Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04.03.2018
Ran by Admin (administrator) on BOBS-LAPTOP (06-03-2018 23:22:05)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Betty Tremblay & Guest)
Platform: Microsoft® Windows Vista™ Home Basic (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-08-09] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [292824 2018-02-26] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {d1c358bb-15d6-11e8-9c21-00164417c642} - E:\setupSNK.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{6884B05B-300C-4221-B775-EAD2BD1D1BD8}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-144978628-2293470025-642614174-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 [2018-02-28]
FF Session Restore: Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 -> is enabled.
FF Extension: (AdBlock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\
[email protected] [2017-12-15]
FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\
[email protected] [2017-12-14]
FF Extension: (Spider Solitaire) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{a8bec30a-4733-4f9b-8c29-f391ba02ce2c}.xpi [2017-12-14]
FF Extension: (Flash and Video Download) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-16]
FF Extension: (Adblock Plus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-07] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-19] [Legacy] [not signed]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-28] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google%20chrome/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-03-06]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-01]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2018-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [301648 2018-02-26] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5981760 2018-02-26] (AVG Technologies CZ, s.r.o.)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [581104 2015-10-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-08-09] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [157320 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiskx.sys [135808 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [249160 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [150952 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [270272 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [43920 2018-02-26] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35192 2018-02-26] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [116784 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr.sys [62968 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [63208 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [775992 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [383728 2018-02-26] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\Windows\System32\drivers\avgStmXP.sys [197736 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [303168 2018-02-26] (AVG Technologies CZ, s.r.o.)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-02-07] (Malwarebytes)
R0 MrFilter; C:\Windows\system32\Drivers\MrFilter.sys [12384 2003-10-16] (Roxio) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation )
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-06 23:22 - 2018-03-06 23:22 - 000015648 _____ C:\Users\Admin\Desktop\FRST.txt
2018-03-06 23:20 - 2018-03-06 23:22 - 000000000 ____D C:\FRST
2018-03-06 23:18 - 2018-03-06 23:18 - 001763328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2018-03-05 12:30 - 2018-03-05 12:31 - 000001560 _____ C:\DelFix.txt
2018-03-05 12:30 - 2018-03-05 12:30 - 000000000 ____D C:\Windows\ERUNT
2018-03-01 12:39 - 2018-03-04 07:42 - 000000000 ____D C:\Program Files\DriverUpdate
2018-03-01 12:39 - 2018-03-01 12:39 - 000000000 ____D C:\Users\Admin\AppData\Local\SlimWare Utilities Inc
2018-03-01 12:39 - 2018-03-01 12:39 - 000000000 ____D C:\Program Files\SlimWare Utilities
2018-03-01 09:42 - 2018-03-01 09:48 - 365230920 _____ (Microsoft Corporation) C:\Users\Admin\Desktop\windows6.0-kb948465-x86 (1).exe
2018-03-01 09:29 - 2018-03-01 09:29 - 001861696 _____ (Oracle Corporation) C:\Users\Admin\Desktop\chromeinstall-8u161.exe
2018-02-28 21:29 - 2018-02-28 21:29 - 000000000 ____D C:\Windows\system32\EventProviders
2018-02-28 21:21 - 2018-02-28 21:27 - 365230920 _____ (Microsoft Corporation) C:\Users\Admin\Desktop\windows6.0-kb948465-x86.exe
2018-02-28 20:55 - 2018-02-28 20:55 - 018005296 _____ (Microsoft Corporation) C:\Users\Admin\Desktop\IE9-WindowsVista-x86-enu.exe
2018-02-28 10:36 - 2018-03-05 12:50 - 000001954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-28 10:36 - 2018-03-05 12:50 - 000001942 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-28 09:40 - 2018-02-28 09:40 - 001129816 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup(1).exe
2018-02-28 09:08 - 2018-02-28 09:08 - 001129816 _____ (Google Inc.) C:\Users\Admin\Desktop\ChromeSetup.exe
2018-02-26 22:43 - 2018-02-26 22:44 - 000000000 ____D C:\Users\Admin\Desktop\AVG Free
2018-02-26 22:42 - 2018-02-26 22:43 - 000000000 ____D C:\Users\Admin\Desktop\ESET Scanner A
2018-02-26 22:30 - 2018-02-26 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2018-02-26 22:29 - 2018-02-26 22:29 - 000775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000383728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000320440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-02-26 22:29 - 2018-02-26 22:29 - 000303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000249160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000197736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStmXP.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000157320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000062968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-02-26 22:27 - 2018-02-26 22:27 - 000000000 ____D C:\Program Files\AVG
2018-02-25 00:27 - 2018-02-25 00:27 - 000001226 _____ C:\Users\Admin\Desktop\Malwarebytes Scan and Quaratine Report.txt
2018-02-24 00:44 - 2018-02-24 00:44 - 000001637 _____ C:\Users\Admin\Desktop\Paint.lnk
2018-02-22 10:58 - 2018-02-22 10:31 - 002602438 _____ C:\Users\Admin\Documents\System Diagnostics report--2-22-2018.html
2018-02-22 00:49 - 2018-02-22 00:49 - 000032868 _____ C:\Users\Admin\Documents\download.htm
2018-02-22 00:22 - 2018-02-22 00:22 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-02-19 20:55 - 2018-02-17 18:20 - 000023350 _____ C:\Users\Admin\Documents\ConfigFree Diagnostic Log 2-17-2018.txt
2018-02-19 20:38 - 2018-02-19 20:36 - 000000179 _____ C:\fixlist (2).txt
2018-02-19 20:12 - 2018-02-19 20:12 - 000000000 ____D C:\Users\Admin\AppData\Roaming\EncryptStick
2018-02-19 20:03 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt.txt
2018-02-19 19:57 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt
2018-02-16 21:49 - 2018-02-18 21:19 - 000000000 ____D C:\Users\Admin\AppData\Roaming\U3
2018-02-16 21:15 - 2018-02-16 21:15 - 000000000 ____D C:\BETTYSLAPTOP
2018-02-16 12:58 - 2018-02-16 12:58 - 000000000 ____D C:\RTL8187B_5_6.1135.0625.2008_Silent_Install
2018-02-16 12:56 - 2018-02-16 12:47 - 010216537 _____ C:\RTL8187B_5_6.1135.0625.2008_Silent_Install.zip
2018-02-12 11:39 - 2018-02-12 11:39 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup.exe
2018-02-11 18:55 - 2018-02-11 18:55 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-02-10 16:29 - 2018-02-10 16:29 - 000143736 _____ C:\Windows\Minidump\Mini021018-01.dmp
2018-02-08 09:23 - 2018-02-08 09:36 - 000288256 _____ C:\Users\Admin\Documents\Bookmarks.wps
2018-02-07 20:56 - 2018-03-06 04:35 - 000001068 _____ C:\Users\Admin\AppData\Roaming\wklnhst.dat
2018-02-07 20:56 - 2018-02-07 20:56 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Template
2018-02-07 16:13 - 2018-02-07 16:13 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2018-02-07 16:13 - 2018-02-07 16:13 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-07 16:12 - 2018-02-07 16:12 - 000000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2018-02-07 16:10 - 2018-02-07 16:12 - 000000000 ____D C:\Program Files\Microsoft Works
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ C:\Program Files\GUT4C8B.tmp
2018-02-06 20:55 - 2018-02-06 20:55 - 001129816 _____ (Google Inc.) C:\Users\Guest\Downloads\ChromeSetup.exe
2018-02-06 20:55 - 2018-02-06 20:55 - 000000000 ____D C:\Program Files\GUM4C6B.tmp
2018-02-06 20:24 - 2018-02-06 20:24 - 000000000 ____D C:\Users\Guest\AppData\Local\CEF
2018-02-06 18:10 - 2018-02-08 16:03 - 000000000 ___SD C:\Users\Admin\AppData\LocalLow\Temp
2018-02-05 22:25 - 2018-02-05 22:26 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\chrome_cleanup_tool.exe
2018-02-05 00:07 - 2018-02-05 00:07 - 005838920 _____ (Adobe Systems Inc.) C:\Users\Admin\Downloads\Shockwave_Installer_Slim.exe
2018-02-04 20:55 - 2018-02-07 13:06 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-04 20:55 - 2018-02-04 20:55 - 000001826 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-04 20:55 - 2018-02-04 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-04 20:55 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-02-04 20:54 - 2018-02-04 20:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-04 20:51 - 2018-02-04 20:52 - 081173944 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3857.exe
2018-02-04 20:43 - 2018-02-04 20:43 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-02-04 20:42 - 2018-02-04 20:42 - 001142064 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-02-04 19:43 - 2018-02-04 19:43 - 000002152 _____ C:\Windows\epplauncher.mif
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-06 23:14 - 2014-08-03 11:23 - 000000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-03-06 23:13 - 2006-11-02 07:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-06 23:13 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-06 23:13 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-06 11:27 - 2006-11-02 07:58 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-05 14:19 - 2016-03-30 19:04 - 000000000 ____D C:\Users\Guest\AppData\Roaming\AVG
2018-03-05 14:16 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Guest\AppData\Local\Avg
2018-03-05 13:25 - 2017-09-18 18:41 - 000000000 ___RD C:\Users\Admin\Desktop\Bob
2018-03-05 09:56 - 2014-07-22 18:19 - 000000000 ____D C:\Users\Betty Tremblay\AppData\Local\Microsoft Games
2018-03-04 16:53 - 2016-12-20 23:22 - 000000000 ____D C:\Users\Betty Tremblay\AppData\Roaming\AVG
2018-03-04 16:43 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Betty Tremblay\AppData\Local\Avg
2018-03-01 23:12 - 2013-12-25 19:53 - 000013824 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-28 11:33 - 2007-08-09 19:01 - 000000000 ____D C:\Program Files\Google
2018-02-28 09:42 - 2017-09-18 18:16 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2018-02-28 09:27 - 2013-12-07 09:44 - 000000000 ____D C:\Users\Admin\AppData\Local\Google
2018-02-28 09:26 - 2007-08-09 19:01 - 000000000 ____D C:\ProgramData\Google
2018-02-26 22:30 - 2015-11-01 18:25 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AVG
2018-02-26 22:30 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Admin\AppData\Local\Avg
2018-02-26 22:26 - 2015-11-01 18:14 - 000000000 ____D C:\ProgramData\Avg
2018-02-26 18:18 - 2017-12-14 16:03 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2018-02-22 18:27 - 2014-07-14 07:45 - 000000000 ____D C:\Windows\pss
2018-02-22 10:28 - 2013-12-07 09:44 - 000082904 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-22 05:47 - 2006-11-02 07:44 - 000322440 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-19 19:56 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
2018-02-19 19:56 - 2006-11-02 05:33 - 000716948 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-18 21:11 - 2017-06-15 23:17 - 000000000 ____D C:\c393470bc6f864048692b458
2018-02-17 11:53 - 2014-07-22 15:10 - 000000000 ____D C:\Users\Betty Tremblay
2018-02-17 11:53 - 2014-03-24 19:01 - 000000000 ____D C:\Users\Guest
2018-02-17 11:53 - 2013-12-07 09:42 - 000000000 ____D C:\Users\Admin
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2018-02-17 11:53 - 2006-11-02 05:22 - 029884416 _____ C:\Windows\system32\config\software_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 023592960 _____ C:\Windows\system32\config\system_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 021233664 _____ C:\Windows\system32\config\components_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2018-02-14 18:10 - 2014-07-22 16:57 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-02-10 16:29 - 2013-12-12 15:39 - 000000000 ____D C:\Windows\Minidump
2018-02-10 16:28 - 2017-09-19 18:26 - 281696941 _____ C:\Windows\MEMORY.DMP
2018-02-07 16:12 - 2007-08-09 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2018-02-07 16:12 - 2006-11-02 06:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-07 13:05 - 2006-11-02 07:44 - 000058368 _____ C:\Windows\system32\umstartup.etl
2018-02-05 22:55 - 2013-12-27 16:36 - 000000000 ____D C:\Users\Admin\Desktop\Unused Programs
2018-02-04 23:00 - 2007-08-09 18:57 - 000000000 ____D C:\ProgramData\Adobe
2018-02-04 22:58 - 2007-08-09 18:43 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-04 22:47 - 2015-10-24 21:09 - 000000000 ____D C:\Users\Admin\AppData\Local\AvgSetupLog
2018-02-04 20:54 - 2014-07-13 18:33 - 000000000 ____D C:\ProgramData\Malwarebytes
==================== Files in the root of some directories =======
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ () C:\Program Files\GUT4C8B.tmp
2018-02-07 20:56 - 2018-03-06 04:35 - 000001068 _____ () C:\Users\Admin\AppData\Roaming\wklnhst.dat
2014-07-14 13:35 - 2014-07-14 13:35 - 000000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2013-12-25 19:53 - 2018-03-01 23:12 - 000013824 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-06 23:20
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04.03.2018
Ran by Admin (06-03-2018 23:22:58)
Running from C:\Users\Admin\Desktop
Microsoft® Windows Vista™ Home Basic (X86) (2013-12-07 15:43:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-144978628-2293470025-642614174-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-144978628-2293470025-642614174-500 - Administrator - Disabled)
Betty Tremblay (S-1-5-21-144978628-2293470025-642614174-1001 - Limited - Enabled) => C:\Users\Betty Tremblay
Guest (S-1-5-21-144978628-2293470025-642614174-501 - Administrator - Enabled) => C:\Users\Guest
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Accessibility (HKLM\...\{2C544254-39F2-4ACA-B779-ABF7297C96CF}) (Version: 1.39.0.19 - TOSHIBA)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0012 - ATK)
AVG 2016 (HKLM\...\{AE3CE485-0996-413D-A897-D2F80D44982D}) (Version: 16.0.4776 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.1.3044 - AVG Technologies)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.01.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DriverUpdate (HKLM\...\{5386DB6C-026A-4D5F-9EE2-13619CA24320}) (Version: 5.3.0 - Slimware Utilities Holdings, Inc.) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (HKLM\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
Roxio EasyWrite Reader (HKLM\...\Roxio MRFilter) (Version: - )
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.3.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.00.03 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.32 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.07 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: TOSH0501 - WildTangent)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-02-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-02-11] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-02-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {36AF97D0-6340-4933-9C35-0E82E23EB06A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-02-26] (AVG Technologies CZ, s.r.o.)
Task: {4A31C49C-85C2-4EA9-9EE2-25B50291EDE4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {8EC48C7A-FE6A-43C2-ACC2-584BE1A5BF18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-02-28] (Google Inc.)
Task: {B91CE50D-5CC5-4790-B449-27E19E3AD80F} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-02-08] (AVG Technologies CZ, s.r.o.)
Task: {C47BC29D-B74E-49D8-A191-759B41393C6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-02-28] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2007-08-09 18:20 - 2007-02-05 20:13 - 000094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2018-02-26 22:29 - 2018-02-26 22:29 - 000289008 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000281328 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2018-03-06 15:50 - 2018-03-06 15:50 - 005822192 _____ () C:\Program Files\AVG\Antivirus\defs\18030604\algo.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000758000 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000964336 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000469744 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2007-08-09 19:00 - 2007-01-25 19:47 - 000136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2007-08-09 19:00 - 2007-01-25 19:50 - 000063096 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2018-02-04 20:55 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000618736 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll
2006-11-02 01:47 - 2006-11-02 04:46 - 000364544 _____ () C:\Windows\system32\msjetoledb40.dll
2007-08-09 18:32 - 2007-05-18 05:43 - 000430080 _____ () C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2018-02-26 22:29 - 2018-02-26 22:29 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2016-09-06 16:15 - 2016-09-06 11:00 - 005197312 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 16:15 - 2016-09-06 11:00 - 000147456 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2018-02-24 23:50 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{B568B700-47E7-4900-A90A-C7DE92AE7801}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{53DFE34E-9374-42FC-9AE0-E94F21FFF7B1}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{2D2269FA-EAED-4AF2-A475-48B518C6EF21}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{5557D815-1A87-487F-867D-0A2C707F9BE4}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{4A45D8BD-816A-459F-AC7F-AE42992EECFA}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{89676831-57EE-4E58-976F-E5B9576C96FC}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{EB3D8379-B078-4EF1-B956-F16B2E2EC2D6}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{5E55D80B-EAFE-41E4-A360-643B668D68C6}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{579A119E-EF2D-4715-9F5A-6D7470FA3A35}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{C0703ED2-45D2-434F-8B4C-438F9672AB2A}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{0A656B49-2FE7-49FF-8C46-21475406A20F}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{71E6999F-13B9-4ECD-A27F-34DDB53D3016}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [TCP Query User{B5E2788D-AA7D-40E0-B28D-4FF81C056910}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C74D3921-1936-460D-867C-9396366A92C1}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{57FA7AB7-F7DF-454A-BAB3-3A93F0E7DB93}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger
==================== Restore Points =========================
05-03-2018 12:31:24 End of disinfection
06-03-2018 15:38:40 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Built-in Infrared Device
Description: Built-in Infrared Device
Class Guid: {6bdd1fc5-810f-11d0-bec7-08002be2092f}
Manufacturer: (Standard Infrared Port)
Service: irsir
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/06/2018 12:49:24 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Error: (03/06/2018 10:55:43 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Error: (03/05/2018 05:47:37 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Error: (03/05/2018 01:24:50 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Error: (03/05/2018 12:31:24 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {119313c5-a254-494d-a773-cb6b87eac832}
Error: (03/05/2018 10:34:44 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Error: (03/05/2018 09:48:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (03/05/2018 09:46:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
System errors:
=============
Error: (03/06/2018 11:15:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/06/2018 11:14:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/06/2018 11:14:55 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 10.0.0.8, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
Error: (03/06/2018 11:14:55 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
Error: (03/06/2018 11:13:58 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer EPSON WF-2540 Series (FAX) with shared resource name EPSON WF-2540 Series (FAX). Error 2114. The printer cannot be used by others on the network.
Error: (03/06/2018 11:13:58 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer WF-2540 Series(Network) with shared resource name WF-2540 Series(Network). Error 2114. The printer cannot be used by others on the network.
Error: (03/06/2018 11:13:40 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
Error: (03/06/2018 11:13:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:04:41 PM on 3/6/2018 was unexpected.
CodeIntegrity:
===================================
Date: 2017-12-09 16:52:22.676
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-12-09 16:52:22.629
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-12-09 16:52:22.567
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-12-09 16:52:22.520
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-12-09 16:52:22.473
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-12-09 16:52:22.427
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-12-09 16:52:22.146
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-12-09 16:52:22.099
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Pentium® Dual CPU T2310 @ 1.46GHz
Percentage of memory in use: 48%
Total physical RAM: 3062.44 MB
Available physical RAM: 1592.25 MB
Total Virtual: 6304.57 MB
Available Virtual: 4888.25 MB
==================== Drives ================================
Drive c: (SQ004525V02) (Fixed) (Total:73.06 GB) (Free:39.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]
\\?\Volume{43956e0f-5f55-11e3-8818-806e6f6e6963}\ (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: E3AF5BFE)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=73.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================