Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018 Ran by Ruth (12-09-2018 12:18:51) Running from C:\Users\Ruth\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2011-02-26 00:14:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled) Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled) Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4} FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.) Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.5273 - AVAST Software) Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software) Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 68.0.746.59 - AVAST Software) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) EditPlus (HKLM\...\EditPlus) (Version: - ES-Computing) Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version: - Iplay) FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version: - ) Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.) iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.) iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.) Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Visio Professional (HKLM\...\Visio Professional) (Version: - ) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.) ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.) ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY) ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital) ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital) ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {0E33A399-D592-4A3C-A4C4-F196E804823E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-23] (AVAST Software) Task: {1159AE28-D6A5-4F28-BF43-F1CDC9F359D0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd) Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {20C253A5-3950-4675-B2F7-BAC0337DFB65} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated) Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-12] (Adobe Systems Incorporated) Task: {38F7060C-68F5-42CB-BD03-348C68B46BF6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software) Task: {3B26E35B-3601-4886-8EC6-A463F3E842F3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software) Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.) Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG Task: {79B55048-C554-4440-976B-66DE295D3FBB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-11] (AVAST Software) Task: {7EF8474D-95CD-48AE-83E1-B14F68DD2D0C} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-07-24] (AVAST Software) Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd) Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670 ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670 ==================== Loaded Modules (Whitelisted) ============== 1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll 2018-07-17 12:34 - 2018-07-17 12:34 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-09-12 09:37 - 2018-09-12 09:37 - 005691536 _____ () C:\Program Files\AVAST Software\Avast\defs\18091202\algo.dll 2018-07-17 12:34 - 2018-07-17 12:34 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll 2018-07-17 12:34 - 2018-07-17 12:34 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2018-07-17 12:34 - 2018-07-17 12:34 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2018-07-17 12:34 - 2018-07-17 12:34 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2018-09-12 12:11 - 2018-09-12 12:11 - 005691536 _____ () C:\Program Files\AVAST Software\Avast\defs\18091204\algo.dll 2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll 2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe 2018-08-08 07:00 - 2018-08-29 20:29 - 002268736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-08-08 07:00 - 2018-08-29 20:29 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2011-02-26 15:56 - 2012-01-23 21:57 - 000052224 _____ () C:\Users\Ruth\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2018-03-06 22:05 - 2018-03-06 22:05 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-07-17 12:34 - 2018-07-17 12:34 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2018-01-04 22:50 - 2016-09-12 15:53 - 048936448 _____ () C:\Program Files\AVAST Software\Avast Cleanup\libcef.dll 2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll 2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:11590865 [256] AlternateDataStreams: C:\ProgramData\Temp:1709732A [246] AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270] AlternateDataStreams: C:\ProgramData\Temp:3AF262FC [145] AlternateDataStreams: C:\ProgramData\Temp:614F17D3 [105] AlternateDataStreams: C:\ProgramData\Temp:7BB584AA [139] AlternateDataStreams: C:\ProgramData\Temp:884C7316 [258] AlternateDataStreams: C:\ProgramData\Temp:9EDA68BD [151] AlternateDataStreams: C:\ProgramData\Temp:D507B5A8 [103] AlternateDataStreams: C:\ProgramData\Temp:ECBC3CA7 [428] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2018-09-12 05:25 - 000000032 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869 FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900 FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484 FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000 FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{CF17DCD6-7C22-4315-9700-76C220339E23}] => (Allow) LPort=61116 FirewallRules: [{D7D162BC-88E5-40CC-AC2C-07459DA91F56}] => (Allow) LPort=21112 FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{4DC4C854-0431-4C90-8172-FF6A302588FF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{A14636A2-2567-40B5-96D9-67BBF95A5F0C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe FirewallRules: [{C0699B73-56D9-430B-B540-7A7525EE1D21}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe FirewallRules: [{2CA9306E-EB6B-4F5D-94E0-F959AE560546}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{C5FE793E-8982-4987-9F45-B770488D02C2}] => (Allow) LPort=61117 FirewallRules: [{59A6F964-0ECB-43EA-BCA8-904730A9583C}] => (Allow) LPort=61116 FirewallRules: [{9B9F8977-1C60-445E-84D6-5610328E171E}] => (Allow) LPort=21112 ==================== Restore Points ========================= 12-09-2018 03:01:44 Windows Update ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN Adapter Description: Cisco Systems VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: tmcomm Description: tmcomm Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tmcomm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/12/2018 12:07:08 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (09/12/2018 11:06:47 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (09/12/2018 10:51:54 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (09/12/2018 10:48:26 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.9600.19130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2958 Start Time: 01d44aa64eb2c457 Termination Time: 70 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error: (09/12/2018 10:06:49 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (09/12/2018 09:06:47 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (09/12/2018 08:28:49 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (09/12/2018 08:06:47 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. System errors: ============= Error: (09/12/2018 12:04:54 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (09/12/2018 12:04:53 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (09/12/2018 12:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The tmcomm service failed to start due to the following error: A device attached to the system is not functioning. Error: (09/12/2018 12:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The tmcomm service failed to start due to the following error: A device attached to the system is not functioning. Error: (09/12/2018 12:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The tmcomm service failed to start due to the following error: A device attached to the system is not functioning. Error: (09/12/2018 12:04:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VBoxAsw Support Driver service failed to start due to the following error: The system cannot find the path specified. Error: (09/12/2018 12:04:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The tmcomm service failed to start due to the following error: A device attached to the system is not functioning. Error: (09/12/2018 12:04:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed. Windows Defender: =================================== Date: 2015-12-09 03:47:27.607 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Dowadmin&threatid=223436 Name:SoftwareBundler:Win32/Dowadmin ID:223436 Severity:High Category:Software Bundler Path Found:file:C:\Users\Ruth\Downloads\Setup.exe Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2015-12-06 13:27:08.631 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Dowadmin&threatid=223436 Name:SoftwareBundler:Win32/Dowadmin ID:223436 Severity:High Category:Software Bundler Path Found:file:C:\Users\Ruth\Downloads\Setup.exe Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2015-12-02 06:38:10.446 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Dowadmin&threatid=223436 Name:SoftwareBundler:Win32/Dowadmin ID:223436 Severity:High Category:Software Bundler Path Found:file:C:\Users\Ruth\Downloads\Setup.exe Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2015-11-21 11:06:13.461 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Dowadmin&threatid=223436 Name:SoftwareBundler:Win32/Dowadmin ID:223436 Severity:High Category:Software Bundler Path Found:file:C:\Users\Ruth\Downloads\Setup.exe Detection Type:Concrete Detection Source:Real-Time Protection Status:Unknown Process Name: CodeIntegrity: =================================== Date: 2016-08-24 06:16:50.130 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 06:16:49.506 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 22:16:38.222 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 22:16:37.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-18 06:08:35.459 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-18 06:08:34.975 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 03:31:40.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 03:31:40.320 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz Percentage of memory in use: 63% Total physical RAM: 2997.83 MB Available physical RAM: 1089.85 MB Total Virtual: 5994.03 MB Available Virtual: 3921.49 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:22.98 GB) NTFS Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:602.76 GB) NTFS Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:395.25 GB) NTFS \\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================