Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet timing out

Started by momq , Sep 12 2018 10:33 AM

  • Please log in to reply

#1
momq
Posted 12 September 2018 - 10:33 AM

momq

    Member

  • Member
  • PipPip
  • 29 posts

My computer is getting slower and slower, especially when connected to the internet.  Recently it's become so bad that many processes time out before returning results or displaying a new page.

 

Can you help me find and fix the problem(s)?  I have run the FRST utility and have attached the resulting logs.  Thanks.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
Ran by Ruth (administrator) on RUTH-PC (12-09-2018 12:16:46)
Running from C:\Users\Ruth\Desktop
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_31_0_0_108_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010864 2010-04-01] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
IFEO\dcpsysmgr.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcp_display.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcp_power.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dthtml.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\edocs.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\moviemaker.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\windowslivewriter.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wlmail.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wlsync.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wlxphotogallery.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\zune.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
Lsa: [Authentication Packages] msv1_0 wvauth
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-01-04]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: (Trend Micro NSC Firefox Extension) - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2011-10-08] [Legacy] [not signed]
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-12]
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-07]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [435248 2018-07-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [8730648 2018-07-24] (AVAST Software)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1323912 2010-06-22] (Trend Micro Inc.)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1358160 2010-06-22] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-15] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [482328 2018-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101056 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394928 2018-08-24] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [162704 2018-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-08-29] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [169704 2018-08-29] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [98024 2018-09-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46656 2018-09-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-09-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [80576 2018-09-12] (Malwarebytes)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [158224 2009-07-06] (Trend Micro Inc.)
R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-07-15] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-07-15] (Trend Micro Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]
R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-11] (Trend Micro Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 catchme; \??\C:\Users\Ruth\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-12 12:05 - 2018-09-12 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2018-09-11 14:57 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 14:57 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 14:57 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-11 14:57 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 14:57 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-11 14:57 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-11 14:57 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-11 14:57 - 2018-08-23 17:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-11 14:57 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-11 14:57 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-11 14:57 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-11 14:57 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-11 14:57 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-11 14:57 - 2018-08-23 17:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-11 14:57 - 2018-08-23 17:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-11 14:57 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-11 14:57 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-11 14:57 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-11 14:57 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-11 14:57 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-11 14:57 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-11 14:57 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-11 14:57 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-11 14:57 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-11 14:57 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-11 14:57 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-11 14:57 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-11 14:57 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 14:57 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 14:57 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 14:57 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 14:57 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 14:57 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 14:57 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 14:57 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 14:57 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 14:57 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 14:57 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 14:57 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 14:57 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 14:57 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 14:57 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 14:57 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 14:57 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 14:57 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-01 09:43 - 2018-09-01 09:43 - 001193601 _____ C:\Users\Ruth\Downloads\September 2018 Viewpoint.pdf
2018-08-29 20:31 - 2018-09-12 12:06 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-29 20:31 - 2018-09-12 12:06 - 000098024 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-08-29 20:31 - 2018-09-12 12:06 - 000080576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-08-29 20:31 - 2018-09-12 12:06 - 000046656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-08-29 20:31 - 2018-08-29 20:31 - 000169704 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-08-28 06:56 - 2018-09-12 11:51 - 000038621 _____ C:\Users\Ruth\Desktop\Addition.txt
2018-08-28 06:54 - 2018-09-12 12:18 - 000024743 _____ C:\Users\Ruth\Desktop\FRST.txt
2018-08-28 06:52 - 2018-09-12 12:16 - 000000000 ____D C:\FRST
2018-08-28 06:44 - 2018-08-28 06:44 - 001773568 _____ (Farbar) C:\Users\Ruth\Desktop\FRST.exe
2018-08-17 06:14 - 2018-08-17 06:14 - 000000000 ____D C:\Users\Ruth\AppData\Local\mbam
2018-08-15 04:16 - 2018-08-03 11:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-08-15 04:16 - 2018-07-07 11:19 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-08-15 04:16 - 2018-07-06 11:54 - 000713408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-08-15 04:16 - 2018-06-29 11:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-08-15 04:16 - 2018-06-29 11:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-08-15 04:16 - 2018-06-27 11:50 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-08-15 04:16 - 2018-06-27 11:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-08-15 04:16 - 2018-06-27 11:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-08-15 04:16 - 2018-06-27 11:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-08-15 04:16 - 2018-06-27 11:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-08-15 04:16 - 2018-06-27 11:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-08-15 04:16 - 2018-06-27 11:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-08-15 04:16 - 2018-06-27 11:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-08-15 04:16 - 2018-06-20 23:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-12 12:13 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-12 12:13 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-12 12:07 - 2011-02-19 11:14 - 000000031 _____ C:\tmuninst.ini
2018-09-12 12:04 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-12 11:53 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-12 11:37 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-12 11:35 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-09-12 08:28 - 2017-03-29 21:18 - 000157744 _____ C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-12 05:33 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-09-12 04:38 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 04:38 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-12 04:34 - 2016-07-03 14:07 - 000000000 ___RD C:\Users\Ruth\Podcasts
2018-09-12 04:32 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 04:22 - 2013-11-29 14:28 - 000000000 ____D C:\Program Files\CCleaner
2018-09-12 03:48 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 03:04 - 2011-03-08 07:33 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-12 01:04 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-12 01:04 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-12 01:04 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-10 13:47 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-08-29 20:29 - 2018-08-08 07:00 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-08-24 22:19 - 2011-05-26 21:50 - 000002000 ____H C:\Users\Ruth\Documents\Default.rdp
2018-08-24 21:54 - 2009-07-14 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-08-24 12:36 - 2011-02-27 15:34 - 000394928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-08-20 11:13 - 2018-06-02 09:02 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-20 11:13 - 2018-06-02 09:02 - 000002294 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-08-16 03:14 - 2009-07-13 22:04 - 000000615 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-05 00:39

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018
Ran by Ruth (12-09-2018 12:18:51)
Running from C:\Users\Ruth\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.5273 - AVAST Software)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 68.0.746.59 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version:  - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version:  - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Visio Professional (HKLM\...\Visio Professional) (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E33A399-D592-4A3C-A4C4-F196E804823E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-23] (AVAST Software)
Task: {1159AE28-D6A5-4F28-BF43-F1CDC9F359D0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {20C253A5-3950-4675-B2F7-BAC0337DFB65} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {38F7060C-68F5-42CB-BD03-348C68B46BF6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {3B26E35B-3601-4886-8EC6-A463F3E842F3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {79B55048-C554-4440-976B-66DE295D3FBB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-11] (AVAST Software)
Task: {7EF8474D-95CD-48AE-83E1-B14F68DD2D0C} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-07-24] (AVAST Software)
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670

==================== Loaded Modules (Whitelisted) ==============

1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-09-12 09:37 - 2018-09-12 09:37 - 005691536 _____ () C:\Program Files\AVAST Software\Avast\defs\18091202\algo.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-09-12 12:11 - 2018-09-12 12:11 - 005691536 _____ () C:\Program Files\AVAST Software\Avast\defs\18091204\algo.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-08-08 07:00 - 2018-08-29 20:29 - 002268736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-08-08 07:00 - 2018-08-29 20:29 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2011-02-26 15:56 - 2012-01-23 21:57 - 000052224 _____ () C:\Users\Ruth\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2018-03-06 22:05 - 2018-03-06 22:05 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-01-04 22:50 - 2016-09-12 15:53 - 048936448 _____ () C:\Program Files\AVAST Software\Avast Cleanup\libcef.dll
2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:11590865 [256]
AlternateDataStreams: C:\ProgramData\Temp:1709732A [246]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\Temp:3AF262FC [145]
AlternateDataStreams: C:\ProgramData\Temp:614F17D3 [105]
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA [139]
AlternateDataStreams: C:\ProgramData\Temp:884C7316 [258]
AlternateDataStreams: C:\ProgramData\Temp:9EDA68BD [151]
AlternateDataStreams: C:\ProgramData\Temp:D507B5A8 [103]
AlternateDataStreams: C:\ProgramData\Temp:ECBC3CA7 [428]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-09-12 05:25 - 000000032 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CF17DCD6-7C22-4315-9700-76C220339E23}] => (Allow) LPort=61116
FirewallRules: [{D7D162BC-88E5-40CC-AC2C-07459DA91F56}] => (Allow) LPort=21112
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4DC4C854-0431-4C90-8172-FF6A302588FF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A14636A2-2567-40B5-96D9-67BBF95A5F0C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{C0699B73-56D9-430B-B540-7A7525EE1D21}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2CA9306E-EB6B-4F5D-94E0-F959AE560546}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C5FE793E-8982-4987-9F45-B770488D02C2}] => (Allow) LPort=61117
FirewallRules: [{59A6F964-0ECB-43EA-BCA8-904730A9583C}] => (Allow) LPort=61116
FirewallRules: [{9B9F8977-1C60-445E-84D6-5610328E171E}] => (Allow) LPort=21112

==================== Restore Points =========================

12-09-2018 03:01:44 Windows Update

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: tmcomm
Description: tmcomm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tmcomm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2018 12:07:08 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/12/2018 11:06:47 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/12/2018 10:51:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/12/2018 10:48:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.19130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2958

Start Time: 01d44aa64eb2c457

Termination Time: 70

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (09/12/2018 10:06:49 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/12/2018 09:06:47 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/12/2018 08:28:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/12/2018 08:06:47 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (09/12/2018 12:04:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/12/2018 12:04:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/12/2018 12:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (09/12/2018 12:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (09/12/2018 12:04:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (09/12/2018 12:04:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/12/2018 12:04:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (09/12/2018 12:04:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.


Windows Defender:
===================================
Date: 2015-12-09 03:47:27.607
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=223436
Name:SoftwareBundler:Win32/Dowadmin
ID:223436
Severity:High
Category:Software Bundler
Path Found:file:C:\Users\Ruth\Downloads\Setup.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2015-12-06 13:27:08.631
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=223436
Name:SoftwareBundler:Win32/Dowadmin
ID:223436
Severity:High
Category:Software Bundler
Path Found:file:C:\Users\Ruth\Downloads\Setup.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2015-12-02 06:38:10.446
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=223436
Name:SoftwareBundler:Win32/Dowadmin
ID:223436
Severity:High
Category:Software Bundler
Path Found:file:C:\Users\Ruth\Downloads\Setup.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2015-11-21 11:06:13.461
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=223436
Name:SoftwareBundler:Win32/Dowadmin
ID:223436
Severity:High
Category:Software Bundler
Path Found:file:C:\Users\Ruth\Downloads\Setup.exe
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

CodeIntegrity:
===================================

Date: 2016-08-24 06:16:50.130
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-24 06:16:49.506
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-23 22:16:38.222
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-23 22:16:37.332
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-18 06:08:35.459
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-18 06:08:34.975
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-10 03:31:40.538
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-10 03:31:40.320
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 63%
Total physical RAM: 2997.83 MB
Available physical RAM: 1089.85 MB
Total Virtual: 5994.03 MB
Available Virtual: 3921.49 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:22.98 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:602.76 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:395.25 GB) NTFS

\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 12 September 2018 - 03:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Don't think it's malware.  For some reason Trend Micro did not uninstall.  Neither did SuperAntiSpyware.  There's also something wrong with your fingerprint reader.  (Do you use it?)

 

See if you can get Trend Micro's uninstall utility to work:

 

https://esupport.tre...eferral=1104855

 

Then make a new FRST scan with Addition.txt checked and post both logs and we will clean up what remains.


  • 0

#3
momq
Posted 13 September 2018 - 08:45 PM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Thanks for the help!  I don't use a fingerprint reader.

 

I've run the Trend uninstall program and have re-run the FRST scan.  Resulting files to follow:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
Ran by Ruth (administrator) on RUTH-PC (13-09-2018 07:12:25)
Running from C:\Users\Ruth\Desktop
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010864 2010-04-01] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
IFEO\dcpsysmgr.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcp_display.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcp_power.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dthtml.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\edocs.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\moviemaker.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\windowslivewriter.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wlmail.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wlsync.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wlxphotogallery.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\zune.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
Lsa: [Authentication Packages] msv1_0 wvauth
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-01-04]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: (Trend Micro NSC Firefox Extension) - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2011-10-08] [Legacy] [not signed]
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-12]
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-07]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [435248 2018-07-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [8730648 2018-07-24] (AVAST Software)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1323912 2010-06-22] (Trend Micro Inc.)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1358160 2010-06-22] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-15] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [482328 2018-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101056 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394928 2018-08-24] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [162704 2018-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-08-29] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [169704 2018-08-29] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [98024 2018-09-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46656 2018-09-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-09-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [80576 2018-09-13] (Malwarebytes)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [158224 2009-07-06] (Trend Micro Inc.)
R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-07-15] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-07-15] (Trend Micro Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]
R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-11] (Trend Micro Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 catchme; \??\C:\Users\Ruth\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-13 07:07 - 2018-09-13 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2018-09-13 07:02 - 2018-09-13 07:02 - 000000000 ____D C:\ProgramData\Trend Micro
2018-09-13 06:57 - 2018-09-13 06:59 - 034052920 _____ (Trend Micro Inc. ) C:\Users\Ruth\Downloads\Ti_120_win_en_Tool_UninstallTool_hfb0001.exe
2018-09-11 14:57 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 14:57 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 14:57 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-11 14:57 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 14:57 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-11 14:57 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-11 14:57 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-11 14:57 - 2018-08-23 17:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-11 14:57 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-11 14:57 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-11 14:57 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-11 14:57 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-11 14:57 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-11 14:57 - 2018-08-23 17:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-11 14:57 - 2018-08-23 17:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-11 14:57 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-11 14:57 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-11 14:57 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-11 14:57 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-11 14:57 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-11 14:57 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-11 14:57 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-11 14:57 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-11 14:57 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-11 14:57 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-11 14:57 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-11 14:57 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-11 14:57 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 14:57 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 14:57 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 14:57 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 14:57 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 14:57 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 14:57 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 14:57 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 14:57 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 14:57 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 14:57 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 14:57 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 14:57 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 14:57 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 14:57 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 14:57 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 14:57 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 14:57 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-01 09:43 - 2018-09-01 09:43 - 001193601 _____ C:\Users\Ruth\Downloads\September 2018 Viewpoint.pdf
2018-08-29 20:31 - 2018-09-13 07:08 - 000098024 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-08-29 20:31 - 2018-09-13 07:08 - 000080576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-08-29 20:31 - 2018-09-13 07:08 - 000046656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-08-29 20:31 - 2018-09-13 07:07 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-29 20:31 - 2018-08-29 20:31 - 000169704 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-08-28 06:56 - 2018-09-12 12:19 - 000038693 _____ C:\Users\Ruth\Desktop\Addition.txt
2018-08-28 06:54 - 2018-09-13 07:13 - 000024418 _____ C:\Users\Ruth\Desktop\FRST.txt
2018-08-28 06:52 - 2018-09-13 07:12 - 000000000 ____D C:\FRST
2018-08-28 06:44 - 2018-08-28 06:44 - 001773568 _____ (Farbar) C:\Users\Ruth\Desktop\FRST.exe
2018-08-17 06:14 - 2018-08-17 06:14 - 000000000 ____D C:\Users\Ruth\AppData\Local\mbam
2018-08-15 04:16 - 2018-08-03 11:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-08-15 04:16 - 2018-07-07 11:19 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-08-15 04:16 - 2018-07-06 11:54 - 000713408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-08-15 04:16 - 2018-06-29 11:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-08-15 04:16 - 2018-06-29 11:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-08-15 04:16 - 2018-06-27 11:50 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-08-15 04:16 - 2018-06-27 11:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-08-15 04:16 - 2018-06-27 11:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-08-15 04:16 - 2018-06-27 11:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-08-15 04:16 - 2018-06-27 11:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-08-15 04:16 - 2018-06-27 11:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-08-15 04:16 - 2018-06-27 11:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-08-15 04:16 - 2018-06-27 11:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-08-15 04:16 - 2018-06-20 23:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-13 07:10 - 2011-02-19 11:14 - 000000031 _____ C:\tmuninst.ini
2018-09-13 07:05 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-13 07:03 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-09-13 07:02 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-13 05:01 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-13 05:01 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-13 03:05 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-13 03:05 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-13 03:05 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 18:08 - 2013-05-18 09:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-12 14:27 - 2014-01-25 21:17 - 000000000 ____D C:\Users\Ruth\AppData\Local\CrashDumps
2018-09-12 14:27 - 2011-03-04 07:18 - 000000000 ____D C:\Users\Ruth\Downloads\spelunky
2018-09-12 11:53 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-12 11:37 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-12 08:28 - 2017-03-29 21:18 - 000157744 _____ C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-12 05:33 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-09-12 04:38 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 04:34 - 2016-07-03 14:07 - 000000000 ___RD C:\Users\Ruth\Podcasts
2018-09-12 04:32 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 04:22 - 2013-11-29 14:28 - 000000000 ____D C:\Program Files\CCleaner
2018-09-12 03:48 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 03:04 - 2011-03-08 07:33 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-10 13:47 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-08-29 20:29 - 2018-08-08 07:00 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-08-24 22:19 - 2011-05-26 21:50 - 000002000 ____H C:\Users\Ruth\Documents\Default.rdp
2018-08-24 21:54 - 2009-07-14 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-08-24 12:36 - 2011-02-27 15:34 - 000394928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-08-20 11:13 - 2018-06-02 09:02 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-20 11:13 - 2018-06-02 09:02 - 000002294 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-08-16 03:14 - 2009-07-13 22:04 - 000000615 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-05 00:39

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018
Ran by Ruth (13-09-2018 07:14:20)
Running from C:\Users\Ruth\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.5273 - AVAST Software)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 68.0.746.59 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version:  - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version:  - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.92 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Visio Professional (HKLM\...\Visio Professional) (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E33A399-D592-4A3C-A4C4-F196E804823E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-23] (AVAST Software)
Task: {1159AE28-D6A5-4F28-BF43-F1CDC9F359D0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {20C253A5-3950-4675-B2F7-BAC0337DFB65} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {38F7060C-68F5-42CB-BD03-348C68B46BF6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {3B26E35B-3601-4886-8EC6-A463F3E842F3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {79B55048-C554-4440-976B-66DE295D3FBB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-12] (AVAST Software)
Task: {7EF8474D-95CD-48AE-83E1-B14F68DD2D0C} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-07-24] (AVAST Software)
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670

==================== Loaded Modules (Whitelisted) ==============

1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-09-12 16:13 - 2018-09-12 16:13 - 005691536 _____ () C:\Program Files\AVAST Software\Avast\defs\18091206\algo.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-03-06 22:05 - 2018-03-06 22:05 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2011-02-26 15:56 - 2012-01-23 21:57 - 000052224 _____ () C:\Users\Ruth\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2018-01-04 22:50 - 2016-09-12 15:53 - 048936448 _____ () C:\Program Files\AVAST Software\Avast Cleanup\libcef.dll
2018-08-08 07:00 - 2018-08-29 20:29 - 002268736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-08-08 07:00 - 2018-08-29 20:29 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:11590865 [256]
AlternateDataStreams: C:\ProgramData\Temp:1709732A [246]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\Temp:3AF262FC [145]
AlternateDataStreams: C:\ProgramData\Temp:614F17D3 [105]
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA [139]
AlternateDataStreams: C:\ProgramData\Temp:884C7316 [258]
AlternateDataStreams: C:\ProgramData\Temp:9EDA68BD [151]
AlternateDataStreams: C:\ProgramData\Temp:D507B5A8 [103]
AlternateDataStreams: C:\ProgramData\Temp:ECBC3CA7 [428]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-09-13 07:09 - 000000032 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CF17DCD6-7C22-4315-9700-76C220339E23}] => (Allow) LPort=61116
FirewallRules: [{D7D162BC-88E5-40CC-AC2C-07459DA91F56}] => (Allow) LPort=21112
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A14636A2-2567-40B5-96D9-67BBF95A5F0C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{C0699B73-56D9-430B-B540-7A7525EE1D21}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2CA9306E-EB6B-4F5D-94E0-F959AE560546}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C8A4EBA4-3266-44F2-A40E-9796D702CDCF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116

==================== Restore Points =========================

12-09-2018 03:01:44 Windows Update

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2018 07:08:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/13/2018 06:06:47 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/13/2018 05:06:47 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/13/2018 04:06:56 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/13/2018 03:06:49 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/13/2018 02:06:48 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/13/2018 01:06:47 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/13/2018 12:06:46 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

System errors:
=============
Error: (09/13/2018 07:06:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (09/13/2018 07:06:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (09/13/2018 07:06:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tmcomm service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (09/13/2018 07:06:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/13/2018 07:05:53 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.

Error: (09/13/2018 07:05:50 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Trend Micro Filter service depends the following service: VSApiNt. This service might not be installed.

Error: (09/12/2018 12:04:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/12/2018 12:04:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Windows Defender:
===================================
Date: 2015-12-09 03:47:27.607
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=223436
Name:SoftwareBundler:Win32/Dowadmin
ID:223436
Severity:High
Category:Software Bundler
Path Found:file:C:\Users\Ruth\Downloads\Setup.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2015-12-06 13:27:08.631
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=223436
Name:SoftwareBundler:Win32/Dowadmin
ID:223436
Severity:High
Category:Software Bundler
Path Found:file:C:\Users\Ruth\Downloads\Setup.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2015-12-02 06:38:10.446
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=223436
Name:SoftwareBundler:Win32/Dowadmin
ID:223436
Severity:High
Category:Software Bundler
Path Found:file:C:\Users\Ruth\Downloads\Setup.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2015-11-21 11:06:13.461
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=223436
Name:SoftwareBundler:Win32/Dowadmin
ID:223436
Severity:High
Category:Software Bundler
Path Found:file:C:\Users\Ruth\Downloads\Setup.exe
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

CodeIntegrity:
===================================

Date: 2016-08-24 06:16:50.130
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-24 06:16:49.506
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-23 22:16:38.222
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-23 22:16:37.332
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-18 06:08:35.459
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-18 06:08:34.975
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-10 03:31:40.538
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-10 03:31:40.320
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 2997.83 MB
Available physical RAM: 1239.39 MB
Total Virtual: 5994.03 MB
Available Virtual: 4105.17 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:22.8 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:602.76 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:395.19 GB) NTFS

\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#4
RKinner
Posted 13 September 2018 - 09:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

The tool didn't do much so we have to pull Trend Micro out by the roots.

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Also

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 


  • 0

#5
momq
Posted 14 September 2018 - 07:21 PM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Attached File  RUTH-PC.txt   483.11KB   172 downloadsThanks!  Here's the next set...
Fix result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018
Ran by Ruth (14-09-2018 06:16:48) Run:1
Running from C:\Users\Ruth\Desktop
Loaded Profiles: Ruth (Available Profiles: Ruth)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010864 2010-04-01] (SUPERAntiSpyware.com)
IFEO\dcpsysmgr.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcp_display.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dcp_power.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dthtml.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\edocs.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\moviemaker.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\windowslivewriter.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wlmail.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wlsync.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wlxphotogallery.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\zune.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: (Trend Micro NSC Firefox Extension) - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2011-10-08] [Legacy] [not signed]
R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [8730648 2018-07-24] (AVAST Software)
R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1323912 2010-06-22] (Trend Micro Inc.)
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1358160 2010-06-22] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-15] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [158224 2009-07-06] (Trend Micro Inc.)
R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-07-15] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-07-15] (Trend Micro Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]
R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-11] (Trend Micro Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 catchme; \??\C:\Users\Ruth\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
2018-09-13 07:07 - 2018-09-13 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2018-09-13 07:02 - 2018-09-13 07:02 - 000000000 ____D C:\ProgramData\Trend Micro
2018-09-13 06:57 - 2018-09-13 06:59 - 034052920 _____ (Trend Micro Inc. ) C:\Users\Ruth\Downloads\Ti_120_win_en_Tool_UninstallTool_hfb0001.exe
AlternateDataStreams: C:\ProgramData\Temp:11590865 [256]
AlternateDataStreams: C:\ProgramData\Temp:1709732A [246]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\Temp:3AF262FC [145]
AlternateDataStreams: C:\ProgramData\Temp:614F17D3 [105]
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA [139]
AlternateDataStreams: C:\ProgramData\Temp:884C7316 [258]
AlternateDataStreams: C:\ProgramData\Temp:9EDA68BD [151]
AlternateDataStreams: C:\ProgramData\Temp:D507B5A8 [103]
AlternateDataStreams: C:\ProgramData\Temp:ECBC3CA7 [428]
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
 
 
 
 
*****************
"HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dcpsysmgr.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dcp_display.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dcp_power.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dthtml.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\edocs.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\moviemaker.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\softwareupdate.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\windowslivewriter.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wlmail.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wlsync.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wlxphotogallery.exe" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zune.exe" => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => removed successfully.
HKLM\Software\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => not found
"HKLM\Software\Mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}" => removed successfully.
c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => moved successfully
CleanupPSvc => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\CleanupPSvc" => removed successfully.
CleanupPSvc => service removed successfully.
ntrtscan => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\ntrtscan" => removed successfully.
ntrtscan => service removed successfully.
svcGenericHost => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\svcGenericHost" => removed successfully.
svcGenericHost => service removed successfully.
tmlisten => Unable to stop service.
tmlisten => service removed successfully.
TmPfw => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\TmPfw" => removed successfully.
TmPfw => service removed successfully.
"HKLM\System\CurrentControlSet\Services\TmProxy" => removed successfully.
TmProxy => service removed successfully.
SASDIFSV => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\SASDIFSV" => removed successfully.
SASDIFSV => service removed successfully.
"HKLM\System\CurrentControlSet\Services\SASENUM" => removed successfully.
SASENUM => service removed successfully.
SASKUTIL => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\SASKUTIL" => removed successfully.
SASKUTIL => service removed successfully.
"HKLM\System\CurrentControlSet\Services\tmcomm" => removed successfully.
tmcomm => service removed successfully.
"HKLM\System\CurrentControlSet\Services\TmFilter" => removed successfully.
TmFilter => service removed successfully.
tmlwf => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\tmlwf" => removed successfully.
tmlwf => service removed successfully.
"HKLM\System\CurrentControlSet\Services\TmPreFilter" => removed successfully.
TmPreFilter => service removed successfully.
tmtdi => Unable to stop service.
tmtdi => service removed successfully.
tmwfp => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\tmwfp" => removed successfully.
tmwfp => service removed successfully.
"HKLM\System\CurrentControlSet\Services\USBAAPL" => removed successfully.
USBAAPL => service removed successfully.
"HKLM\System\CurrentControlSet\Services\VSApiNt" => removed successfully.
VSApiNt => service removed successfully.
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully.
AppMgmt => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent => moved successfully
C:\ProgramData\Trend Micro => moved successfully
C:\Users\Ruth\Downloads\Ti_120_win_en_Tool_UninstallTool_hfb0001.exe => moved successfully
C:\ProgramData\Temp => ":11590865" ADS removed successfully.
C:\ProgramData\Temp => ":1709732A" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":3AF262FC" ADS removed successfully.
C:\ProgramData\Temp => ":614F17D3" ADS removed successfully.
C:\ProgramData\Temp => ":7BB584AA" ADS removed successfully.
C:\ProgramData\Temp => ":884C7316" ADS removed successfully.
C:\ProgramData\Temp => ":9EDA68BD" ADS removed successfully.
C:\ProgramData\Temp => ":D507B5A8" ADS removed successfully.
C:\ProgramData\Temp => ":ECBC3CA7" ADS removed successfully.
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========
 
The system needed a reboot.
==== End of Fixlog 06:18:28 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.08.2018
Ran by Ruth (administrator) on RUTH-PC (14-09-2018 20:43:16)
Running from C:\Users\Ruth\Desktop
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_31_0_0_108_ActiveX.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-01-04]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
FireFox:
========
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-12]
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-07]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [435248 2018-07-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [482328 2018-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101056 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394928 2018-08-24] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [162704 2018-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-08-29] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [169704 2018-08-29] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [98024 2018-09-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46656 2018-09-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-09-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [80576 2018-09-14] (Malwarebytes)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-14 06:16 - 2018-09-14 06:18 - 000012018 _____ C:\Users\Ruth\Desktop\Fixlog.txt
2018-09-13 20:36 - 2018-09-13 20:36 - 000047176 _____ () C:\Windows\system32\Drivers\staport.sys
2018-09-11 14:57 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 14:57 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 14:57 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-11 14:57 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 14:57 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-11 14:57 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-11 14:57 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-11 14:57 - 2018-08-23 17:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-11 14:57 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-11 14:57 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-11 14:57 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-11 14:57 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-11 14:57 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-11 14:57 - 2018-08-23 17:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-11 14:57 - 2018-08-23 17:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-11 14:57 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-11 14:57 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-11 14:57 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-11 14:57 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-11 14:57 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-11 14:57 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-11 14:57 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-11 14:57 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-11 14:57 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-11 14:57 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-11 14:57 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-11 14:57 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-11 14:57 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 14:57 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 14:57 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 14:57 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 14:57 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 14:57 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 14:57 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 14:57 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 14:57 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 14:57 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 14:57 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 14:57 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 14:57 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 14:57 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 14:57 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 14:57 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 14:57 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 14:57 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-01 09:43 - 2018-09-01 09:43 - 001193601 _____ C:\Users\Ruth\Downloads\September 2018 Viewpoint.pdf
2018-08-29 20:31 - 2018-09-14 19:31 - 000080576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-08-29 20:31 - 2018-09-14 06:23 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-29 20:31 - 2018-09-14 06:23 - 000098024 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-08-29 20:31 - 2018-09-14 06:23 - 000046656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-08-29 20:31 - 2018-08-29 20:31 - 000169704 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-08-28 06:56 - 2018-09-13 07:14 - 000037224 _____ C:\Users\Ruth\Desktop\Addition.txt
2018-08-28 06:54 - 2018-09-14 20:43 - 000019601 _____ C:\Users\Ruth\Desktop\FRST.txt
2018-08-28 06:52 - 2018-09-14 20:43 - 000000000 ____D C:\FRST
2018-08-28 06:44 - 2018-08-28 06:44 - 001773568 _____ (Farbar) C:\Users\Ruth\Desktop\FRST.exe
2018-08-17 06:14 - 2018-08-17 06:14 - 000000000 ____D C:\Users\Ruth\AppData\Local\mbam
2018-08-15 04:16 - 2018-08-03 11:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-08-15 04:16 - 2018-07-07 11:19 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-08-15 04:16 - 2018-07-06 11:54 - 000713408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-08-15 04:16 - 2018-06-29 11:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-08-15 04:16 - 2018-06-29 11:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-08-15 04:16 - 2018-06-27 11:50 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-08-15 04:16 - 2018-06-27 11:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-08-15 04:16 - 2018-06-27 11:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-08-15 04:16 - 2018-06-27 11:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-08-15 04:16 - 2018-06-27 11:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-08-15 04:16 - 2018-06-27 11:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-08-15 04:16 - 2018-06-27 11:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-08-15 04:16 - 2018-06-27 11:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-08-15 04:16 - 2018-06-20 23:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-14 06:30 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-14 06:30 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-14 06:21 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-13 07:10 - 2011-02-19 11:14 - 000000031 _____ C:\tmuninst.ini
2018-09-13 07:03 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-09-13 07:02 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-13 03:05 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-13 03:05 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-13 03:05 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 18:08 - 2013-05-18 09:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-12 14:27 - 2014-01-25 21:17 - 000000000 ____D C:\Users\Ruth\AppData\Local\CrashDumps
2018-09-12 14:27 - 2011-03-04 07:18 - 000000000 ____D C:\Users\Ruth\Downloads\spelunky
2018-09-12 11:53 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-12 11:37 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-12 08:28 - 2017-03-29 21:18 - 000157744 _____ C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-12 05:33 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-09-12 04:38 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 04:34 - 2016-07-03 14:07 - 000000000 ___RD C:\Users\Ruth\Podcasts
2018-09-12 04:32 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 04:22 - 2013-11-29 14:28 - 000000000 ____D C:\Program Files\CCleaner
2018-09-12 03:48 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 03:04 - 2011-03-08 07:33 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-10 13:47 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-08-29 20:29 - 2018-08-08 07:00 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-08-24 22:19 - 2011-05-26 21:50 - 000002000 ____H C:\Users\Ruth\Documents\Default.rdp
2018-08-24 21:54 - 2009-07-14 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-08-24 12:36 - 2011-02-27 15:34 - 000394928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-08-20 11:13 - 2018-06-02 09:02 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-20 11:13 - 2018-06-02 09:02 - 000002294 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-08-16 03:14 - 2009-07-13 22:04 - 000000615 _____ C:\Windows\win.ini
==================== Files in the root of some directories =======
2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-09-05 00:39
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018
Ran by Ruth (14-09-2018 20:44:06)
Running from C:\Users\Ruth\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.5273 - AVAST Software)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 68.0.746.59 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version:  - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version:  - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.92 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Visio Professional (HKLM\...\Visio Professional) (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E33A399-D592-4A3C-A4C4-F196E804823E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-23] (AVAST Software)
Task: {1159AE28-D6A5-4F28-BF43-F1CDC9F359D0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {20C253A5-3950-4675-B2F7-BAC0337DFB65} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {38F7060C-68F5-42CB-BD03-348C68B46BF6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {3B26E35B-3601-4886-8EC6-A463F3E842F3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {79B55048-C554-4440-976B-66DE295D3FBB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-12] (AVAST Software)
Task: {7EF8474D-95CD-48AE-83E1-B14F68DD2D0C} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-07-24] (AVAST Software)
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
==================== Loaded Modules (Whitelisted) ==============
1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-09-14 14:54 - 2018-09-14 14:54 - 005693072 _____ () C:\Program Files\AVAST Software\Avast\defs\18091406\algo.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-08-08 07:00 - 2018-08-29 20:29 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-08-08 07:00 - 2018-08-29 20:29 - 002268736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-06 22:05 - 2018-03-06 22:05 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-01-04 22:50 - 2016-09-12 15:53 - 048936448 _____ () C:\Program Files\AVAST Software\Avast Cleanup\libcef.dll
2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2018-09-13 07:09 - 000000032 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A14636A2-2567-40B5-96D9-67BBF95A5F0C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{C0699B73-56D9-430B-B540-7A7525EE1D21}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2CA9306E-EB6B-4F5D-94E0-F959AE560546}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C8A4EBA4-3266-44F2-A40E-9796D702CDCF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116
==================== Restore Points =========================
14-09-2018 00:00:02 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (09/14/2018 08:06:47 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (09/14/2018 07:06:47 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (09/14/2018 06:06:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (09/14/2018 05:06:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (09/14/2018 04:06:47 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (09/14/2018 03:06:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (09/14/2018 02:06:47 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (09/14/2018 01:06:47 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

System errors:
=============
Error: (09/14/2018 06:22:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (09/14/2018 06:22:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (09/14/2018 06:22:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (09/14/2018 06:21:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.
Error: (09/14/2018 06:21:36 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.

==================== Memory info ===========================
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 51%
Total physical RAM: 2997.83 MB
Available physical RAM: 1459.79 MB
Total Virtual: 5994.03 MB
Available Virtual: 4282.41 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:25.4 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:602.76 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:395.1 GB) NTFS
\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 92.97 0 K 24 K 0   
MBAMService.exe 1.81 121,232 K 151,372 K 3084 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
procexp.exe 1.41 35,648 K 53,896 K 7004 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
WDBackupEngine.exe 0.77 26,640 K 9,292 K 4328 WD Backup Engine Western Digital  (Verified) Western Digital Technologies
audiodg.exe 0.60 16,848 K 11,016 K 1256 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
System 0.49 52 K 1,264 K 4   
WDDriveService.exe 0.48 9,192 K 13,008 K 2608 WD Drive Service Western Digital (Verified) Western Digital Technologies
Interrupts 0.36 0 K 0 K n/a Hardware Interrupts and DPCs  
dwm.exe 0.29 60,332 K 28,624 K 3660 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.17 108,888 K 40,988 K 1568 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
csrss.exe 0.13 2,136 K 4,156 K 480 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.08 4,100 K 6,792 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.07 2,552 K 23,196 K 548 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.07 5,964 K 10,556 K 384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 0.06 28,352 K 48,692 K 4224 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
WDRulesEngine.exe 0.06 18,200 K 5,940 K 2652 WD Rules Engine Western Digital  (Verified) Western Digital Technologies
svchost.exe 0.04 23,040 K 30,808 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IAStorDataMgrSvc.exe 0.02 15,828 K 14,500 K 2956 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
SearchIndexer.exe 0.02 25,916 K 16,224 K 4608 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.02 42,080 K 61,768 K 3684 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
cvpnd.exe 0.02 2,376 K 4,932 K 1772 Cisco Systems VPN Client Cisco Systems, Inc. (Verified) Cisco Systems
afwServ.exe 0.01 7,348 K 19,964 K 1352 Avast firewall service AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.01 4,004 K 5,548 K 2372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
aswidsagent.exe 0.01 17,628 K 33,088 K 5256 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o.
CCleaner.exe 0.01 10,116 K 3,264 K 4664 CCleaner Piriform Ltd (Verified) Piriform Ltd
iexplore.exe 0.01 27,324 K 46,520 K 1280 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 13,888 K 13,968 K 1488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe < 0.01 161,936 K 159,092 K 6000 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
wmpnetwk.exe < 0.01 10,136 K 8,688 K 5508 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
lsm.exe < 0.01 1,572 K 3,084 K 620 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 7,644 K 11,116 K 3332 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 8,064 K 13,280 K 1064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 75,880 K 82,772 K 1032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamtray.exe < 0.01 21,320 K 32,036 K 3768 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
SearchProtocolHost.exe < 0.01 2,784 K 6,908 K 7240 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
DVMExportService.exe < 0.01 832 K 3,032 K 2060 Windows Metadata Export Service DeviceVM, Inc. (No signature was present in the subject) DeviceVM, Inc.
stacsv.exe < 0.01 5,888 K 4,732 K 1148 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe < 0.01 8,536 K 10,280 K 476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe  1,268 K 3,472 K 4080 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe  1,648 K 4,488 K 1936 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  2,316 K 5,208 K 8136 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  8,196 K 11,532 K 3876 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe  1,416 K 3,868 K 1592 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,704 K 4,624 K 732 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,040 K 2,988 K 540 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
upeksvr.exe  5,292 K 5,828 K 1632 Fingerprint Server Process for Vista UPEK Inc. (Verified) UPEK Inc.
unsecapp.exe  1,092 K 3,672 K 3720 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TuneupUI.exe  4,312 K 12,228 K 4572 Avast Cleanup UI AVAST Software (Verified) AVAST Software s.r.o.
TdmService.exe  2,944 K 6,328 K 536 TDM Service Wave Systems Corp. (Verified) Wave Systems Corp.
taskeng.exe  1,352 K 4,624 K 4628 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  11,208 K 13,236 K 2900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,636 K 6,920 K 800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  21,212 K 15,996 K 992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,408 K 4,436 K 1980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  784 K 2,560 K 2192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,796 K 4,484 K 1332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe  6,936 K 9,004 K 1904 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  324 K 824 K 368 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe  4,696 K 6,460 K 588 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe  2,004 K 5,012 K 7244 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
notepad.exe  1,524 K 5,808 K 6840 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe  1,500 K 5,784 K 6856 Notepad Microsoft Corporation (Verified) Microsoft Windows
lsass.exe  5,920 K 11,084 K 612 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
InstallFilterService.exe  1,436 K 4,304 K 2232   (No signature was present in the subject)
HostStorageService.exe  1,232 K 3,256 K 120 Host Storage Application Broadcom Corporation (Verified) Broadcom Corp
GoogleToolbarUser_32.exe  4,620 K 8,056 K 2020 Google Toolbar Broker Google Inc. (Verified) Google Inc
FlashUtil32_31_0_0_108_ActiveX.exe  2,312 K 7,180 K 6228 Adobe® Flash® Player Installer/Uninstaller 31.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
escsvc.exe  972 K 3,652 K 2120 Epson Scanner Service (32bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation
EPCP.exe  6,036 K 9,188 K 2088 Epson Customer Participation SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
E_JT50RP.EXE  744 K 2,372 K 2148 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
dllhost.exe  1,712 K 5,164 K 2388 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  560 K 2,116 K 1600 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
AvastBrowserCrashHandler.exe  1,288 K 564 K 3792 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o.
 

Image Name                     PID Services                                   
========================= ======== ============================================
System Idle Process              0 N/A                                        
System                           4 N/A                                        
smss.exe                       368 N/A                                        
csrss.exe                      480 N/A                                        
wininit.exe                    540 N/A                                        
csrss.exe                      548 N/A                                        
services.exe                   588 N/A                                        
lsass.exe                      612 KeyIso, SamSs                              
lsm.exe                        620 N/A                                        
winlogon.exe                   732 N/A                                        
svchost.exe                    800 DcomLaunch, PlugPlay, Power                
svchost.exe                    900 RpcEptMapper, RpcSs                        
svchost.exe                    992 Audiosrv, Dhcp, eventlog,                  
                                   HomeGroupProvider, lmhosts, wscsvc         
svchost.exe                   1032 AudioEndpointBuilder, hidserv,             
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe                   1064 EventSystem, fdPHost, FontCache, netprofm, 
                                   nsi, SstpSvc, WdiServiceHost               
svchost.exe                   1112 AeLookupSvc, Appinfo, BITS, Browser,       
                                   EapHost, gpsvc, IKEEXT, LanmanServer,      
                                   MMCSS, ProfSvc, RasMan, Schedule, seclogon,
                                   SENS, ShellHWDetection, Themes, Winmgmt,   
                                   wuauserv                                   
stacsv.exe                    1148 STacSV                                     
audiodg.exe                   1256 N/A                                        
svchost.exe                   1488 CryptSvc, Dnscache, LanmanWorkstation,     
                                   NlaSvc, TapiSrv                            
AvastSvc.exe                  1568 avast! Antivirus                           
wlanext.exe                   1592 N/A                                        
conhost.exe                   1600 N/A                                        
upeksvr.exe                   1632 N/A                                        
spoolsv.exe                   1904 Spooler                                    
HostStorageService.exe         120 Credential Vault Host Storage              
svchost.exe                    384 FDResPub, SCardSvr, SSDPSRV, upnphost      
svchost.exe                    476 BFE, DPS, MpsSvc                           
TdmService.exe                 536 TdmService                                 
afwServ.exe                   1352 avast! Firewall                            
cvpnd.exe                     1772 CVPND                                      
svchost.exe                   1980 DiagTrack                                  
DVMExportService.exe          2060 DvmMDES                                    
EPCP.exe                      2088 EpsonCustomerParticipation                 
escsvc.exe                    2120 EpsonScanSvc                               
E_JT50RP.EXE                  2148 EPSON_PM_RPCV4_05                          
svchost.exe                   2192 HsfXAudioService                           
InstallFilterService.exe      2232 InstallFilterService                       
svchost.exe                   2372 StiSvc                                     
WDDriveService.exe            2608 WDDriveService                             
WDRulesEngine.exe             2652 WDRulesService                             
MBAMService.exe               3084 MBAMService                                
taskhost.exe                  3332 N/A                                        
dwm.exe                       3660 N/A                                        
explorer.exe                  3684 N/A                                        
unsecapp.exe                  3720 N/A                                        
AvastBrowserCrashHandler.     3792 N/A                                        
WmiPrvSE.exe                  3876 N/A                                        
WUDFHost.exe                  4080 N/A                                        
WUDFHost.exe                  1936 N/A                                        
svchost.exe                   1332 PolicyAgent                                
AvastUI.exe                   4224 N/A                                        
WDBackupEngine.exe            4328 WDBackup                                   
TuneupUI.exe                  4572 N/A                                        
SearchIndexer.exe             4608 WSearch                                    
taskeng.exe                   4628 N/A                                        
CCleaner.exe                  4664 N/A                                        
aswidsagent.exe               5256 aswbIDSAgent                               
mbamtray.exe                  3768 N/A                                        
IAStorDataMgrSvc.exe          2956 IAStorDataMgrSvc                           
wmpnetwk.exe                  5508 WMPNetworkSvc                              
svchost.exe                   2900 p2pimsvc, p2psvc, PNRPsvc                  
dllhost.exe                   2388 N/A                                        
iexplore.exe                  1280 N/A                                        
iexplore.exe                  6000 N/A                                        
GoogleToolbarUser_32.exe      2020 N/A                                        
FlashUtil32_31_0_0_108_Ac     6228 N/A                                        
procexp.exe                   7004 N/A                                        
MsSpellCheckingFacility.e     5716 N/A                                        
notepad.exe                   7148 N/A                                        
cmd.exe                       5244 N/A                                        
conhost.exe                   7088 N/A                                        
tasklist.exe                  5488 N/A

 

 


  • 0

#6
RKinner
Posted 14 September 2018 - 08:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I missed a couple of Trend Micro entries.  Also going to remove some remnants of Cisco VPN and SAS as well as your fingerprint stuff (which is causing errors) so we need another fixlist.

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Let's try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply. 

 

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings

     

  • Report FF Proxy Settings

     

  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

 


  • 0

#7
momq
Posted 15 September 2018 - 06:40 AM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I occasionally need VPN to connect to my computer at work.  Will this fix list remove that capability, or is it just removing something that I don't need for that?

 

Thanks.


  • 0

#8
RKinner
Posted 15 September 2018 - 10:00 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Didn't look like Cisco VPN was installed and FRST complained that it wasn't working which is why I told it to remove the cisco entries.  You can edit the fixlist in notepad and remove any line that mentions Cisco before running the fix  if that's the VPN you use tho a reinstall might be better.


  • 0

#9
momq
Posted 15 September 2018 - 02:30 PM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Ok.  I don't use the VPN often, so for now I'll let the tools you suggest remove it.  I'll talk to the folks at work about a replacement after we're finished with this.  I think there's also an alternate way to connect.

 

I've tried running the FRST tool using the fix list you sent, but it doesn't complete successfully.  At some point it turns gray and shows a message, but all I can see of it is "not "  it's probably not responding.  Here's the log it generated.  I didn't take any of the following steps yet.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 23.08.2018
Ran by Ruth (15-09-2018 16:08:12) Run:3
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-01-04]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => not found
HKLM\Software\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk" => not found
"C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe" => not found

  • 0

#10
RKinner
Posted 15 September 2018 - 04:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Run a FRST scan and let's see how far it really got.


  • 0

Advertisements

#11
momq
Posted 15 September 2018 - 06:57 PM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Ok.  Thanks for your patience!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.09.2018
Ran by Ruth (administrator) on RUTH-PC (15-09-2018 20:52:47)
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_31_0_0_108_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-15]
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [435248 2018-07-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [482328 2018-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101056 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394928 2018-08-24] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [162704 2018-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-08-29] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [169704 2018-08-29] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [98024 2018-09-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46656 2018-09-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-09-15] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [80576 2018-09-15] (Malwarebytes)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-15 16:37 - 2018-09-15 16:37 - 000000000 ___HD C:\$AV_ASW
2018-09-15 15:52 - 2018-09-15 15:52 - 000003112 _____ C:\Users\Ruth\Downloads\fixlist.txt
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\Program Files\Speccy
2018-09-14 21:02 - 2018-09-15 20:52 - 000000000 ____D C:\Users\Ruth\Desktop\Geeks
2018-09-14 21:02 - 2018-09-14 21:02 - 006889184 _____ (Piriform Ltd) C:\Users\Ruth\Downloads\spsetup132.exe
2018-09-14 20:57 - 2018-09-14 20:57 - 000006725 _____ C:\junk.txt
2018-09-13 20:36 - 2018-09-13 20:36 - 000047176 _____ () C:\Windows\system32\Drivers\staport.sys
2018-09-11 14:57 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 14:57 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 14:57 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-11 14:57 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 14:57 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-11 14:57 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-11 14:57 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-11 14:57 - 2018-08-23 17:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-11 14:57 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-11 14:57 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-11 14:57 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-11 14:57 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-11 14:57 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-11 14:57 - 2018-08-23 17:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-11 14:57 - 2018-08-23 17:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-11 14:57 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-11 14:57 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-11 14:57 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-11 14:57 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-11 14:57 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-11 14:57 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-11 14:57 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-11 14:57 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-11 14:57 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-11 14:57 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-11 14:57 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-11 14:57 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-11 14:57 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 14:57 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 14:57 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 14:57 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 14:57 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 14:57 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 14:57 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 14:57 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 14:57 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 14:57 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 14:57 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 14:57 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 14:57 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 14:57 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 14:57 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 14:57 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 14:57 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 14:57 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-01 09:43 - 2018-09-01 09:43 - 001193601 _____ C:\Users\Ruth\Downloads\September 2018 Viewpoint.pdf
2018-08-29 20:31 - 2018-09-15 20:50 - 000080576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-08-29 20:31 - 2018-09-15 16:41 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-29 20:31 - 2018-09-15 16:41 - 000098024 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-08-29 20:31 - 2018-09-15 16:41 - 000046656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-08-29 20:31 - 2018-08-29 20:31 - 000169704 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-08-28 06:52 - 2018-09-15 16:08 - 000000000 ____D C:\FRST
2018-08-17 06:14 - 2018-08-17 06:14 - 000000000 ____D C:\Users\Ruth\AppData\Local\mbam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-15 16:49 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-15 16:49 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-15 16:40 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-14 21:05 - 2013-11-29 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-14 21:05 - 2013-11-29 14:28 - 000000000 ____D C:\Program Files\CCleaner
2018-09-13 07:10 - 2011-02-19 11:14 - 000000031 _____ C:\tmuninst.ini
2018-09-13 07:03 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-09-13 07:02 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-13 03:05 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-13 03:05 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-13 03:05 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 18:08 - 2013-05-18 09:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-12 14:27 - 2014-01-25 21:17 - 000000000 ____D C:\Users\Ruth\AppData\Local\CrashDumps
2018-09-12 14:27 - 2011-03-04 07:18 - 000000000 ____D C:\Users\Ruth\Downloads\spelunky
2018-09-12 11:53 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-12 11:37 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-12 08:28 - 2017-03-29 21:18 - 000157744 _____ C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-12 05:33 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-09-12 04:38 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 04:34 - 2016-07-03 14:07 - 000000000 ___RD C:\Users\Ruth\Podcasts
2018-09-12 04:32 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 03:48 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 03:04 - 2011-03-08 07:33 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-10 13:47 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-08-29 20:29 - 2018-08-08 07:00 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-08-24 22:19 - 2011-05-26 21:50 - 000002000 ____H C:\Users\Ruth\Documents\Default.rdp
2018-08-24 21:54 - 2009-07-14 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-08-24 12:36 - 2011-02-27 15:34 - 000394928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-08-20 11:13 - 2018-06-02 09:02 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-20 11:13 - 2018-06-02 09:02 - 000002294 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-08-16 03:14 - 2009-07-13 22:04 - 000000615 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 00:58

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Ruth (15-09-2018 20:54:39)
Running from C:\Users\Ruth\Desktop\Geeks
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.5273 - AVAST Software)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 68.0.746.59 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version:  - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version:  - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.92 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Visio Professional (HKLM\...\Visio Professional) (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E33A399-D592-4A3C-A4C4-F196E804823E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-23] (AVAST Software)
Task: {0E7BB6A9-8910-40E7-BB4F-06DD2650E834} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {20C253A5-3950-4675-B2F7-BAC0337DFB65} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {38F7060C-68F5-42CB-BD03-348C68B46BF6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {3B26E35B-3601-4886-8EC6-A463F3E842F3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {79B55048-C554-4440-976B-66DE295D3FBB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-15] (AVAST Software)
Task: {7EF8474D-95CD-48AE-83E1-B14F68DD2D0C} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-07-24] (AVAST Software)
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670

==================== Loaded Modules (Whitelisted) ==============

1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-09-15 10:58 - 2018-09-15 10:58 - 005695632 _____ () C:\Program Files\AVAST Software\Avast\defs\18091502\algo.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-08-08 07:00 - 2018-08-29 20:29 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-08-08 07:00 - 2018-08-29 20:29 - 002268736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-06 22:05 - 2018-03-06 22:05 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-07-30 01:34 - 2018-07-30 01:34 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-09-13 07:09 - 000000032 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A14636A2-2567-40B5-96D9-67BBF95A5F0C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{C0699B73-56D9-430B-B540-7A7525EE1D21}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2CA9306E-EB6B-4F5D-94E0-F959AE560546}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{C8A4EBA4-3266-44F2-A40E-9796D702CDCF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

14-09-2018 00:00:02 Scheduled Checkpoint
15-09-2018 15:55:09 Restore Point Created by FRST
15-09-2018 16:08:13 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2018 08:06:47 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/15/2018 07:06:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/15/2018 06:06:47 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/15/2018 05:06:48 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (09/15/2018 04:26:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 23.8.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2304

Start Time: 01d44d2fcf74f5ef

Termination Time: 4

Application Path: C:\Users\Ruth\Desktop\Geeks\FRST.exe

Report Id: 97eb802c-b925-11e8-9371-0026b9e1b006

Error: (09/15/2018 04:08:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8f9651cd-af21-4faf-b68d-16d0f8a99e2a}

Error: (09/15/2018 04:07:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 23.8.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1478

Start Time: 01d44d2df66bcb39

Termination Time: 4

Application Path: C:\Users\Ruth\Desktop\Geeks\FRST.exe

Report Id: 02fecfbb-b923-11e8-9371-0026b9e1b006

Error: (09/15/2018 04:06:48 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

System errors:
=============
Error: (09/15/2018 04:40:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/15/2018 04:40:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.

Error: (09/14/2018 09:01:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (09/14/2018 06:22:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/14/2018 06:22:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/14/2018 06:22:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/14/2018 06:21:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/14/2018 06:21:36 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 52%
Total physical RAM: 2997.83 MB
Available physical RAM: 1428.57 MB
Total Virtual: 5994.03 MB
Available Virtual: 4316.05 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:24.92 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:602.76 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:395.09 GB) NTFS

\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#12
RKinner
Posted 15 September 2018 - 07:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Let's try a smaller fixlist.

 

See if we can find what is causing the problem.  This is just going to remove one of the services that is causing an error on boot

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   704bytes   173 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 


  • 0

#13
momq
Posted 17 September 2018 - 06:58 AM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

So far, so good:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Ruth (17-09-2018 08:42:44) Run:4
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:

 

 

 

 

 

 

*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\System\CurrentControlSet\Services\tcsd_win32.exe" => removed successfully.
tcsd_win32.exe => service removed successfully.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

 

The system needed a reboot.

==== End of Fixlog 08:44:06 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.09.2018
Ran by Ruth (administrator) on RUTH-PC (17-09-2018 08:50:20)
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-17]
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [435248 2018-07-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [482328 2018-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101056 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394928 2018-08-24] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [162704 2018-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-08-29] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [169704 2018-08-29] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [98024 2018-09-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46656 2018-09-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-09-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [80576 2018-09-17] (Malwarebytes)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-15 16:37 - 2018-09-15 16:37 - 000000000 ___HD C:\$AV_ASW
2018-09-15 15:52 - 2018-09-15 15:52 - 000003112 _____ C:\Users\Ruth\Downloads\fixlist.txt
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\Program Files\Speccy
2018-09-14 21:02 - 2018-09-17 08:44 - 000000000 ____D C:\Users\Ruth\Desktop\Geeks
2018-09-14 21:02 - 2018-09-14 21:02 - 006889184 _____ (Piriform Ltd) C:\Users\Ruth\Downloads\spsetup132.exe
2018-09-14 20:57 - 2018-09-14 20:57 - 000006725 _____ C:\junk.txt
2018-09-13 20:36 - 2018-09-13 20:36 - 000047176 _____ () C:\Windows\system32\Drivers\staport.sys
2018-09-11 14:57 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 14:57 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 14:57 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-11 14:57 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 14:57 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-11 14:57 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-11 14:57 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-11 14:57 - 2018-08-23 17:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-11 14:57 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-11 14:57 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-11 14:57 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-11 14:57 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-11 14:57 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-11 14:57 - 2018-08-23 17:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-11 14:57 - 2018-08-23 17:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-11 14:57 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-11 14:57 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-11 14:57 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-11 14:57 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-11 14:57 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-11 14:57 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-11 14:57 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-11 14:57 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-11 14:57 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-11 14:57 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-11 14:57 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-11 14:57 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-11 14:57 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 14:57 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 14:57 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 14:57 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 14:57 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 14:57 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 14:57 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 14:57 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 14:57 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 14:57 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 14:57 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 14:57 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 14:57 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 14:57 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 14:57 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 14:57 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 14:57 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 14:57 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-01 09:43 - 2018-09-01 09:43 - 001193601 _____ C:\Users\Ruth\Downloads\September 2018 Viewpoint.pdf
2018-08-29 20:31 - 2018-09-17 08:48 - 000046656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-08-29 20:31 - 2018-09-17 08:47 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-29 20:31 - 2018-09-17 08:47 - 000098024 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-08-29 20:31 - 2018-09-17 08:47 - 000080576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-08-29 20:31 - 2018-08-29 20:31 - 000169704 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-08-28 06:52 - 2018-09-17 08:50 - 000000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-17 08:46 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-17 04:19 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-17 04:19 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-14 21:05 - 2013-11-29 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-14 21:05 - 2013-11-29 14:28 - 000000000 ____D C:\Program Files\CCleaner
2018-09-13 07:10 - 2011-02-19 11:14 - 000000031 _____ C:\tmuninst.ini
2018-09-13 07:03 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-09-13 07:02 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-13 03:05 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-13 03:05 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-13 03:05 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 18:08 - 2013-05-18 09:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-12 14:27 - 2014-01-25 21:17 - 000000000 ____D C:\Users\Ruth\AppData\Local\CrashDumps
2018-09-12 14:27 - 2011-03-04 07:18 - 000000000 ____D C:\Users\Ruth\Downloads\spelunky
2018-09-12 11:53 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-12 11:37 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-12 08:28 - 2017-03-29 21:18 - 000157744 _____ C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-12 05:33 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-09-12 04:38 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 04:34 - 2016-07-03 14:07 - 000000000 ___RD C:\Users\Ruth\Podcasts
2018-09-12 04:32 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 03:48 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 03:04 - 2011-03-08 07:33 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-10 13:47 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-08-29 20:29 - 2018-08-08 07:00 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-08-24 22:19 - 2011-05-26 21:50 - 000002000 ____H C:\Users\Ruth\Documents\Default.rdp
2018-08-24 21:54 - 2009-07-14 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-08-24 12:36 - 2011-02-27 15:34 - 000394928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-08-20 11:13 - 2018-06-02 09:02 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-20 11:13 - 2018-06-02 09:02 - 000002294 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk

==================== Files in the root of some directories =======

2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 00:58

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Ruth (17-09-2018 08:52:29)
Running from C:\Users\Ruth\Desktop\Geeks
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.5273 - AVAST Software)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 68.0.746.59 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version:  - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version:  - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.92 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Visio Professional (HKLM\...\Visio Professional) (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E33A399-D592-4A3C-A4C4-F196E804823E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-23] (AVAST Software)
Task: {0E7BB6A9-8910-40E7-BB4F-06DD2650E834} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {20C253A5-3950-4675-B2F7-BAC0337DFB65} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {38F7060C-68F5-42CB-BD03-348C68B46BF6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {3B26E35B-3601-4886-8EC6-A463F3E842F3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {79B55048-C554-4440-976B-66DE295D3FBB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-15] (AVAST Software)
Task: {7EF8474D-95CD-48AE-83E1-B14F68DD2D0C} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-07-24] (AVAST Software)
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670

==================== Loaded Modules (Whitelisted) ==============

2018-07-17 12:34 - 2018-07-17 12:34 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-09-17 04:50 - 2018-09-17 04:50 - 005695632 _____ () C:\Program Files\AVAST Software\Avast\defs\18091702\algo.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-08-08 07:00 - 2018-08-29 20:29 - 002268736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-08-08 07:00 - 2018-08-29 20:29 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2018-03-06 22:05 - 2018-03-06 22:05 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-07-30 01:34 - 2018-07-30 01:34 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-09-13 07:09 - 000000032 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A14636A2-2567-40B5-96D9-67BBF95A5F0C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{C0699B73-56D9-430B-B540-7A7525EE1D21}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2CA9306E-EB6B-4F5D-94E0-F959AE560546}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{C8A4EBA4-3266-44F2-A40E-9796D702CDCF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

14-09-2018 00:00:02 Scheduled Checkpoint
15-09-2018 15:55:09 Restore Point Created by FRST
15-09-2018 16:08:13 Restore Point Created by FRST
17-09-2018 08:42:53 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/17/2018 08:47:34 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/17/2018 08:47:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/17/2018 08:47:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/17/2018 08:46:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 46%
Total physical RAM: 2997.83 MB
Available physical RAM: 1616.96 MB
Total Virtual: 5994.03 MB
Available Virtual: 4678.32 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:23.89 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:602.76 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:395.09 GB) NTFS

\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#14
RKinner
Posted 17 September 2018 - 09:20 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

One more fixlist.  This one just works on Trend Micro entries.  Same procedure as before.

 

Attached File  fixlist.txt   1.16KB   172 downloads


  • 0

#15
momq
Posted 17 September 2018 - 01:43 PM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I think we're making progress!

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Ruth (17-09-2018 15:21:07) Run:5
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}
MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
c:\Program Files\Trend Micro
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:

 

 

 

 

 

 

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeScanNT Monitor" => removed successfully.
"FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}" => removed successfully.
"FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeScanNT Monitor" => removed successfully.
c:\Program Files\Trend Micro => moved successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

 

The system needed a reboot.

==== End of Fixlog 15:21:41 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.09.2018
Ran by Ruth (administrator) on RUTH-PC (17-09-2018 15:32:37)
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-17]
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [435248 2018-07-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [482328 2018-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101056 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394928 2018-08-24] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [162704 2018-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-08-29] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [169704 2018-08-29] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [98024 2018-09-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46656 2018-09-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-09-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [80576 2018-09-17] (Malwarebytes)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-15 16:37 - 2018-09-15 16:37 - 000000000 ___HD C:\$AV_ASW
2018-09-15 15:52 - 2018-09-15 15:52 - 000003112 _____ C:\Users\Ruth\Downloads\fixlist.txt
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\Program Files\Speccy
2018-09-14 21:02 - 2018-09-17 15:21 - 000000000 ____D C:\Users\Ruth\Desktop\Geeks
2018-09-14 21:02 - 2018-09-14 21:02 - 006889184 _____ (Piriform Ltd) C:\Users\Ruth\Downloads\spsetup132.exe
2018-09-14 20:57 - 2018-09-14 20:57 - 000006725 _____ C:\junk.txt
2018-09-13 20:36 - 2018-09-13 20:36 - 000047176 _____ () C:\Windows\system32\Drivers\staport.sys
2018-09-11 14:57 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 14:57 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 14:57 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-11 14:57 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 14:57 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-11 14:57 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-11 14:57 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-11 14:57 - 2018-08-23 17:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-11 14:57 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-11 14:57 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-11 14:57 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-11 14:57 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-11 14:57 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-11 14:57 - 2018-08-23 17:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-11 14:57 - 2018-08-23 17:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-11 14:57 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-11 14:57 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-11 14:57 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-11 14:57 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-11 14:57 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-11 14:57 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-11 14:57 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-11 14:57 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-11 14:57 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-11 14:57 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-11 14:57 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-11 14:57 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-11 14:57 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 14:57 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 14:57 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 14:57 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 14:57 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 14:57 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 14:57 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 14:57 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 14:57 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 14:57 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 14:57 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 14:57 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 14:57 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 14:57 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 14:57 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 14:57 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 14:57 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 14:57 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-01 09:43 - 2018-09-01 09:43 - 001193601 _____ C:\Users\Ruth\Downloads\September 2018 Viewpoint.pdf
2018-08-29 20:31 - 2018-09-17 15:25 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-29 20:31 - 2018-09-17 15:25 - 000098024 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-08-29 20:31 - 2018-09-17 15:25 - 000080576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-08-29 20:31 - 2018-09-17 15:25 - 000046656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-08-29 20:31 - 2018-08-29 20:31 - 000169704 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-08-28 06:52 - 2018-09-17 15:32 - 000000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-17 15:33 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-17 15:33 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-17 15:32 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-17 15:24 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-14 21:05 - 2013-11-29 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-14 21:05 - 2013-11-29 14:28 - 000000000 ____D C:\Program Files\CCleaner
2018-09-13 07:10 - 2011-02-19 11:14 - 000000031 _____ C:\tmuninst.ini
2018-09-13 07:03 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-09-13 07:02 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-13 03:05 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-13 03:05 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-13 03:05 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 18:08 - 2013-05-18 09:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-12 14:27 - 2014-01-25 21:17 - 000000000 ____D C:\Users\Ruth\AppData\Local\CrashDumps
2018-09-12 14:27 - 2011-03-04 07:18 - 000000000 ____D C:\Users\Ruth\Downloads\spelunky
2018-09-12 11:37 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-12 08:28 - 2017-03-29 21:18 - 000157744 _____ C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-12 05:33 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-09-12 04:38 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 04:34 - 2016-07-03 14:07 - 000000000 ___RD C:\Users\Ruth\Podcasts
2018-09-12 04:32 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 03:48 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 03:04 - 2011-03-08 07:33 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-10 13:47 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-08-29 20:29 - 2018-08-08 07:00 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-08-24 22:19 - 2011-05-26 21:50 - 000002000 ____H C:\Users\Ruth\Documents\Default.rdp
2018-08-24 21:54 - 2009-07-14 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-08-24 12:36 - 2011-02-27 15:34 - 000394928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-08-20 11:13 - 2018-06-02 09:02 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-20 11:13 - 2018-06-02 09:02 - 000002294 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk

==================== Files in the root of some directories =======

2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 00:58

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Ruth (17-09-2018 15:34:28)
Running from C:\Users\Ruth\Desktop\Geeks
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.5273 - AVAST Software)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 68.0.746.59 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version:  - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version:  - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.92 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Visio Professional (HKLM\...\Visio Professional) (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E33A399-D592-4A3C-A4C4-F196E804823E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-23] (AVAST Software)
Task: {0E7BB6A9-8910-40E7-BB4F-06DD2650E834} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {20C253A5-3950-4675-B2F7-BAC0337DFB65} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {38F7060C-68F5-42CB-BD03-348C68B46BF6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {3B26E35B-3601-4886-8EC6-A463F3E842F3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {79B55048-C554-4440-976B-66DE295D3FBB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-15] (AVAST Software)
Task: {7EF8474D-95CD-48AE-83E1-B14F68DD2D0C} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-07-24] (AVAST Software)
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670

==================== Loaded Modules (Whitelisted) ==============

1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-09-17 08:53 - 2018-09-17 08:53 - 005695632 _____ () C:\Program Files\AVAST Software\Avast\defs\18091704\algo.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-08-08 07:00 - 2018-08-29 20:29 - 002268736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-08-08 07:00 - 2018-08-29 20:29 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-06 22:05 - 2018-03-06 22:05 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-07-17 12:34 - 2018-07-17 12:34 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-07-30 01:34 - 2018-07-30 01:34 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-09-13 07:09 - 000000032 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A14636A2-2567-40B5-96D9-67BBF95A5F0C}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{C0699B73-56D9-430B-B540-7A7525EE1D21}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2CA9306E-EB6B-4F5D-94E0-F959AE560546}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{C8A4EBA4-3266-44F2-A40E-9796D702CDCF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

14-09-2018 00:00:02 Scheduled Checkpoint
15-09-2018 15:55:09 Restore Point Created by FRST
15-09-2018 16:08:13 Restore Point Created by FRST
17-09-2018 08:42:53 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/17/2018 03:24:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 48%
Total physical RAM: 2997.83 MB
Available physical RAM: 1544.55 MB
Total Virtual: 5994.03 MB
Available Virtual: 4586.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:23.75 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:602.76 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:395.03 GB) NTFS

\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP