Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Virus or spyware

clean this device Facebook and ESET Scanner download Scanner

  • Please log in to reply

#61
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hi.

has delfix been downloaded to the desktop on Robertdads computer?

What happens when you try to right click and run as admin? Do you get an error message?
  • 0

Advertisements


#62
RobertDad

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

The icon downloads for set-up and when I right click and run as admin, it just highlights the icon but nothing happens, not even an error message.  If I click on any other thing (task bar, another tab,etc) I lose the highlighting on the set up icon.  I have gone into Programs and Features and it is not listed.   I had appointment today and I haven't worked on it much, but I did it many times last night.  Nothing has changed.

Bob gets an emails for the replies and I see them and copy your post, so it is always in front of me. 


Edited by RobertDad, 03 March 2018 - 05:23 PM.

  • 0

#63
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hi there.

Are you logged into Robertdads laptop as the Admin user account? Delfix requires admin access.
  • 0

#64
RobertDad

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

 I sign in as under his name and he is listed in the user accts as the administrator.

We both are listed as administrators in  User Controls.


Edited by RobertDad, 04 March 2018 - 04:07 PM.

  • 0

#65
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Ok, what happens if you double click on the delfix icon on the desktop?
  • 0

#66
RobertDad

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

When I click on the Delfix icon it ask me open, or run as administrator, and click on administrator and it shows up highlighted, (the icon is highlighted I mean).   That is as far as I get.


Edited by RobertDad, 04 March 2018 - 06:06 PM.

  • 0

#67
RobertDad

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Finally success I hope,

# DelFix v1.013 - Logfile created 05/03/2018 at 12:30:49
# Updated 17/04/2016 by Xplode
# Username : Admin - BOBS-LAPTOP
# Operating System : Windows Vista ™ Home Basic  (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Admin\Desktop\Addition 2-28-18 3a.txt
Deleted : C:\Users\Admin\Desktop\Addition-New Addition.txt
Deleted : C:\Users\Admin\Desktop\Addition.txt
Deleted : C:\Users\Admin\Desktop\Fixlog A.txt
Deleted : C:\Users\Admin\Desktop\Fixlog-fixlist.txt  new.txt
Deleted : C:\Users\Admin\Desktop\Fixlog.txt
Deleted : C:\Users\Admin\Desktop\FRST 2-28-18 2a.txt
Deleted : C:\Users\Admin\Desktop\FRST 2-28-18.txt
Deleted : C:\Users\Admin\Desktop\FRST-new 2-28-18.exe
Deleted : C:\Users\Admin\Desktop\FRST-New FRST.txt
Deleted : C:\Users\Admin\Desktop\FRST.txt
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #699 [Scheduled Checkpoint | 02/26/2018 19:39:42]
Deleted : RP #701 [Restore Point Created by FRST | 02/27/2018 02:34:19]
Deleted : RP #702 [Scheduled Checkpoint | 02/28/2018 00:56:04]
Deleted : RP #703 [Scheduled Checkpoint | 02/28/2018 17:17:56]
Deleted : RP #704 [Removed Java™ SE Runtime Environment 6 | 03/01/2018 14:33:18]
Deleted : RP #705 [Scheduled Checkpoint | 03/04/2018 13:48:38]
Deleted : RP #706 [Scheduled Checkpoint | 03/05/2018 02:16:43]
Deleted : RP #707 [Scheduled Checkpoint | 03/05/2018 15:39:41]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 

 


  • 0

#68
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
:thumbsup:

If there are any leftover files on the desktop which Delfix did not remove they can be safely deleted. :)

Have a nice day. I'll leave the topic open for a few more days to make sure everything is running smoothly.
  • 0

#69
RobertDad

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Bruce 

 

Thank you so much.

I do have a question though, I have a problem with this laptop.  A lot of windows wouldn't run for long or even open, but just tells me that the program is not responding.  Can you let me know what topic I should go into for support with this.  Also, is it safe to run the ESET scanner to check for things, like running an antivirus program.   

 

You have been a wonderful help for me and Bob.   Thank you again,

 

Betty Tremblay


  • 0

#70
RobertDad

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

:thumbsup:

If there are any leftover files on the desktop which Delfix did not remove they can be safely deleted. :)

Have a nice day. I'll leave the topic open for a few more days to make sure everything is running smoothly.

 

 

Does Bob need Java on his computer?


  • 0

Advertisements


#71
RobertDad

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

We have another problem with Bobs computer, today.   It is the ransomware again.    

                      Internet Security Alert.  

        Do not delete, call a number.   

 

If it pops back up, I have told Bob to call me and not to shut the computer off.   If he shuts the computer off and waits for a while then its not there anymore.


  • 1

#72
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts

Hi
 

Does Bob need Java on his computer?

Some applications might require it but I would give it a go without JAVA, your computer will run without it. If it's needed for any application it will flag this and you can then download the latest version.

Web Browsers

Just to note that Google Chrome is not supported on windows vista. This means it is not updated and could be open to vulnerabilities.

Firefox is an alternative browser and there is an extended support release [ESR] at version 52. It will continue to receive security updates for Vista until May/June 2018. See this article here.

I would recommend you start to use this browser to offer a bit more security. You can download it here.


In terms of the Internet Security Alert - when it pops up again run and post fresh FRST logs again.


Please download Farbar Recovery Scan Tool and save it to your Desktop.
 Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
[*]Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
[*]The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
[*]Please also paste that along with the FRST.txt into your reply.
Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 


  • 0

#73
RobertDad

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04.03.2018
Ran by Admin (administrator) on BOBS-LAPTOP (06-03-2018 23:22:05)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Betty Tremblay & Guest)
Platform: Microsoft® Windows Vista™ Home Basic  (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-08-09] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894248 2007-06-22] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [292824 2018-02-26] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {d1c358bb-15d6-11e8-9c21-00164417c642} - E:\setupSNK.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{6884B05B-300C-4221-B775-EAD2BD1D1BD8}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-144978628-2293470025-642614174-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {2B9BA96A-90A6-45C3-BFC3-A2A891874039} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 [2018-02-28]
FF Session Restore: Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876 -> is enabled.
FF Extension: (AdBlock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\[email protected] [2017-12-15]
FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\[email protected] [2017-12-14]
FF Extension: (Spider Solitaire) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{a8bec30a-4733-4f9b-8c29-f391ba02ce2c}.xpi [2017-12-14]
FF Extension: (Flash and Video Download) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-16]
FF Extension: (Adblock Plus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b98lthpv.default-1513296421876\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-07] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-19] [Legacy] [not signed]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-28] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google%20chrome/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2018-03-06]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-01]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2018-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [301648 2018-02-26] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5981760 2018-02-26] (AVG Technologies CZ, s.r.o.)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [581104 2015-10-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-08-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [157320 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiskx.sys [135808 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriverx.sys [249160 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidshx.sys [150952 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblogx.sys [270272 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbunivx.sys [43920 2018-02-26] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [35192 2018-02-26] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [116784 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr.sys [62968 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [63208 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [775992 2018-02-26] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [383728 2018-02-26] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\Windows\System32\drivers\avgStmXP.sys [197736 2018-02-26] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [303168 2018-02-26] (AVG Technologies CZ, s.r.o.)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-02-07] (Malwarebytes)
R0 MrFilter; C:\Windows\system32\Drivers\MrFilter.sys [12384 2003-10-16] (Roxio) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 23:22 - 2018-03-06 23:22 - 000015648 _____ C:\Users\Admin\Desktop\FRST.txt
2018-03-06 23:20 - 2018-03-06 23:22 - 000000000 ____D C:\FRST
2018-03-06 23:18 - 2018-03-06 23:18 - 001763328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2018-03-05 12:30 - 2018-03-05 12:31 - 000001560 _____ C:\DelFix.txt
2018-03-05 12:30 - 2018-03-05 12:30 - 000000000 ____D C:\Windows\ERUNT
2018-03-01 12:39 - 2018-03-04 07:42 - 000000000 ____D C:\Program Files\DriverUpdate
2018-03-01 12:39 - 2018-03-01 12:39 - 000000000 ____D C:\Users\Admin\AppData\Local\SlimWare Utilities Inc
2018-03-01 12:39 - 2018-03-01 12:39 - 000000000 ____D C:\Program Files\SlimWare Utilities
2018-03-01 09:42 - 2018-03-01 09:48 - 365230920 _____ (Microsoft Corporation) C:\Users\Admin\Desktop\windows6.0-kb948465-x86 (1).exe
2018-03-01 09:29 - 2018-03-01 09:29 - 001861696 _____ (Oracle Corporation) C:\Users\Admin\Desktop\chromeinstall-8u161.exe
2018-02-28 21:29 - 2018-02-28 21:29 - 000000000 ____D C:\Windows\system32\EventProviders
2018-02-28 21:21 - 2018-02-28 21:27 - 365230920 _____ (Microsoft Corporation) C:\Users\Admin\Desktop\windows6.0-kb948465-x86.exe
2018-02-28 20:55 - 2018-02-28 20:55 - 018005296 _____ (Microsoft Corporation) C:\Users\Admin\Desktop\IE9-WindowsVista-x86-enu.exe
2018-02-28 10:36 - 2018-03-05 12:50 - 000001954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-28 10:36 - 2018-03-05 12:50 - 000001942 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-28 09:40 - 2018-02-28 09:40 - 001129816 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup(1).exe
2018-02-28 09:08 - 2018-02-28 09:08 - 001129816 _____ (Google Inc.) C:\Users\Admin\Desktop\ChromeSetup.exe
2018-02-26 22:43 - 2018-02-26 22:44 - 000000000 ____D C:\Users\Admin\Desktop\AVG Free
2018-02-26 22:42 - 2018-02-26 22:43 - 000000000 ____D C:\Users\Admin\Desktop\ESET Scanner A
2018-02-26 22:30 - 2018-02-26 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2018-02-26 22:29 - 2018-02-26 22:29 - 000775992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000383728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000320440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-02-26 22:29 - 2018-02-26 22:29 - 000303168 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000270272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000249160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000197736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStmXP.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000157320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000150952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000135808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000116784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000063208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000062968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000043920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2018-02-26 22:29 - 2018-02-26 22:29 - 000035192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-02-26 22:27 - 2018-02-26 22:27 - 000000000 ____D C:\Program Files\AVG
2018-02-25 00:27 - 2018-02-25 00:27 - 000001226 _____ C:\Users\Admin\Desktop\Malwarebytes Scan and Quaratine Report.txt
2018-02-24 00:44 - 2018-02-24 00:44 - 000001637 _____ C:\Users\Admin\Desktop\Paint.lnk
2018-02-22 10:58 - 2018-02-22 10:31 - 002602438 _____ C:\Users\Admin\Documents\System Diagnostics report--2-22-2018.html
2018-02-22 00:49 - 2018-02-22 00:49 - 000032868 _____ C:\Users\Admin\Documents\download.htm
2018-02-22 00:22 - 2018-02-22 00:22 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-02-19 20:55 - 2018-02-17 18:20 - 000023350 _____ C:\Users\Admin\Documents\ConfigFree Diagnostic Log 2-17-2018.txt
2018-02-19 20:38 - 2018-02-19 20:36 - 000000179 _____ C:\fixlist (2).txt
2018-02-19 20:12 - 2018-02-19 20:12 - 000000000 ____D C:\Users\Admin\AppData\Roaming\EncryptStick
2018-02-19 20:03 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt.txt
2018-02-19 19:57 - 2018-02-19 19:50 - 000000179 _____ C:\fixlist.txt
2018-02-16 21:49 - 2018-02-18 21:19 - 000000000 ____D C:\Users\Admin\AppData\Roaming\U3
2018-02-16 21:15 - 2018-02-16 21:15 - 000000000 ____D C:\BETTYSLAPTOP
2018-02-16 12:58 - 2018-02-16 12:58 - 000000000 ____D C:\RTL8187B_5_6.1135.0625.2008_Silent_Install
2018-02-16 12:56 - 2018-02-16 12:47 - 010216537 _____ C:\RTL8187B_5_6.1135.0625.2008_Silent_Install.zip
2018-02-12 11:39 - 2018-02-12 11:39 - 001129816 _____ (Google Inc.) C:\Users\Admin\Documents\ChromeSetup.exe
2018-02-11 18:55 - 2018-02-11 18:55 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-02-10 16:29 - 2018-02-10 16:29 - 000143736 _____ C:\Windows\Minidump\Mini021018-01.dmp
2018-02-08 09:23 - 2018-02-08 09:36 - 000288256 _____ C:\Users\Admin\Documents\Bookmarks.wps
2018-02-07 20:56 - 2018-03-06 04:35 - 000001068 _____ C:\Users\Admin\AppData\Roaming\wklnhst.dat
2018-02-07 20:56 - 2018-02-07 20:56 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Template
2018-02-07 16:13 - 2018-02-07 16:13 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2018-02-07 16:13 - 2018-02-07 16:13 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-07 16:12 - 2018-02-07 16:12 - 000000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2018-02-07 16:10 - 2018-02-07 16:12 - 000000000 ____D C:\Program Files\Microsoft Works
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ C:\Program Files\GUT4C8B.tmp
2018-02-06 20:55 - 2018-02-06 20:55 - 001129816 _____ (Google Inc.) C:\Users\Guest\Downloads\ChromeSetup.exe
2018-02-06 20:55 - 2018-02-06 20:55 - 000000000 ____D C:\Program Files\GUM4C6B.tmp
2018-02-06 20:24 - 2018-02-06 20:24 - 000000000 ____D C:\Users\Guest\AppData\Local\CEF
2018-02-06 18:10 - 2018-02-08 16:03 - 000000000 ___SD C:\Users\Admin\AppData\LocalLow\Temp
2018-02-05 22:25 - 2018-02-05 22:26 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\chrome_cleanup_tool.exe
2018-02-05 00:07 - 2018-02-05 00:07 - 005838920 _____ (Adobe Systems Inc.) C:\Users\Admin\Downloads\Shockwave_Installer_Slim.exe
2018-02-04 20:55 - 2018-02-07 13:06 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-04 20:55 - 2018-02-04 20:55 - 000001826 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-04 20:55 - 2018-02-04 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-04 20:55 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-02-04 20:54 - 2018-02-04 20:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-04 20:51 - 2018-02-04 20:52 - 081173944 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3857.exe
2018-02-04 20:43 - 2018-02-04 20:43 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-02-04 20:42 - 2018-02-04 20:42 - 001142064 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-02-04 19:43 - 2018-02-04 19:43 - 000002152 _____ C:\Windows\epplauncher.mif
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 23:14 - 2014-08-03 11:23 - 000000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-03-06 23:13 - 2006-11-02 07:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-06 23:13 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-06 23:13 - 2006-11-02 07:45 - 000003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-06 11:27 - 2006-11-02 07:58 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-05 14:19 - 2016-03-30 19:04 - 000000000 ____D C:\Users\Guest\AppData\Roaming\AVG
2018-03-05 14:16 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Guest\AppData\Local\Avg
2018-03-05 13:25 - 2017-09-18 18:41 - 000000000 ___RD C:\Users\Admin\Desktop\Bob
2018-03-05 09:56 - 2014-07-22 18:19 - 000000000 ____D C:\Users\Betty Tremblay\AppData\Local\Microsoft Games
2018-03-04 16:53 - 2016-12-20 23:22 - 000000000 ____D C:\Users\Betty Tremblay\AppData\Roaming\AVG
2018-03-04 16:43 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Betty Tremblay\AppData\Local\Avg
2018-03-01 23:12 - 2013-12-25 19:53 - 000013824 _____ C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-28 11:33 - 2007-08-09 19:01 - 000000000 ____D C:\Program Files\Google
2018-02-28 09:42 - 2017-09-18 18:16 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2018-02-28 09:27 - 2013-12-07 09:44 - 000000000 ____D C:\Users\Admin\AppData\Local\Google
2018-02-28 09:26 - 2007-08-09 19:01 - 000000000 ____D C:\ProgramData\Google
2018-02-26 22:30 - 2015-11-01 18:25 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AVG
2018-02-26 22:30 - 2015-06-02 09:30 - 000000000 ____D C:\Users\Admin\AppData\Local\Avg
2018-02-26 22:26 - 2015-11-01 18:14 - 000000000 ____D C:\ProgramData\Avg
2018-02-26 18:18 - 2017-12-14 16:03 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2018-02-22 18:27 - 2014-07-14 07:45 - 000000000 ____D C:\Windows\pss
2018-02-22 10:28 - 2013-12-07 09:44 - 000082904 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-22 05:47 - 2006-11-02 07:44 - 000322440 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-19 19:56 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
2018-02-19 19:56 - 2006-11-02 05:33 - 000716948 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-18 21:11 - 2017-06-15 23:17 - 000000000 ____D C:\c393470bc6f864048692b458
2018-02-17 11:53 - 2014-07-22 15:10 - 000000000 ____D C:\Users\Betty Tremblay
2018-02-17 11:53 - 2014-03-24 19:01 - 000000000 ____D C:\Users\Guest
2018-02-17 11:53 - 2013-12-07 09:42 - 000000000 ____D C:\Users\Admin
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2018-02-17 11:53 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2018-02-17 11:53 - 2006-11-02 05:22 - 029884416 _____ C:\Windows\system32\config\software_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 023592960 _____ C:\Windows\system32\config\system_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 021233664 _____ C:\Windows\system32\config\components_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2018-02-17 11:53 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2018-02-14 18:10 - 2014-07-22 16:57 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-02-10 16:29 - 2013-12-12 15:39 - 000000000 ____D C:\Windows\Minidump
2018-02-10 16:28 - 2017-09-19 18:26 - 281696941 _____ C:\Windows\MEMORY.DMP
2018-02-07 16:12 - 2007-08-09 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2018-02-07 16:12 - 2006-11-02 06:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-07 13:05 - 2006-11-02 07:44 - 000058368 _____ C:\Windows\system32\umstartup.etl
2018-02-05 22:55 - 2013-12-27 16:36 - 000000000 ____D C:\Users\Admin\Desktop\Unused Programs
2018-02-04 23:00 - 2007-08-09 18:57 - 000000000 ____D C:\ProgramData\Adobe
2018-02-04 22:58 - 2007-08-09 18:43 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-04 22:47 - 2015-10-24 21:09 - 000000000 ____D C:\Users\Admin\AppData\Local\AvgSetupLog
2018-02-04 20:54 - 2014-07-13 18:33 - 000000000 ____D C:\ProgramData\Malwarebytes
 
==================== Files in the root of some directories =======
 
2018-02-06 20:55 - 2018-02-06 20:55 - 007649280 _____ () C:\Program Files\GUT4C8B.tmp
2018-02-07 20:56 - 2018-03-06 04:35 - 000001068 _____ () C:\Users\Admin\AppData\Roaming\wklnhst.dat
2014-07-14 13:35 - 2014-07-14 13:35 - 000000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2013-12-25 19:53 - 2018-03-01 23:12 - 000013824 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-06 23:20
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04.03.2018
Ran by Admin (06-03-2018 23:22:58)
Running from C:\Users\Admin\Desktop
Microsoft® Windows Vista™ Home Basic  (X86) (2013-12-07 15:43:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-144978628-2293470025-642614174-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-144978628-2293470025-642614174-500 - Administrator - Disabled)
Betty Tremblay (S-1-5-21-144978628-2293470025-642614174-1001 - Limited - Enabled) => C:\Users\Betty Tremblay
Guest (S-1-5-21-144978628-2293470025-642614174-501 - Administrator - Enabled) => C:\Users\Guest
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Accessibility (HKLM\...\{2C544254-39F2-4ACA-B779-ABF7297C96CF}) (Version: 1.39.0.19 - TOSHIBA)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0012 - ATK)
AVG 2016 (HKLM\...\{AE3CE485-0996-413D-A897-D2F80D44982D}) (Version: 16.0.4776 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.1.3044 - AVG Technologies)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.01.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DriverUpdate (HKLM\...\{5386DB6C-026A-4D5F-9EE2-13619CA24320}) (Version: 5.3.0 - Slimware Utilities Holdings, Inc.) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (HKLM\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
Roxio EasyWrite Reader (HKLM\...\Roxio MRFilter) (Version:  - )
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.3.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.00.03 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.32 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.07 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: TOSH0501 - WildTangent)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-02-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-02-11] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-02-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {36AF97D0-6340-4933-9C35-0E82E23EB06A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-02-26] (AVG Technologies CZ, s.r.o.)
Task: {4A31C49C-85C2-4EA9-9EE2-25B50291EDE4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {8EC48C7A-FE6A-43C2-ACC2-584BE1A5BF18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-02-28] (Google Inc.)
Task: {B91CE50D-5CC5-4790-B449-27E19E3AD80F} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-02-08] (AVG Technologies CZ, s.r.o.)
Task: {C47BC29D-B74E-49D8-A191-759B41393C6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-02-28] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2007-08-09 18:20 - 2007-02-05 20:13 - 000094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2018-02-26 22:29 - 2018-02-26 22:29 - 000289008 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000281328 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2018-03-06 15:50 - 2018-03-06 15:50 - 005822192 _____ () C:\Program Files\AVG\Antivirus\defs\18030604\algo.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000758000 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000964336 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000469744 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2007-08-09 19:00 - 2007-01-25 19:47 - 000136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2007-08-09 19:00 - 2007-01-25 19:50 - 000063096 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2018-02-04 20:55 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-26 22:29 - 2018-02-26 22:29 - 000618736 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll
2006-11-02 01:47 - 2006-11-02 04:46 - 000364544 _____ () C:\Windows\system32\msjetoledb40.dll
2007-08-09 18:32 - 2007-05-18 05:43 - 000430080 _____ () C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2018-02-26 22:29 - 2018-02-26 22:29 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2016-09-06 16:15 - 2016-09-06 11:00 - 005197312 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 16:15 - 2016-09-06 11:00 - 000147456 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2018-02-24 23:50 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-144978628-2293470025-642614174-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{B568B700-47E7-4900-A90A-C7DE92AE7801}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{53DFE34E-9374-42FC-9AE0-E94F21FFF7B1}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{2D2269FA-EAED-4AF2-A475-48B518C6EF21}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{5557D815-1A87-487F-867D-0A2C707F9BE4}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{4A45D8BD-816A-459F-AC7F-AE42992EECFA}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{89676831-57EE-4E58-976F-E5B9576C96FC}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{EB3D8379-B078-4EF1-B956-F16B2E2EC2D6}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{5E55D80B-EAFE-41E4-A360-643B668D68C6}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{579A119E-EF2D-4715-9F5A-6D7470FA3A35}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{C0703ED2-45D2-434F-8B4C-438F9672AB2A}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{0A656B49-2FE7-49FF-8C46-21475406A20F}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{71E6999F-13B9-4ECD-A27F-34DDB53D3016}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [TCP Query User{B5E2788D-AA7D-40E0-B28D-4FF81C056910}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C74D3921-1936-460D-867C-9396366A92C1}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{57FA7AB7-F7DF-454A-BAB3-3A93F0E7DB93}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger
 
==================== Restore Points =========================
 
05-03-2018 12:31:24 End of disinfection
06-03-2018 15:38:40 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Built-in Infrared Device
Description: Built-in Infrared Device
Class Guid: {6bdd1fc5-810f-11d0-bec7-08002be2092f}
Manufacturer: (Standard Infrared Port)
Service: irsir
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/06/2018 12:49:24 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (03/06/2018 10:55:43 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (03/05/2018 05:47:37 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (03/05/2018 01:24:50 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (03/05/2018 12:31:24 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {119313c5-a254-494d-a773-cb6b87eac832}
 
Error: (03/05/2018 10:34:44 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (03/05/2018 09:48:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/05/2018 09:46:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (03/06/2018 11:15:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/06/2018 11:14:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/06/2018 11:14:55 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 10.0.0.8, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (03/06/2018 11:14:55 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (03/06/2018 11:13:58 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer EPSON WF-2540 Series (FAX) with shared resource name EPSON WF-2540 Series (FAX). Error 2114. The printer cannot be used by others on the network.
 
Error: (03/06/2018 11:13:58 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer WF-2540 Series(Network) with shared resource name WF-2540 Series(Network). Error 2114. The printer cannot be used by others on the network.
 
Error: (03/06/2018 11:13:40 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (03/06/2018 11:13:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:04:41 PM on 3/6/2018 was unexpected.
 
 
CodeIntegrity:
===================================
 
Date: 2017-12-09 16:52:22.676
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2017-12-09 16:52:22.629
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2017-12-09 16:52:22.567
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2017-12-09 16:52:22.520
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2017-12-09 16:52:22.473
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2017-12-09 16:52:22.427
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2017-12-09 16:52:22.146
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2017-12-09 16:52:22.099
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2310 @ 1.46GHz
Percentage of memory in use: 48%
Total physical RAM: 3062.44 MB
Available physical RAM: 1592.25 MB
Total Virtual: 6304.57 MB
Available Virtual: 4888.25 MB
 
==================== Drives ================================
 
Drive c: (SQ004525V02) (Fixed) (Total:73.06 GB) (Free:39.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
\\?\Volume{43956e0f-5f55-11e3-8818-806e6f6e6963}\ (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: E3AF5BFE)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=73.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#74
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hi

Couple of very minor things in the logs.

Please remove Driver Update - although this is a legitimate program it is classed as a PUP (Potentially Unwanted Program) - you can see here for further info on it.

To remove the program:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. Driver Update
Click uninstall.

then

Run FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   777bytes   11 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    In terms of the Internet Security Alert it's a web browser scam advertisement. Your computer is not infected. There is an article here which explains it in a bit more detail and tells you how to close it down if you receive this.

  • 0

#75
RobertDad

RobertDad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
 
I ran the programs like you asked, but I could not find a program Driver Update.   I checked the Programs and Features and did a search.  
So I figure it might have been one I already deleted, so I just ran the FRST files.   Hope I did everything right. 
 
 
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 04.03.2018
Ran by Admin (07-03-2018 22:42:14) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Betty Tremblay & Guest)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {d1c358bb-15d6-11e8-9c21-00164417c642} - E:\setupSNK.exe
Toolbar: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
2018-03-01 12:39 - 2018-03-04 07:42 - 000000000 ____D C:\Program Files\DriverUpdate
2018-03-01 12:39 - 2018-03-01 12:39 - 000000000 ____D C:\Users\Admin\AppData\Local\SlimWare Utilities Inc
2018-03-01 12:39 - 2018-03-01 12:39 - 000000000 ____D C:\Program Files\SlimWare Utilities
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Hosts: 
CMD:ipconfig /flushdns
EmptyTemp:
*****************
 
Restore point was successfully created.
"HKU\S-1-5-21-144978628-2293470025-642614174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1c358bb-15d6-11e8-9c21-00164417c642}" => removed successfully.
HKLM\Software\Classes\CLSID\{d1c358bb-15d6-11e8-9c21-00164417c642} => not found
"HKU\S-1-5-21-144978628-2293470025-642614174-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
C:\Program Files\DriverUpdate => moved successfully
C:\Users\Admin\AppData\Local\SlimWare Utilities Inc => moved successfully
C:\Program Files\SlimWare Utilities => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11047 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6760849 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 58458154 B
Edge => 0 B
Chrome => 242514274 B
Firefox => 23085879 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 66708 B
NetworkService => 70932 B
Admin => 7549954 B
Betty Tremblay => 13931631 B
Guest => 213675 B
 
RecycleBin => 0 B
EmptyTemp: => 336.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:43:17 ====

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP