Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Virus or spyware

Started by RobertDad , Feb 08 2018 07:24 PM
clean this device Facebook and ESET Scanner download Scanner

  • Please log in to reply

#31
Bruce1270
Posted 19 February 2018 - 05:06 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi

Can you try this FRST fix please. Copy it to the USB drive first and then transfer it to RobertDads laptop. Make sure it is in the same place as FRST. Ideally make sure both FRST and the fixlist are on the desktop.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   179bytes   153 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    After this can you check the internet connection.

  • 0

Advertisements

#32
RobertDad
Posted 19 February 2018 - 07:52 PM

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

I am truly sorry, but I do not understand you reply.   I put FRST on this computer. or on the Flash drive, transfer it to bobs laptop!   ???

Bob has FRST1 on his laptop but it says it failed to update 1. Do I delete that one and do a new one to the flash drive, Nothing is going right.   What do I download to the flash drive.

 

I hope this is the correct log.

 

Attached Files


Edited by RobertDad, 19 February 2018 - 08:20 PM.

  • 0

#33
RobertDad
Posted 20 February 2018 - 12:12 AM

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

This is another Screen that came up after the above screenshot I sent.  I clicked on the Details in the smaller window and the came up beside it, so I got both on one screenshot.

Attached Thumbnails

  • Screen Print.jpg

  • 0

#34
Bruce1270
Posted 20 February 2018 - 05:23 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi

The fix ran ok. :thumbsup:

The screenshot you are seeing is ConfigFree which is Toshiba's utility for configuring wireless and wired network connectivity. Make sure all applications and programs are closed and shutdown and reboot the computer and see if the utility will set up the connection.
  • 0

#35
RobertDad
Posted 20 February 2018 - 06:33 PM

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

No it still will not connect to the internet.

 

I was typing to ask you about safe & secure websites I could download a "Driver Updater".   All of a sudden this happen to your page:

 

Attached Thumbnails

  • Page screw-up.JPG

Edited by RobertDad, 20 February 2018 - 06:56 PM.

  • 0

#36
RobertDad
Posted 22 February 2018 - 12:00 AM

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Well I have RobertDad up and running.  I went into Change Proxy Setting, and clicked on set up an internet connection.  It said that the security settings did not match, so I made them match, and we are in business.    Now onto the clean this device.

 

I just tried to log-in on Facebook and the "clean this device" message never came up and Facebook accepted his password and opened right up. Not sure what this means but I will see you tomorrow. 


Edited by RobertDad, 22 February 2018 - 12:06 AM.

  • 0

#37
Bruce1270
Posted 22 February 2018 - 02:11 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
That's great news! Well done you :)

Please run a fresh set of FRST logs for me to see where we are.
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.

    Thanks

  • 0

#38
RobertDad
Posted 22 February 2018 - 07:04 AM

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Thank you, it has been fun and a real learning experience.       Here hopefully are good logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.02.2018 02
Ran by Admin (administrator) on BOBS-LAPTOP (22-02-2018 07:46:17)
Running from C:\Users\Admin\Desktop\FRST DOCs
Loaded Profiles: Admin (Available Profiles: Admin & Betty Tremblay & Guest)
Platform: Microsoft® Windows Vista™ Home Basic  (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Farbar) C:\Users\Admin\Desktop\FRST DOCs\FRST (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-08-09] (Microsoft Corporation)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Web TuneUp\vprot.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-07] (Google Inc.)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {0ce2ba1f-cbd0-11e3-954f-001d60f1eb19} - E:\setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee279-134c-11e4-aebe-001d60f1eb19} - setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee27c-134c-11e4-aebe-001d60f1eb19} - F:\LaunchU3.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {f5343400-0c08-11e4-ac9d-001d60f1eb19} - E:\setupSNK.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{6884B05B-300C-4221-B775-EAD2BD1D1BD8}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-144978628-2293470025-642614174-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F71E243C-1461-4B08-8537-B76BD787EE41}&mid=b09cd7c151cf47d38a4d5ffb10c79779-d9dea06a694f267ae7894492c5fe8a8b96376a9c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-04 17:00:07&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-08-09] (Sun Microsystems, Inc.)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 [2018-02-17]
FF Session Restore: Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 -> is enabled.
FF Extension: (AdBlock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\[email protected] [2017-12-15]
FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\[email protected] [2017-12-14]
FF Extension: (Spider Solitaire) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{a8bec30a-4733-4f9b-8c29-f391ba02ce2c}.xpi [2017-12-14]
FF Extension: (Flash and Video Download) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-16]
FF Extension: (Adblock Plus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-07] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-19] [Legacy] [not signed]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google%20chrome/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-02-22]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-22]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2018-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [581104 2015-10-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-08-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-02-07] (Malwarebytes)
R0 MrFilter; C:\Windows\system32\Drivers\MrFilter.sys [12384 2003-10-16] (Roxio) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation )
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Guest\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-22 00:49 - 2018-02-22 00:49 - 000032868 _____ C:\Users\Admin\Documents\download.htm
2018-02-22 00:23 - 2018-02-22 00:25 - 000000000 ____D C:\Users\Admin\AppData\Local\SlimWare Utilities Inc
2018-02-22 00:22 - 2018-02-22 00:22 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-02-19 20:55 - 2018-02-17 18:20 - 000023350 _____ C:\Users\Admin\Documents\ConfigFree Diagnostic Log 2-17-2018.txt
2018-02-19 20:38 - 2018-02-19 20:36 - 000000179 _____ C:\fixlist (2).txt
2018-02-19 20:12 - 2018-02-19 20:12 - 000000000 ____D C:\Users\Admin\AppData\Roaming\EncryptStick
2018-02-19 20:03 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt.txt
2018-02-19 19:57 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt
2018-02-16 21:49 - 2018-02-18 21:19 - 000000000 ____D C:\Users\Admin\AppData\Roaming\U3
2018-02-16 21:15 - 2018-02-16 21:15 - 000000000 ____D C:\BETTYSLAPTOP
2018-02-16 12:58 - 2018-02-16 12:58 - 000000000 ____D C:\RTL8187B_5_6.1135.0625.2008_Silent_Install
2018-02-16 12:56 - 2018-02-16 12:47 - 010216537 _____ C:\RTL8187B_5_6.1135.0625.2008_Silent_Install.zip
2018-02-14 17:57 - 2018-02-17 20:35 - 000000000 ____D C:\AdwCleaner
2018-02-14 17:56 - 2018-02-14 17:56 - 008222496 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.0.8.0.exe
2018-02-14 16:15 - 2018-02-14 16:15 - 000026843 _____ C:\Users\Admin\Documents\Scan result of Farbar Recovery Scan Tool (FRST) 02.2-12-18.txt
2018-02-14 15:43 - 2018-02-22 05:54 - 000000000 ___RD C:\Users\Admin\Desktop\FRST DOCs
2018-02-12 17:36 - 2018-02-12 17:36 - 000031217 _____ C:\Users\Admin\Documents\Addition-log 2-11-18.txt
2018-02-12 16:45 - 2018-02-12 16:45 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup (1).exe
2018-02-12 11:39 - 2018-02-12 11:39 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup.exe
2018-02-11 18:55 - 2018-02-11 18:55 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-02-10 16:29 - 2018-02-10 16:29 - 000143736 _____ C:\Windows\Minidump\Mini021018-01.dmp
2018-02-08 20:27 - 2018-02-08 20:27 - 000114688 _____ C:\Users\Admin\Documents\forum screen shot 2.wps
2018-02-08 20:26 - 2018-02-08 20:26 - 000101888 _____ C:\Users\Admin\Documents\forum screen shot 1.wps
2018-02-08 19:52 - 2018-02-08 19:52 - 000171520 _____ C:\Users\Admin\Documents\Farbar Recovry Scan Tool 2-8-18.wps
2018-02-08 19:49 - 2018-02-14 15:59 - 000026843 _____ C:\Users\Admin\Documents\FRST.wps.wps
2018-02-08 19:47 - 2018-02-22 07:46 - 000000000 ____D C:\FRST
2018-02-08 19:02 - 2018-02-08 19:02 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\Admin\Documents\flashplayer28pp_ha_install.exe
2018-02-08 09:36 - 2018-02-08 09:36 - 000533504 _____ C:\Users\Admin\Documents\Untitled Document.wps
2018-02-08 09:29 - 2018-02-08 09:29 - 000584192 _____ C:\Users\Admin\Documents\System.wps
2018-02-08 09:23 - 2018-02-08 09:36 - 000288256 _____ C:\Users\Admin\Documents\Bookmarks.wps
2018-02-07 20:57 - 2018-02-07 20:57 - 000098304 _____ C:\Users\Admin\Documents\Trojan.wps
2018-02-07 20:56 - 2018-02-15 16:05 - 000000880 _____ C:\Users\Admin\AppData\Roaming\wklnhst.dat
2018-02-07 20:56 - 2018-02-07 20:56 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Template
2018-02-07 16:13 - 2018-02-07 16:13 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2018-02-07 16:13 - 2018-02-07 16:13 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-07 16:12 - 2018-02-07 16:12 - 000000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2018-02-07 16:10 - 2018-02-07 16:12 - 000000000 ____D C:\Program Files\Microsoft Works
2018-02-06 20:57 - 2018-02-22 05:50 - 000001049 _____ C:\Users\Public\Desktop\Trend Micro Maximum Security Installer.lnk
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ C:\Program Files\GUT4C8B.tmp
2018-02-06 20:55 - 2018-02-06 20:55 - 001129816 _____ (Google Inc.) C:\Users\Guest\Downloads\ChromeSetup.exe
2018-02-06 20:55 - 2018-02-06 20:55 - 000000000 ____D C:\Program Files\GUM4C6B.tmp
2018-02-06 20:24 - 2018-02-06 20:24 - 000000000 ____D C:\Users\Guest\AppData\Local\CEF
2018-02-06 18:10 - 2018-02-08 16:03 - 000000000 ___SD C:\Users\Admin\AppData\LocalLow\Temp
2018-02-06 17:48 - 2018-02-12 16:46 - 000001954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-05 22:25 - 2018-02-05 22:26 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\chrome_cleanup_tool.exe
2018-02-05 21:55 - 2018-02-05 21:56 - 001129816 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2018-02-05 00:07 - 2018-02-05 00:07 - 005838920 _____ (Adobe Systems Inc.) C:\Users\Admin\Downloads\Shockwave_Installer_Slim.exe
2018-02-04 20:55 - 2018-02-07 13:06 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-04 20:55 - 2018-02-04 20:55 - 000001826 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-04 20:55 - 2018-02-04 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-04 20:55 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-02-04 20:54 - 2018-02-04 20:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-04 20:51 - 2018-02-04 20:52 - 081173944 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3857.exe
2018-02-04 20:43 - 2018-02-04 20:43 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-02-04 20:42 - 2018-02-04 20:42 - 001142064 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-02-04 19:43 - 2018-02-04 19:43 - 000002152 _____ C:\Windows\epplauncher.mif
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-22 07:44 - 2014-08-03 11:23 - 000000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-02-22 07:44 - 2006-11-02 07:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-22 07:44 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-22 07:44 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-22 05:47 - 2006-11-02 07:44 - 000322440 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-22 05:45 - 2006-11-02 07:58 - 000032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-19 19:56 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
2018-02-19 19:56 - 2006-11-02 05:33 - 000716948 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-18 21:11 - 2017-06-15 23:17 - 000000000 ____D C:\c393470bc6f864048692b458
2018-02-17 11:53 - 2014-07-22 15:10 - 000000000 ____D C:\Users\Betty Tremblay
2018-02-17 11:53 - 2014-03-24 19:01 - 000000000 ____D C:\Users\Guest
2018-02-17 11:53 - 2013-12-07 09:42 - 000000000 ____D C:\Users\Admin
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2018-02-17 11:53 - 2006-11-02 05:22 - 029884416 _____ C:\Windows\system32\config\software_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 023592960 _____ C:\Windows\system32\config\system_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 021233664 _____ C:\Windows\system32\config\components_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2018-02-17 11:18 - 2013-12-07 09:44 - 000082904 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-14 18:10 - 2014-07-22 16:57 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-02-12 16:46 - 2017-10-19 13:47 - 000001942 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-11 19:32 - 2016-03-30 19:04 - 000000000 ____D C:\Users\Guest\AppData\Roaming\AVG
2018-02-11 19:32 - 2015-11-01 18:25 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AVG
2018-02-11 19:32 - 2015-11-01 18:14 - 000000000 ____D C:\ProgramData\Avg
2018-02-11 19:32 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Guest\AppData\Local\Avg
2018-02-11 19:32 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Admin\AppData\Local\Avg
2018-02-10 16:29 - 2013-12-12 15:39 - 000000000 ____D C:\Windows\Minidump
2018-02-10 16:28 - 2017-09-19 18:26 - 281696941 _____ C:\Windows\MEMORY.DMP
2018-02-07 16:12 - 2007-08-09 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2018-02-07 16:12 - 2006-11-02 06:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-07 13:05 - 2006-11-02 07:44 - 000058368 _____ C:\Windows\system32\umstartup.etl
2018-02-06 17:48 - 2007-08-09 19:01 - 000000000 ____D C:\Program Files\Google
2018-02-05 22:55 - 2013-12-27 16:36 - 000000000 ____D C:\Users\Admin\Desktop\Unused Programs
2018-02-05 19:52 - 2013-12-25 19:53 - 000014336 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-04 23:00 - 2007-08-09 18:57 - 000000000 ____D C:\ProgramData\Adobe
2018-02-04 22:58 - 2007-08-09 18:43 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-04 22:47 - 2015-10-24 21:09 - 000000000 ____D C:\Users\Admin\AppData\Local\AvgSetupLog
2018-02-04 20:54 - 2014-07-13 18:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-04 18:55 - 2017-12-14 19:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
 
==================== Files in the root of some directories =======
 
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ () C:\Program Files\GUT4C8B.tmp
2018-02-07 20:56 - 2018-02-15 16:05 - 000000880 _____ () C:\Users\Admin\AppData\Roaming\wklnhst.dat
2014-07-14 13:35 - 2014-07-14 13:35 - 000000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2013-12-25 19:53 - 2018-02-05 19:52 - 000014336 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
2018-02-22 00:22 - 2018-02-22 00:22 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\Admin\AppData\Local\Temp\scp177A.tmp.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-22 05:53
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10.02.2018 02
Ran by Admin (22-02-2018 07:47:15)
Running from C:\Users\Admin\Desktop\FRST DOCs
Microsoft® Windows Vista™ Home Basic  (X86) (2013-12-07 15:43:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-144978628-2293470025-642614174-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-144978628-2293470025-642614174-500 - Administrator - Disabled)
Betty Tremblay (S-1-5-21-144978628-2293470025-642614174-1001 - Limited - Enabled) => C:\Users\Betty Tremblay
Guest (S-1-5-21-144978628-2293470025-642614174-501 - Administrator - Enabled) => C:\Users\Guest
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Accessibility (HKLM\...\{2C544254-39F2-4ACA-B779-ABF7297C96CF}) (Version: 1.39.0.19 - TOSHIBA)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0012 - ATK)
AVG 2016 (HKLM\...\{AE3CE485-0996-413D-A897-D2F80D44982D}) (Version: 16.0.4776 - AVG Technologies) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.01.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.5.3 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.3 ESR (x86 en-US)) (Version: 52.5.3 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (HKLM\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
Roxio EasyWrite Reader (HKLM\...\Roxio MRFilter) (Version:  - )
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.3.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.00.03 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.32 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.07 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: TOSH0501 - WildTangent)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4A31C49C-85C2-4EA9-9EE2-25B50291EDE4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {6E13EAB5-D9B5-4172-B280-A1F768473D95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F44C00D9-4EB6-4379-8F77-42D1474B3D60} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {FE22E279-6ECA-44AA-975A-F280CE801E59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2007-08-09 18:20 - 2007-02-05 20:13 - 000094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2007-08-09 19:00 - 2007-01-25 19:47 - 000136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2007-08-09 19:00 - 2007-01-25 19:50 - 000063096 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2018-02-04 20:55 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2006-11-02 01:47 - 2006-11-02 04:46 - 000364544 _____ () C:\Windows\system32\msjetoledb40.dll
2007-08-09 18:32 - 2007-05-18 05:43 - 000430080 _____ () C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2006-09-18 16:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-144978628-2293470025-642614174-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{D7C213BB-E2D9-401F-8A66-05E989416A4A}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{AF8BC4B8-0020-456E-9C70-911D79F4DEFA}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{50F0980E-4BF6-4EC7-A9C6-6872A124B7DF}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F75E44DC-0B64-4EC5-AA2E-B70A5279899F}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{4A751836-57B4-4DC1-8F0D-DABF818B1655}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{B2614497-54C4-4379-BA53-A25C01952C4C}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{249A0849-13FF-4A72-8CFA-22FD97ECDABF}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{B14DD1A0-7999-46C1-9A00-04653E1C1924}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5CDF5219-7183-458C-BD9B-A8E8433FC717}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{880A77DE-3F49-4640-81F2-44F8DE4A775D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger
 
==================== Restore Points =========================
 
15-02-2018 22:42:26 Scheduled Checkpoint
16-02-2018 13:48:05 Scheduled Checkpoint
17-02-2018 10:40:04 Scheduled Checkpoint
17-02-2018 11:51:25 Restore Operation
18-02-2018 22:17:55 Scheduled Checkpoint
19-02-2018 21:00:36 Restore Point Created by FRST
20-02-2018 17:11:36 Scheduled Checkpoint
21-02-2018 18:51:23 Scheduled Checkpoint
22-02-2018 00:25:50 Removed DriverUpdate
22-02-2018 00:35:04 Removed SlimCleaner Plus
 
==================== Faulty Device Manager Devices =============
 
Name: Built-in Infrared Device
Description: Built-in Infrared Device
Class Guid: {6bdd1fc5-810f-11d0-bec7-08002be2092f}
Manufacturer: (Standard Infrared Port)
Service: irsir
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/22/2018 05:50:23 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/22/2018 12:35:23 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: BOBS-LAPTOP)
Description: Event-ID 10007
 
Error: (02/21/2018 10:03:32 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/21/2018 06:57:55 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/20/2018 08:30:09 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/20/2018 05:34:51 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/19/2018 10:22:35 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/19/2018 09:00:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8167be81-b7d5-4714-9637-5c2d5a4716a5}
 
Error: (02/19/2018 07:56:54 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/18/2018 09:44:27 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
 
System errors:
=============
Error: (02/22/2018 07:45:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/22/2018 07:45:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/22/2018 07:44:59 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 10.0.0.8, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (02/22/2018 07:44:59 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (02/22/2018 07:44:05 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer EPSON WF-2540 Series (FAX) with shared resource name EPSON WF-2540 Series (FAX). Error 2114. The printer cannot be used by others on the network.
 
Error: (02/22/2018 07:44:05 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer WF-2540 Series(Network) with shared resource name WF-2540 Series(Network). Error 2114. The printer cannot be used by others on the network.
 
Error: (02/22/2018 07:44:02 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/22/2018 07:43:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:41:28 AM on 2/22/2018 was unexpected.
 
Error: (02/22/2018 05:48:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/22/2018 05:48:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-09 16:52:22.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-09 16:52:22.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-09 16:52:22.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-09 16:52:22.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-09 16:52:22.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-09 16:52:22.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-09 16:52:22.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-09 16:52:22.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-09 16:52:22.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-09 16:52:22.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2310 @ 1.46GHz
Percentage of memory in use: 30%
Total physical RAM: 3062.44 MB
Available physical RAM: 2118.81 MB
Total Virtual: 6304.57 MB
Available Virtual: 5457.85 MB
 
==================== Drives ================================
 
Drive c: (SQ004525V02) (Fixed) (Total:73.06 GB) (Free:39.07 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
\\?\Volume{43956e0f-5f55-11e3-8818-806e6f6e6963}\ (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: E3AF5BFE)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=73.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

#39
Bruce1270
Posted 23 February 2018 - 03:35 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi

Please run this FRST fix.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to the same location as FRST.Attached File  fixlist.txt   5.95KB   230 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe.
    FRSTfix.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Then

    Run Malwarebytes


    Launch Malwarebytes Anti-Malware
    The MBAM dashboard may appear with an alert to update - click the button Fix Now;
    Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.
    Return to the Dashboard click on Scan Now;
    If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    Copy and Paste the contents of the log in your next reply.

  • 0

#40
RobertDad
Posted 23 February 2018 - 11:21 PM

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

This is the only Fixlist.txt  file I can find on the computer desktop.  I ran Frst.exe as administrator and press FIX this attachment is all I got.  

What did I do Wrong.

 
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 10.02.2018 02
Ran by Admin (19-02-2018 21:00:35) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Betty Tremblay & Guest)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{6884B05B-300C-4221-B775-EAD2BD1D1BD8}: [DhcpNameServer] 10.0.0.1
ManualProxies:
EmptyTemp:
*****************
 
Restore point was successfully created.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6884B05B-300C-4221-B775-EAD2BD1D1BD8}\\DhcpNameServer" => not found
"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11247 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10623739 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 432960 B
Edge => 0 B
Chrome => 2602557 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 692 B
NetworkService => 3044 B
Admin => 531053 B
Betty Tremblay => 100586 B
Guest => 0 B
 
RecycleBin => 7488 B
EmptyTemp: => 13.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:01:04 ====

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FIX-NO FIXLIST.jpg


  • 0

Advertisements

#41
RobertDad
Posted 23 February 2018 - 11:30 PM

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

This I found in a folder marked FRST Docs on my C drive , it says log, so I copied it in hopes it is what you need.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.02.2018
Ran by Admin (administrator) on BOBS-LAPTOP (24-02-2018 00:22:28)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Betty Tremblay & Guest)
Platform: Microsoft® Windows Vista™ Home Basic  (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-08-09] (Microsoft Corporation)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Web TuneUp\vprot.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-07] (Google Inc.)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {0ce2ba1f-cbd0-11e3-954f-001d60f1eb19} - E:\setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee279-134c-11e4-aebe-001d60f1eb19} - setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee27c-134c-11e4-aebe-001d60f1eb19} - F:\LaunchU3.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {d1c358bb-15d6-11e8-9c21-00164417c642} - E:\setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {f5343400-0c08-11e4-ac9d-001d60f1eb19} - E:\setupSNK.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{6884B05B-300C-4221-B775-EAD2BD1D1BD8}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-144978628-2293470025-642614174-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F71E243C-1461-4B08-8537-B76BD787EE41}&mid=b09cd7c151cf47d38a4d5ffb10c79779-d9dea06a694f267ae7894492c5fe8a8b96376a9c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-04 17:00:07&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-08-09] (Sun Microsystems, Inc.)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 [2018-02-17]
FF Session Restore: Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 -> is enabled.
FF Extension: (AdBlock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\[email protected] [2017-12-15]
FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\[email protected] [2017-12-14]
FF Extension: (Spider Solitaire) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{a8bec30a-4733-4f9b-8c29-f391ba02ce2c}.xpi [2017-12-14]
FF Extension: (Flash and Video Download) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-16]
FF Extension: (Adblock Plus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-07] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-19] [Legacy] [not signed]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google%20chrome/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-02-24]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-22]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2018-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [581104 2015-10-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-08-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-02-07] (Malwarebytes)
R0 MrFilter; C:\Windows\system32\Drivers\MrFilter.sys [12384 2003-10-16] (Roxio) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation )
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Guest\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-23 23:02 - 2018-02-23 23:02 - 000001633 _____ C:\Users\Admin\Desktop\Fixlog.txt
2018-02-23 22:00 - 2018-02-23 22:00 - 000000179 _____ C:\Users\Admin\Desktop\fixlist-----from Bruce.txt
2018-02-23 20:46 - 2018-02-23 21:21 - 000028466 _____ C:\Users\Admin\Desktop\Addition.txt
2018-02-23 20:43 - 2018-02-24 00:22 - 000015929 _____ C:\Users\Admin\Desktop\FRST.txt
2018-02-23 20:42 - 2018-02-23 20:42 - 001763328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2018-02-22 18:20 - 2018-02-22 18:20 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\Admin\Documents\flashplayer28pp_ha_install (1).exe
2018-02-22 14:41 - 2018-02-22 14:41 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\Admin\Documents\flashplayer28pp_ha_install.exe
2018-02-22 10:58 - 2018-02-22 10:31 - 002602438 _____ C:\Users\Admin\Documents\System Diagnostics report--2-22-2018.html
2018-02-22 00:49 - 2018-02-22 00:49 - 000032868 _____ C:\Users\Admin\Documents\download.htm
2018-02-22 00:23 - 2018-02-22 00:25 - 000000000 ____D C:\Users\Admin\AppData\Local\SlimWare Utilities Inc
2018-02-22 00:22 - 2018-02-22 00:22 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-02-19 20:55 - 2018-02-17 18:20 - 000023350 _____ C:\Users\Admin\Documents\ConfigFree Diagnostic Log 2-17-2018.txt
2018-02-19 20:38 - 2018-02-19 20:36 - 000000179 _____ C:\fixlist (2).txt
2018-02-19 20:12 - 2018-02-19 20:12 - 000000000 ____D C:\Users\Admin\AppData\Roaming\EncryptStick
2018-02-19 20:03 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt.txt
2018-02-19 19:57 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt
2018-02-16 21:49 - 2018-02-18 21:19 - 000000000 ____D C:\Users\Admin\AppData\Roaming\U3
2018-02-16 21:15 - 2018-02-16 21:15 - 000000000 ____D C:\BETTYSLAPTOP
2018-02-16 12:58 - 2018-02-16 12:58 - 000000000 ____D C:\RTL8187B_5_6.1135.0625.2008_Silent_Install
2018-02-16 12:56 - 2018-02-16 12:47 - 010216537 _____ C:\RTL8187B_5_6.1135.0625.2008_Silent_Install.zip
2018-02-14 17:57 - 2018-02-17 20:35 - 000000000 ____D C:\AdwCleaner
2018-02-14 17:37 - 2018-02-14 17:31 - 000003132 _____ C:\Users\Admin\Desktop\Fixlog_14-02-2018 17.37.11.txt
2018-02-14 16:15 - 2018-02-14 16:15 - 000026843 _____ C:\Users\Admin\Documents\Scan result of Farbar Recovery Scan Tool (FRST) 02.2-12-18.txt
2018-02-14 15:43 - 2018-02-23 21:19 - 000000000 ___RD C:\Users\Admin\Desktop\FRST DOCs
2018-02-12 17:36 - 2018-02-12 17:36 - 000031217 _____ C:\Users\Admin\Documents\Addition-log 2-11-18.txt
2018-02-12 16:45 - 2018-02-12 16:45 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup (1).exe
2018-02-12 11:39 - 2018-02-12 11:39 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup.exe
2018-02-11 18:55 - 2018-02-11 18:55 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-02-10 16:29 - 2018-02-10 16:29 - 000143736 _____ C:\Windows\Minidump\Mini021018-01.dmp
2018-02-08 20:27 - 2018-02-08 20:27 - 000114688 _____ C:\Users\Admin\Documents\forum screen shot 2.wps
2018-02-08 20:26 - 2018-02-08 20:26 - 000101888 _____ C:\Users\Admin\Documents\forum screen shot 1.wps
2018-02-08 19:52 - 2018-02-08 19:52 - 000171520 _____ C:\Users\Admin\Documents\Farbar Recovry Scan Tool 2-8-18.wps
2018-02-08 19:49 - 2018-02-14 15:59 - 000026843 _____ C:\Users\Admin\Documents\FRST.wps.wps
2018-02-08 19:47 - 2018-02-24 00:22 - 000000000 ____D C:\FRST
2018-02-08 09:36 - 2018-02-08 09:36 - 000533504 _____ C:\Users\Admin\Documents\Untitled Document.wps
2018-02-08 09:29 - 2018-02-08 09:29 - 000584192 _____ C:\Users\Admin\Documents\System.wps
2018-02-08 09:23 - 2018-02-08 09:36 - 000288256 _____ C:\Users\Admin\Documents\Bookmarks.wps
2018-02-07 20:57 - 2018-02-07 20:57 - 000098304 _____ C:\Users\Admin\Documents\Trojan.wps
2018-02-07 20:56 - 2018-02-22 14:46 - 000000880 _____ C:\Users\Admin\AppData\Roaming\wklnhst.dat
2018-02-07 20:56 - 2018-02-07 20:56 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Template
2018-02-07 16:13 - 2018-02-07 16:13 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2018-02-07 16:13 - 2018-02-07 16:13 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-07 16:12 - 2018-02-07 16:12 - 000000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2018-02-07 16:10 - 2018-02-07 16:12 - 000000000 ____D C:\Program Files\Microsoft Works
2018-02-06 20:57 - 2018-02-22 05:50 - 000001049 _____ C:\Users\Public\Desktop\Trend Micro Maximum Security Installer.lnk
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ C:\Program Files\GUT4C8B.tmp
2018-02-06 20:55 - 2018-02-06 20:55 - 001129816 _____ (Google Inc.) C:\Users\Guest\Downloads\ChromeSetup.exe
2018-02-06 20:55 - 2018-02-06 20:55 - 000000000 ____D C:\Program Files\GUM4C6B.tmp
2018-02-06 20:24 - 2018-02-06 20:24 - 000000000 ____D C:\Users\Guest\AppData\Local\CEF
2018-02-06 18:10 - 2018-02-08 16:03 - 000000000 ___SD C:\Users\Admin\AppData\LocalLow\Temp
2018-02-06 17:48 - 2018-02-12 16:46 - 000001954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-05 22:25 - 2018-02-05 22:26 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\chrome_cleanup_tool.exe
2018-02-05 21:55 - 2018-02-05 21:56 - 001129816 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2018-02-05 00:07 - 2018-02-05 00:07 - 005838920 _____ (Adobe Systems Inc.) C:\Users\Admin\Downloads\Shockwave_Installer_Slim.exe
2018-02-04 20:55 - 2018-02-07 13:06 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-04 20:55 - 2018-02-04 20:55 - 000001826 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-04 20:55 - 2018-02-04 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-04 20:55 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-02-04 20:54 - 2018-02-04 20:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-04 20:51 - 2018-02-04 20:52 - 081173944 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3857.exe
2018-02-04 20:43 - 2018-02-04 20:43 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-02-04 20:42 - 2018-02-04 20:42 - 001142064 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-02-04 19:43 - 2018-02-04 19:43 - 000002152 _____ C:\Windows\epplauncher.mif
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-23 23:38 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-23 23:38 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-23 19:39 - 2014-08-03 11:23 - 000000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-02-23 19:38 - 2006-11-02 07:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-22 18:27 - 2014-07-14 07:45 - 000000000 ____D C:\Windows\pss
2018-02-22 18:27 - 2006-11-02 07:58 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-22 12:07 - 2017-09-18 18:41 - 000000000 ___RD C:\Users\Admin\Desktop\Bob
2018-02-22 10:28 - 2013-12-07 09:44 - 000082904 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-22 05:47 - 2006-11-02 07:44 - 000322440 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-19 19:56 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
2018-02-19 19:56 - 2006-11-02 05:33 - 000716948 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-18 21:11 - 2017-06-15 23:17 - 000000000 ____D C:\c393470bc6f864048692b458
2018-02-17 11:53 - 2014-07-22 15:10 - 000000000 ____D C:\Users\Betty Tremblay
2018-02-17 11:53 - 2014-03-24 19:01 - 000000000 ____D C:\Users\Guest
2018-02-17 11:53 - 2013-12-07 09:42 - 000000000 ____D C:\Users\Admin
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2018-02-17 11:53 - 2006-11-02 05:22 - 029884416 _____ C:\Windows\system32\config\software_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 023592960 _____ C:\Windows\system32\config\system_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 021233664 _____ C:\Windows\system32\config\components_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2018-02-14 18:10 - 2014-07-22 16:57 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-02-12 16:46 - 2017-10-19 13:47 - 000001942 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-11 19:32 - 2016-03-30 19:04 - 000000000 ____D C:\Users\Guest\AppData\Roaming\AVG
2018-02-11 19:32 - 2015-11-01 18:25 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AVG
2018-02-11 19:32 - 2015-11-01 18:14 - 000000000 ____D C:\ProgramData\Avg
2018-02-11 19:32 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Guest\AppData\Local\Avg
2018-02-11 19:32 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Admin\AppData\Local\Avg
2018-02-10 16:29 - 2013-12-12 15:39 - 000000000 ____D C:\Windows\Minidump
2018-02-10 16:28 - 2017-09-19 18:26 - 281696941 _____ C:\Windows\MEMORY.DMP
2018-02-07 16:12 - 2007-08-09 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2018-02-07 16:12 - 2006-11-02 06:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-07 13:05 - 2006-11-02 07:44 - 000058368 _____ C:\Windows\system32\umstartup.etl
2018-02-06 17:48 - 2007-08-09 19:01 - 000000000 ____D C:\Program Files\Google
2018-02-05 22:55 - 2013-12-27 16:36 - 000000000 ____D C:\Users\Admin\Desktop\Unused Programs
2018-02-05 19:52 - 2013-12-25 19:53 - 000014336 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-04 23:00 - 2007-08-09 18:57 - 000000000 ____D C:\ProgramData\Adobe
2018-02-04 22:58 - 2007-08-09 18:43 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-04 22:47 - 2015-10-24 21:09 - 000000000 ____D C:\Users\Admin\AppData\Local\AvgSetupLog
2018-02-04 20:54 - 2014-07-13 18:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-04 18:55 - 2017-12-14 19:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
 
==================== Files in the root of some directories =======
 
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ () C:\Program Files\GUT4C8B.tmp
2018-02-07 20:56 - 2018-02-22 14:46 - 000000880 _____ () C:\Users\Admin\AppData\Roaming\wklnhst.dat
2014-07-14 13:35 - 2014-07-14 13:35 - 000000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2013-12-25 19:53 - 2018-02-05 19:52 - 000014336 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
2018-02-22 00:22 - 2018-02-22 00:22 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\Admin\AppData\Local\Temp\scp177A.tmp.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-23 19:44
 
==================== End of FRST.txt ============================

  • 0

#42
RobertDad
Posted 23 February 2018 - 11:30 PM

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

This I found in a folder marked FRST Docs on my C drive , it says log, so I copied it in hopes it is what you need.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.02.2018
Ran by Admin (administrator) on BOBS-LAPTOP (24-02-2018 00:22:28)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Betty Tremblay & Guest)
Platform: Microsoft® Windows Vista™ Home Basic  (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-08-09] (Microsoft Corporation)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Web TuneUp\vprot.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-07] (Google Inc.)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {0ce2ba1f-cbd0-11e3-954f-001d60f1eb19} - E:\setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee279-134c-11e4-aebe-001d60f1eb19} - setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee27c-134c-11e4-aebe-001d60f1eb19} - F:\LaunchU3.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {d1c358bb-15d6-11e8-9c21-00164417c642} - E:\setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {f5343400-0c08-11e4-ac9d-001d60f1eb19} - E:\setupSNK.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{6884B05B-300C-4221-B775-EAD2BD1D1BD8}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-144978628-2293470025-642614174-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F71E243C-1461-4B08-8537-B76BD787EE41}&mid=b09cd7c151cf47d38a4d5ffb10c79779-d9dea06a694f267ae7894492c5fe8a8b96376a9c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-04 17:00:07&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-08-09] (Sun Microsystems, Inc.)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 [2018-02-17]
FF Session Restore: Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 -> is enabled.
FF Extension: (AdBlock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\[email protected] [2017-12-15]
FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\[email protected] [2017-12-14]
FF Extension: (Spider Solitaire) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{a8bec30a-4733-4f9b-8c29-f391ba02ce2c}.xpi [2017-12-14]
FF Extension: (Flash and Video Download) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-16]
FF Extension: (Adblock Plus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-07] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-19] [Legacy] [not signed]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google%20chrome/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-02-24]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-22]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2018-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [581104 2015-10-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-08-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-02-07] (Malwarebytes)
R0 MrFilter; C:\Windows\system32\Drivers\MrFilter.sys [12384 2003-10-16] (Roxio) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation )
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Guest\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-23 23:02 - 2018-02-23 23:02 - 000001633 _____ C:\Users\Admin\Desktop\Fixlog.txt
2018-02-23 22:00 - 2018-02-23 22:00 - 000000179 _____ C:\Users\Admin\Desktop\fixlist-----from Bruce.txt
2018-02-23 20:46 - 2018-02-23 21:21 - 000028466 _____ C:\Users\Admin\Desktop\Addition.txt
2018-02-23 20:43 - 2018-02-24 00:22 - 000015929 _____ C:\Users\Admin\Desktop\FRST.txt
2018-02-23 20:42 - 2018-02-23 20:42 - 001763328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2018-02-22 18:20 - 2018-02-22 18:20 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\Admin\Documents\flashplayer28pp_ha_install (1).exe
2018-02-22 14:41 - 2018-02-22 14:41 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\Admin\Documents\flashplayer28pp_ha_install.exe
2018-02-22 10:58 - 2018-02-22 10:31 - 002602438 _____ C:\Users\Admin\Documents\System Diagnostics report--2-22-2018.html
2018-02-22 00:49 - 2018-02-22 00:49 - 000032868 _____ C:\Users\Admin\Documents\download.htm
2018-02-22 00:23 - 2018-02-22 00:25 - 000000000 ____D C:\Users\Admin\AppData\Local\SlimWare Utilities Inc
2018-02-22 00:22 - 2018-02-22 00:22 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-02-19 20:55 - 2018-02-17 18:20 - 000023350 _____ C:\Users\Admin\Documents\ConfigFree Diagnostic Log 2-17-2018.txt
2018-02-19 20:38 - 2018-02-19 20:36 - 000000179 _____ C:\fixlist (2).txt
2018-02-19 20:12 - 2018-02-19 20:12 - 000000000 ____D C:\Users\Admin\AppData\Roaming\EncryptStick
2018-02-19 20:03 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt.txt
2018-02-19 19:57 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt
2018-02-16 21:49 - 2018-02-18 21:19 - 000000000 ____D C:\Users\Admin\AppData\Roaming\U3
2018-02-16 21:15 - 2018-02-16 21:15 - 000000000 ____D C:\BETTYSLAPTOP
2018-02-16 12:58 - 2018-02-16 12:58 - 000000000 ____D C:\RTL8187B_5_6.1135.0625.2008_Silent_Install
2018-02-16 12:56 - 2018-02-16 12:47 - 010216537 _____ C:\RTL8187B_5_6.1135.0625.2008_Silent_Install.zip
2018-02-14 17:57 - 2018-02-17 20:35 - 000000000 ____D C:\AdwCleaner
2018-02-14 17:37 - 2018-02-14 17:31 - 000003132 _____ C:\Users\Admin\Desktop\Fixlog_14-02-2018 17.37.11.txt
2018-02-14 16:15 - 2018-02-14 16:15 - 000026843 _____ C:\Users\Admin\Documents\Scan result of Farbar Recovery Scan Tool (FRST) 02.2-12-18.txt
2018-02-14 15:43 - 2018-02-23 21:19 - 000000000 ___RD C:\Users\Admin\Desktop\FRST DOCs
2018-02-12 17:36 - 2018-02-12 17:36 - 000031217 _____ C:\Users\Admin\Documents\Addition-log 2-11-18.txt
2018-02-12 16:45 - 2018-02-12 16:45 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup (1).exe
2018-02-12 11:39 - 2018-02-12 11:39 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup.exe
2018-02-11 18:55 - 2018-02-11 18:55 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-02-10 16:29 - 2018-02-10 16:29 - 000143736 _____ C:\Windows\Minidump\Mini021018-01.dmp
2018-02-08 20:27 - 2018-02-08 20:27 - 000114688 _____ C:\Users\Admin\Documents\forum screen shot 2.wps
2018-02-08 20:26 - 2018-02-08 20:26 - 000101888 _____ C:\Users\Admin\Documents\forum screen shot 1.wps
2018-02-08 19:52 - 2018-02-08 19:52 - 000171520 _____ C:\Users\Admin\Documents\Farbar Recovry Scan Tool 2-8-18.wps
2018-02-08 19:49 - 2018-02-14 15:59 - 000026843 _____ C:\Users\Admin\Documents\FRST.wps.wps
2018-02-08 19:47 - 2018-02-24 00:22 - 000000000 ____D C:\FRST
2018-02-08 09:36 - 2018-02-08 09:36 - 000533504 _____ C:\Users\Admin\Documents\Untitled Document.wps
2018-02-08 09:29 - 2018-02-08 09:29 - 000584192 _____ C:\Users\Admin\Documents\System.wps
2018-02-08 09:23 - 2018-02-08 09:36 - 000288256 _____ C:\Users\Admin\Documents\Bookmarks.wps
2018-02-07 20:57 - 2018-02-07 20:57 - 000098304 _____ C:\Users\Admin\Documents\Trojan.wps
2018-02-07 20:56 - 2018-02-22 14:46 - 000000880 _____ C:\Users\Admin\AppData\Roaming\wklnhst.dat
2018-02-07 20:56 - 2018-02-07 20:56 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Template
2018-02-07 16:13 - 2018-02-07 16:13 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2018-02-07 16:13 - 2018-02-07 16:13 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-07 16:12 - 2018-02-07 16:12 - 000000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2018-02-07 16:10 - 2018-02-07 16:12 - 000000000 ____D C:\Program Files\Microsoft Works
2018-02-06 20:57 - 2018-02-22 05:50 - 000001049 _____ C:\Users\Public\Desktop\Trend Micro Maximum Security Installer.lnk
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ C:\Program Files\GUT4C8B.tmp
2018-02-06 20:55 - 2018-02-06 20:55 - 001129816 _____ (Google Inc.) C:\Users\Guest\Downloads\ChromeSetup.exe
2018-02-06 20:55 - 2018-02-06 20:55 - 000000000 ____D C:\Program Files\GUM4C6B.tmp
2018-02-06 20:24 - 2018-02-06 20:24 - 000000000 ____D C:\Users\Guest\AppData\Local\CEF
2018-02-06 18:10 - 2018-02-08 16:03 - 000000000 ___SD C:\Users\Admin\AppData\LocalLow\Temp
2018-02-06 17:48 - 2018-02-12 16:46 - 000001954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-05 22:25 - 2018-02-05 22:26 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\chrome_cleanup_tool.exe
2018-02-05 21:55 - 2018-02-05 21:56 - 001129816 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2018-02-05 00:07 - 2018-02-05 00:07 - 005838920 _____ (Adobe Systems Inc.) C:\Users\Admin\Downloads\Shockwave_Installer_Slim.exe
2018-02-04 20:55 - 2018-02-07 13:06 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-04 20:55 - 2018-02-04 20:55 - 000001826 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-04 20:55 - 2018-02-04 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-04 20:55 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-02-04 20:54 - 2018-02-04 20:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-04 20:51 - 2018-02-04 20:52 - 081173944 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3857.exe
2018-02-04 20:43 - 2018-02-04 20:43 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-02-04 20:42 - 2018-02-04 20:42 - 001142064 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-02-04 19:43 - 2018-02-04 19:43 - 000002152 _____ C:\Windows\epplauncher.mif
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-23 23:38 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-23 23:38 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-23 19:39 - 2014-08-03 11:23 - 000000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-02-23 19:38 - 2006-11-02 07:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-22 18:27 - 2014-07-14 07:45 - 000000000 ____D C:\Windows\pss
2018-02-22 18:27 - 2006-11-02 07:58 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-22 12:07 - 2017-09-18 18:41 - 000000000 ___RD C:\Users\Admin\Desktop\Bob
2018-02-22 10:28 - 2013-12-07 09:44 - 000082904 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-22 05:47 - 2006-11-02 07:44 - 000322440 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-19 19:56 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
2018-02-19 19:56 - 2006-11-02 05:33 - 000716948 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-18 21:11 - 2017-06-15 23:17 - 000000000 ____D C:\c393470bc6f864048692b458
2018-02-17 11:53 - 2014-07-22 15:10 - 000000000 ____D C:\Users\Betty Tremblay
2018-02-17 11:53 - 2014-03-24 19:01 - 000000000 ____D C:\Users\Guest
2018-02-17 11:53 - 2013-12-07 09:42 - 000000000 ____D C:\Users\Admin
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2018-02-17 11:53 - 2006-11-02 05:22 - 029884416 _____ C:\Windows\system32\config\software_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 023592960 _____ C:\Windows\system32\config\system_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 021233664 _____ C:\Windows\system32\config\components_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2018-02-14 18:10 - 2014-07-22 16:57 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-02-12 16:46 - 2017-10-19 13:47 - 000001942 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-11 19:32 - 2016-03-30 19:04 - 000000000 ____D C:\Users\Guest\AppData\Roaming\AVG
2018-02-11 19:32 - 2015-11-01 18:25 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AVG
2018-02-11 19:32 - 2015-11-01 18:14 - 000000000 ____D C:\ProgramData\Avg
2018-02-11 19:32 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Guest\AppData\Local\Avg
2018-02-11 19:32 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Admin\AppData\Local\Avg
2018-02-10 16:29 - 2013-12-12 15:39 - 000000000 ____D C:\Windows\Minidump
2018-02-10 16:28 - 2017-09-19 18:26 - 281696941 _____ C:\Windows\MEMORY.DMP
2018-02-07 16:12 - 2007-08-09 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2018-02-07 16:12 - 2006-11-02 06:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-07 13:05 - 2006-11-02 07:44 - 000058368 _____ C:\Windows\system32\umstartup.etl
2018-02-06 17:48 - 2007-08-09 19:01 - 000000000 ____D C:\Program Files\Google
2018-02-05 22:55 - 2013-12-27 16:36 - 000000000 ____D C:\Users\Admin\Desktop\Unused Programs
2018-02-05 19:52 - 2013-12-25 19:53 - 000014336 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-04 23:00 - 2007-08-09 18:57 - 000000000 ____D C:\ProgramData\Adobe
2018-02-04 22:58 - 2007-08-09 18:43 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-04 22:47 - 2015-10-24 21:09 - 000000000 ____D C:\Users\Admin\AppData\Local\AvgSetupLog
2018-02-04 20:54 - 2014-07-13 18:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-04 18:55 - 2017-12-14 19:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
 
==================== Files in the root of some directories =======
 
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ () C:\Program Files\GUT4C8B.tmp
2018-02-07 20:56 - 2018-02-22 14:46 - 000000880 _____ () C:\Users\Admin\AppData\Roaming\wklnhst.dat
2014-07-14 13:35 - 2014-07-14 13:35 - 000000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2013-12-25 19:53 - 2018-02-05 19:52 - 000014336 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
2018-02-22 00:22 - 2018-02-22 00:22 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\Admin\AppData\Local\Temp\scp177A.tmp.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-23 19:44
 
==================== End of FRST.txt ============================

  • 0

#43
Bruce1270
Posted 24 February 2018 - 05:22 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi

Your FRST is located on the user called Admin on the desktop - C:\users\Admin\desktop.

Download the fixlist from my post #39 to C:\users\admin\desktop so it is on the desktop with FRST.
  • When you right click on FRST and select Run as administrator you should see the following screen.
    FRST_screen.png
  • The tool will check for any updates. Allow it to do so until the message tool is ready for use is displayed.
  • Click on the fix button.
  • This will start to process the fixlist script. This may take a few minutes.
  • Once completed the system will reboot.
  • Upon reboot notepad will open and a fixlog report will be displayed on the screen.
  • Please copy and paste this in your next reply.

  • 0

#44
RobertDad
Posted 25 February 2018 - 12:04 AM

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I sure hope this right.  This is really taxing my 75 3/4 year old brain. :no:   :pepsi:
The attachment is copies of my Malware software, and I didn't have the buttons you mention, so I just did the scan and quarantine and clicked on the protection.  Just wanted to show you in case the log isn't right.
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 24.02.2018
Ran by Admin (24-02-2018 23:49:59) Run:3
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Betty Tremblay & Guest)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Web TuneUp\vprot.exe"
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {0ce2ba1f-cbd0-11e3-954f-001d60f1eb19} - E:\setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee279-134c-11e4-aebe-001d60f1eb19} - setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee27c-134c-11e4-aebe-001d60f1eb19} - F:\LaunchU3.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {f5343400-0c08-11e4-ac9d-001d60f1eb19} - E:\setupSNK.exe
SearchScopes: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F71E243C-1461-4B08-8537-B76BD787EE41}&mid=b09cd7c151cf47d38a4d5ffb10c79779-d9dea06a694f267ae7894492c5fe8a8b96376a9c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-04 17:00:07&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Guest\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
Task: {F44C00D9-4EB6-4379-8F77-42D1474B3D60} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
C:\Program Files\AVG Web TuneUp
C:\Users\Admin\AppData\Local\SlimWare Utilities Inc
C:\Users\Admin\AppData\Local\Temp\scp177A.tmp.exe
C:\ProgramData\AVG 1113a Campaign
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
 
*****************
 
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ce2ba1f-cbd0-11e3-954f-001d60f1eb19}" => removed successfully.
HKLM\Software\Classes\CLSID\{0ce2ba1f-cbd0-11e3-954f-001d60f1eb19} => not found
"HKU\S-1-5-21-144978628-2293470025-642614174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e2ee279-134c-11e4-aebe-001d60f1eb19}" => removed successfully.
HKLM\Software\Classes\CLSID\{2e2ee279-134c-11e4-aebe-001d60f1eb19} => not found
"HKU\S-1-5-21-144978628-2293470025-642614174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e2ee27c-134c-11e4-aebe-001d60f1eb19}" => removed successfully.
HKLM\Software\Classes\CLSID\{2e2ee27c-134c-11e4-aebe-001d60f1eb19} => not found
"HKU\S-1-5-21-144978628-2293470025-642614174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5343400-0c08-11e4-ac9d-001d60f1eb19}" => removed successfully.
HKLM\Software\Classes\CLSID\{f5343400-0c08-11e4-ac9d-001d60f1eb19} => not found
"HKU\S-1-5-21-144978628-2293470025-642614174-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully.
"HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully.
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"HKLM\System\CurrentControlSet\Services\blbdrive" => removed successfully.
blbdrive => service removed successfully.
"HKLM\System\CurrentControlSet\Services\cpuz134" => removed successfully.
cpuz134 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\IpInIp" => removed successfully.
IpInIp => service removed successfully.
"HKLM\System\CurrentControlSet\Services\NwlnkFlt" => removed successfully.
NwlnkFlt => service removed successfully.
"HKLM\System\CurrentControlSet\Services\NwlnkFwd" => removed successfully.
NwlnkFwd => service removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}" => removed successfully.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SD Format" => removed successfully.
"HKLM\Software\Classes\CLSID\{932CFB31-6AC9-4FE2-BEAC-A27FAF631D48}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F44C00D9-4EB6-4379-8F77-42D1474B3D60} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F44C00D9-4EB6-4379-8F77-42D1474B3D60} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\AVG_SYS_TASK => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK => could not remove. ErrorCode1: 0x00000002
"C:\Program Files\AVG Web TuneUp" => not found
C:\Users\Admin\AppData\Local\SlimWare Utilities Inc => moved successfully
C:\Users\Admin\AppData\Local\Temp\scp177A.tmp.exe => moved successfully
"C:\ProgramData\AVG 1113a Campaign" => not found
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========

Attached Thumbnails

  • Geekstogo-malware screenprint--2.jpg
  • Geekstogo-malware screenprint.jpg

Attached Files


Edited by RobertDad, 25 February 2018 - 11:49 AM.

  • 0

#45
Bruce1270
Posted 25 February 2018 - 04:23 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Those logs were what i was looking for :thumbsup:

Things are looking pretty good. We'll do one more scan :)


Temporary disable your AntiVirus and AntiSpyware protection - instructions here .

Please visit ESET Online Scanner website.
Click Scan Now.

Download esetonlinescanner_enu.exe that you'll be given link to.
Double click esetonlinescanner_enu.exe.
Accept the Terms of Use

To perform the scan:

Make sure that Enable detection of potentially unwanted applications is selected.
In the Advanced Settings dropdown menu:
Enable detection of potentially unsafe applications are checked.
Enable detection of suspicious applications are checked.
Enable Anti-Stealth technology are checked.
Scan archives is checked.
Make sure that Clean threats automatically is unchecked.
Use custom proxy settings is unchecked.
Click Scan
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done results will be displayed. Click the Copy to clipboard.
When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


Things for your next post:
  • ESET log.txt
  • How is the computer running now?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP