-02-04 22:47 - 2015-10-24 21:09 - 000000000 ____D C:\Users\Admin\AppData\Local\AvgSetupLog 2018-02-04 20:54 - 2014-07-13 18:33 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-02-04 18:55 - 2017-12-14 19:04 - 000000000 ____D C:\Program Files\Mozilla Firefox ==================== Files in the root of some directories ======= 2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ () C:\Program Files\GUT4C8B.tmp 2018-02-07 20:56 - 2018-02-25 12:52 - 000001068 _____ () C:\Users\Admin\AppData\Roaming\wklnhst.dat 2014-07-14 13:35 - 2014-07-14 13:35 - 000000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat 2013-12-25 19:53 - 2018-02-05 19:52 - 000014336 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-02-27 23:28 ==================== End of FRST.txt ============================