Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet timing out

Started by momq , Sep 12 2018 10:33 AM

  • Please log in to reply

#46
RKinner
Posted 08 October 2018 - 01:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Error: (09/30/2018 09:20:49 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

 

Usually running a disk check on the bad drive will fix this error:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. K: J: or F:  (Hard to tell from the error.  Probably not C: or D:)
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You may receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?  (But you probably won't and the check will start right away - if not:
Click Yes to schedule the disk check and restart: )

 

Repeat for the other drives.  Once you have done all of them

 

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application.

 

Reboot.

 

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application instead of System. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

The other error is an install that is not working:

 

Error: (10/08/2018 02:00:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

 

 

 

Probably caused by this installed program:

 

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

 

Expect it has to do with an update to Visual Studio.  Perhaps a prerequisite is missing.

 

The VPN software is still active so if you are still seeing Internet drops removing it would be the next step.

 

 


  • 0

Advertisements

#47
momq
Posted 14 October 2018 - 07:02 AM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/10/2018 8:55:59 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/10/2018 12:38:59 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5800&MI_01\7&66de6c9&0&0001.

Log: 'System' Date/Time: 14/10/2018 12:38:58 PM
Type: Warning Category: 0
Event: 27 Source: e1kexpress
The event description cannot be found.

Log: 'System' Date/Time: 14/10/2018 12:37:23 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 14/10/2018 12:37:23 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv.dll

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/10/2018 8:58:21 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/10/2018 12:57:44 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 14/10/2018 12:55:34 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I won't be using C++ any more so I'll uninstall that program and also remove VPN because my internet is still extremely slow on this computer.  What should I run after I remove those two?

 

Thanks.


  • 0

#48
RKinner
Posted 14 October 2018 - 11:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Usually this error:

 

Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5800&MI_01\7&66de6c9&0&0001.

 

 

is caused by the service not being in Automatic.  Search for

 

services.msc

 

hit Enter

 

Scroll down to:

 

Windows Driver Foundation - User-mode Driver Framework

 

right click on it and select Properties then change Startup Type: to Automatic.  OK.

 

 

 

The

 

Event: 27 Source: e1kexpress
The event description cannot be found.

 

 

is probably just your Wired (Ethernet) connection complaining about not being connected.  If you disable it the error should stop.

 

After you uninstall the C++ stuff and the VPN, Run a new FRST scan with Addition.txt  checked and post both logs.


  • 0

#49
momq
Posted 15 October 2018 - 08:18 PM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I ran the uninstall in control panel for C++, but it has not removed error messages about side by side. 

 

I couldn't find an uninstall for VPN in control panel or in the Cisco folder, so I tried running the "install" program in case it offered me an option to uninstall it first, but it didn't.  When I was looking for the Ethernet connection I was supposed to disable, though, in Device Manager I found a VPN entry with an option to remove it and uninstall any related software, so I did that. 

 

Under Network Adaptors, I found the following:

  DW Wireless-N WLAN Half-Mini Card

  Intel® 82577LM Gigabit Network Connection

  Microsoft Virtual WiFi Miniport Adapter

I'm guessing the Intel® entry is the one I'm supposed to disable, but since I wasn't sure, I haven't done anything with it for now.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.10.2018
Ran by Ruth (administrator) on RUTH-PC (15-10-2018 21:54:55)
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Cisco Systems\VPN Client\autoinstallgui.exe
() C:\Program Files\Cisco Systems\VPN Client\autoinstallgui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_31_0_0_122_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mspaint.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) [File not signed]
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-09-11] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [175024 2018-09-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101688 2018-10-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [51696 2018-10-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229472 2018-10-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [81600 2018-10-15] (Malwarebytes)
R3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-14 08:40 - 2018-10-14 08:40 - 000051696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-10-14 08:39 - 2018-10-15 19:43 - 000081600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-10-14 08:39 - 2018-10-14 08:39 - 000229472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-14 08:39 - 2018-10-14 08:39 - 000101688 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-09 18:37 - 2018-09-19 04:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2018-10-09 18:37 - 2018-09-18 14:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-09 18:37 - 2018-09-18 00:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-09 18:37 - 2018-09-18 00:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-09 18:37 - 2018-09-18 00:31 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-09 18:37 - 2018-09-18 00:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-09 18:37 - 2018-09-18 00:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-09 18:37 - 2018-09-18 00:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-09 18:37 - 2018-09-18 00:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-09 18:37 - 2018-09-18 00:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-09 18:37 - 2018-09-18 00:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-09 18:37 - 2018-09-18 00:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-09 18:37 - 2018-09-18 00:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-09 18:37 - 2018-09-18 00:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-09 18:37 - 2018-09-18 00:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-09 18:37 - 2018-09-18 00:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-09 18:37 - 2018-09-18 00:13 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-09 18:37 - 2018-09-18 00:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-09 18:37 - 2018-09-18 00:09 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-09 18:37 - 2018-09-18 00:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-09 18:37 - 2018-09-18 00:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-09 18:37 - 2018-09-18 00:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-09 18:37 - 2018-09-18 00:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-09 18:37 - 2018-09-18 00:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-09 18:37 - 2018-09-17 23:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-09 18:37 - 2018-09-17 23:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-09 18:37 - 2018-09-17 23:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-09 18:37 - 2018-09-17 23:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-09 18:37 - 2018-09-17 23:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-09 18:37 - 2018-09-17 23:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-09 18:37 - 2018-09-17 23:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-09 18:37 - 2018-09-17 23:51 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-09 18:37 - 2018-09-17 23:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-09 18:37 - 2018-09-17 23:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-09 18:37 - 2018-09-17 23:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-09 18:37 - 2018-09-17 23:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-09 18:37 - 2018-09-17 23:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-09 18:37 - 2018-09-11 14:23 - 002404864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-09 18:37 - 2018-09-11 14:20 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-09 18:37 - 2018-09-11 14:20 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-10-09 18:37 - 2018-09-08 20:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-09 18:37 - 2018-09-08 20:46 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-09 18:37 - 2018-09-08 20:46 - 001214152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 000730824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 000219336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 000189640 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-10-09 18:37 - 2018-09-08 20:46 - 000189640 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-09 18:37 - 2018-09-08 20:46 - 000137928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 000136392 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-10-09 18:37 - 2018-09-08 20:46 - 000067272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-09 18:37 - 2018-09-08 20:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-09 18:37 - 2018-09-08 20:18 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-09 18:37 - 2018-09-08 20:18 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-09 18:37 - 2018-09-08 20:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-09 18:37 - 2018-09-08 20:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-09 18:37 - 2018-09-08 20:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-09 18:37 - 2018-09-08 20:16 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-09 18:37 - 2018-09-08 20:15 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-09 18:37 - 2018-09-08 20:13 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-09 18:37 - 2018-09-08 20:12 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-09 18:37 - 2018-09-08 20:12 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-09 18:37 - 2018-09-08 20:12 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-09 18:37 - 2018-08-28 02:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-09 18:37 - 2018-08-28 02:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-09 18:37 - 2018-08-28 01:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-09 18:37 - 2018-08-28 01:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-09 18:37 - 2018-08-28 01:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-09 18:37 - 2018-08-15 22:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-09 18:37 - 2018-08-13 17:48 - 000940784 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-09 18:37 - 2018-08-13 11:41 - 000527872 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-09 18:37 - 2018-08-12 16:17 - 000122536 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-09 18:37 - 2018-08-12 16:13 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-09 18:37 - 2018-08-08 11:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-09 18:37 - 2018-08-08 11:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-09-28 23:13 - 2018-09-28 23:13 - 000799117 _____ C:\Users\Ruth\Downloads\October 2018.pdf
2018-09-26 06:52 - 2018-09-26 06:52 - 000175024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-09-26 06:52 - 2018-09-26 06:52 - 000000000 ____D C:\Users\Ruth\AppData\Local\mbamtray
2018-09-26 06:51 - 2018-09-26 06:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-26 06:51 - 2018-09-11 13:18 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-09-23 20:03 - 2018-10-14 08:58 - 000001403 _____ C:\VEW.txt
2018-09-18 20:18 - 2018-09-18 20:19 - 208620060 _____ C:\Users\Ruth\Documents\before_update.reg
2018-09-15 16:37 - 2018-09-15 16:37 - 000000000 ___HD C:\$AV_ASW
2018-09-15 15:52 - 2018-09-15 15:52 - 000003112 _____ C:\Users\Ruth\Downloads\fixlist.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-15 21:54 - 2018-09-14 21:02 - 000000000 ____D C:\Users\Ruth\Desktop\Geeks
2018-10-15 21:54 - 2018-08-28 06:52 - 000000000 ____D C:\FRST
2018-10-15 21:53 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-15 21:53 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-15 21:49 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-10-14 08:39 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-11 05:04 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-10-11 05:04 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-10-11 05:04 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-10 04:29 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-10-10 03:45 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-10 03:39 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-10 03:13 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-10-10 03:05 - 2011-03-08 07:33 - 133674168 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-10 03:05 - 2009-07-13 22:04 - 000000615 _____ C:\Windows\win.ini
2018-10-08 13:56 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-10-01 12:01 - 2011-02-25 20:14 - 000000000 ____D C:\Users\Ruth
2018-09-26 06:53 - 2011-05-31 21:21 - 000000000 ____D C:\Users\Ruth\AppData\Local\ElevatedDiagnostics
2018-09-23 19:55 - 2011-02-25 20:14 - 000000000 ____D C:\Users\Ruth\AppData\Local\VirtualStore
2018-09-22 20:59 - 2018-09-14 20:57 - 000006401 _____ C:\junk.txt
2018-09-22 17:27 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-09-21 21:37 - 2011-07-08 21:52 - 000000000 ____D C:\Users\Ruth\AppData\Local\Microsoft Help
2018-09-20 22:24 - 2018-09-13 20:36 - 000047176 _____ () C:\Windows\system32\Drivers\staport.sys
2018-09-18 22:02 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-18 06:17 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-17 17:03 - 2013-05-18 09:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-15 00:22

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10.10.2018
Ran by Ruth (15-10-2018 21:55:46)
Running from C:\Users\Ruth\Desktop\Geeks
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version:  - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version:  - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Visio Professional (HKLM\...\Visio Professional) (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E7BB6A9-8910-40E7-BB4F-06DD2650E834} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-11] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-11] (Adobe Systems Incorporated)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670

==================== Loaded Modules (Whitelisted) ==============

1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-07-30 01:34 - 2018-07-30 01:34 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-09-26 06:51 - 2018-09-12 11:35 - 002230048 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-26 06:51 - 2018-09-12 17:57 - 002281640 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-10-10 03:45 - 2018-10-10 03:45 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\03c8dea5416354040dbac0726ebcd21f\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000262960 _____ () C:\Program Files\Cisco Systems\VPN Client\autoinstallgui.exe
2005-09-21 07:57 - 2005-09-21 07:57 - 004325376 _____ () C:\Program Files\Cisco Systems\VPN Client\qt-mt335.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-09-21 07:11 - 000000036 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{5299677F-C4C6-4CB2-AF48-D81D66DD1A54}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-10-2018 14:54:44 Windows Update
10-10-2018 03:01:48 Windows Update
11-10-2018 03:00:18 Windows Update
15-10-2018 21:14:01 Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2018 08:57:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/14/2018 08:55:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 60%
Total physical RAM: 2997.83 MB
Available physical RAM: 1186.34 MB
Total Virtual: 5994.03 MB
Available Virtual: 4119.24 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:24.29 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:665.18 GB) NTFS
Drive j: (Toddler & 2's) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:394.54 GB) NTFS

\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#50
RKinner
Posted 16 October 2018 - 10:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Yes the Intel would be the wired Internet which you don't use.

 

We can kill off the VPN since it's still active:

Download the attached fixlist.txt to the same location as FRST


Attached File  fixlist.txt   968bytes   155 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

You might try Windows Installer Cleanup Tool for the microsoft.vc80 error:

 

https://www.majorgee...up_utility.html

 


 


  • 0

#51
momq
Posted 19 October 2018 - 07:28 PM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I've completed most of this and will post the three logs at the end of this post.  I was also able to download and install the Windows Installer Cleanup Tool, but didn't see microsoft.vc80 in the list of items that can be removed.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 10.10.2018
Ran by Ruth (19-10-2018 20:57:28) Run:9
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Boot Mode: Normal

==============================================

fixlist content:
*****************
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) [File not signed]
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
C:\Program Files\Cisco Systems\VPN Client
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:

 

 

 

 

 

 

*****************

CVPND => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\CVPND => removed successfully.
CVPND => service removed successfully.
HKLM\System\CurrentControlSet\Services\CVirtA => removed successfully.
CVirtA => service removed successfully.
CVPNDRVA => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\CVPNDRVA => removed successfully.
CVPNDRVA => service removed successfully.

"C:\Program Files\Cisco Systems\VPN Client" folder move:

Could not move "C:\Program Files\Cisco Systems\VPN Client" => Scheduled to move on reboot.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-10-2018 21:01:02)

C:\Program Files\Cisco Systems\VPN Client => is moved successfully

==== End of Fixlog 21:01:02 ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.10.2018
Ran by Ruth (administrator) on RUTH-PC (19-10-2018 21:04:38)
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_31_0_0_122_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-09-11] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [175024 2018-09-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101688 2018-10-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [51696 2018-10-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229472 2018-10-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [81600 2018-10-19] (Malwarebytes)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-19 21:01 - 2018-10-19 21:01 - 000229472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-19 21:01 - 2018-10-19 21:01 - 000101688 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-19 21:01 - 2018-10-19 21:01 - 000081600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-10-19 21:01 - 2018-10-19 21:01 - 000051696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-10-16 12:14 - 2018-10-16 12:30 - 000217637 _____ C:\Users\Ruth\Desktop\AbsentVoterBallot_105377_7.pdf
2018-10-09 18:37 - 2018-09-19 04:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2018-10-09 18:37 - 2018-09-18 14:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-09 18:37 - 2018-09-18 00:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-09 18:37 - 2018-09-18 00:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-09 18:37 - 2018-09-18 00:31 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-09 18:37 - 2018-09-18 00:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-09 18:37 - 2018-09-18 00:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-09 18:37 - 2018-09-18 00:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-09 18:37 - 2018-09-18 00:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-09 18:37 - 2018-09-18 00:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-09 18:37 - 2018-09-18 00:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-09 18:37 - 2018-09-18 00:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-09 18:37 - 2018-09-18 00:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-09 18:37 - 2018-09-18 00:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-09 18:37 - 2018-09-18 00:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-09 18:37 - 2018-09-18 00:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-09 18:37 - 2018-09-18 00:13 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-09 18:37 - 2018-09-18 00:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-09 18:37 - 2018-09-18 00:09 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-09 18:37 - 2018-09-18 00:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-09 18:37 - 2018-09-18 00:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-09 18:37 - 2018-09-18 00:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-09 18:37 - 2018-09-18 00:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-09 18:37 - 2018-09-18 00:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-09 18:37 - 2018-09-17 23:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-09 18:37 - 2018-09-17 23:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-09 18:37 - 2018-09-17 23:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-09 18:37 - 2018-09-17 23:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-09 18:37 - 2018-09-17 23:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-09 18:37 - 2018-09-17 23:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-09 18:37 - 2018-09-17 23:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-09 18:37 - 2018-09-17 23:51 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-09 18:37 - 2018-09-17 23:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-09 18:37 - 2018-09-17 23:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-09 18:37 - 2018-09-17 23:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-09 18:37 - 2018-09-17 23:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-09 18:37 - 2018-09-17 23:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-09 18:37 - 2018-09-11 14:23 - 002404864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-09 18:37 - 2018-09-11 14:20 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-09 18:37 - 2018-09-11 14:20 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-10-09 18:37 - 2018-09-08 20:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-09 18:37 - 2018-09-08 20:46 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-09 18:37 - 2018-09-08 20:46 - 001214152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 000730824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 000219336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 000189640 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-10-09 18:37 - 2018-09-08 20:46 - 000189640 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-09 18:37 - 2018-09-08 20:46 - 000137928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-09 18:37 - 2018-09-08 20:46 - 000136392 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-10-09 18:37 - 2018-09-08 20:46 - 000067272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-09 18:37 - 2018-09-08 20:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-09 18:37 - 2018-09-08 20:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-09 18:37 - 2018-09-08 20:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-09 18:37 - 2018-09-08 20:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-09 18:37 - 2018-09-08 20:18 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-09 18:37 - 2018-09-08 20:18 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-09 18:37 - 2018-09-08 20:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-09 18:37 - 2018-09-08 20:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-09 18:37 - 2018-09-08 20:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-09 18:37 - 2018-09-08 20:16 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-09 18:37 - 2018-09-08 20:15 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-09 18:37 - 2018-09-08 20:13 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-09 18:37 - 2018-09-08 20:12 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-09 18:37 - 2018-09-08 20:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-09 18:37 - 2018-09-08 20:12 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-09 18:37 - 2018-09-08 20:12 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-09 18:37 - 2018-08-28 02:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-09 18:37 - 2018-08-28 02:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-09 18:37 - 2018-08-28 01:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-09 18:37 - 2018-08-28 01:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-09 18:37 - 2018-08-28 01:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-09 18:37 - 2018-08-15 22:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-09 18:37 - 2018-08-13 17:48 - 000940784 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-09 18:37 - 2018-08-13 11:41 - 000527872 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-09 18:37 - 2018-08-12 16:17 - 000122536 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-09 18:37 - 2018-08-12 16:13 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-09 18:37 - 2018-08-08 11:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-09 18:37 - 2018-08-08 11:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-09-28 23:13 - 2018-09-28 23:13 - 000799117 _____ C:\Users\Ruth\Downloads\October 2018.pdf
2018-09-26 06:52 - 2018-09-26 06:52 - 000175024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-09-26 06:52 - 2018-09-26 06:52 - 000000000 ____D C:\Users\Ruth\AppData\Local\mbamtray
2018-09-26 06:51 - 2018-09-26 06:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-26 06:51 - 2018-09-11 13:18 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-09-23 20:03 - 2018-10-14 08:58 - 000001403 _____ C:\VEW.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-19 21:04 - 2018-08-28 06:52 - 000000000 ____D C:\FRST
2018-10-19 21:00 - 2011-05-26 21:30 - 000000000 ____D C:\Program Files\Cisco Systems
2018-10-19 21:00 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-19 20:58 - 2018-09-14 21:02 - 000000000 ____D C:\Users\Ruth\Desktop\Geeks
2018-10-19 03:26 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-19 03:26 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-15 21:49 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-10-15 17:48 - 2011-02-27 16:09 - 000479504 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-10-11 05:04 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-10-11 05:04 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-10-11 05:04 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-10 04:29 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-10-10 03:45 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-10 03:39 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-10 03:13 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-10-10 03:05 - 2011-03-08 07:33 - 133674168 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-10 03:05 - 2009-07-13 22:04 - 000000615 _____ C:\Windows\win.ini
2018-10-08 13:56 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-10-01 12:01 - 2011-02-25 20:14 - 000000000 ____D C:\Users\Ruth
2018-09-26 06:53 - 2011-05-31 21:21 - 000000000 ____D C:\Users\Ruth\AppData\Local\ElevatedDiagnostics
2018-09-23 19:55 - 2011-02-25 20:14 - 000000000 ____D C:\Users\Ruth\AppData\Local\VirtualStore
2018-09-22 20:59 - 2018-09-14 20:57 - 000006401 _____ C:\junk.txt
2018-09-22 17:27 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-09-21 21:37 - 2011-07-08 21:52 - 000000000 ____D C:\Users\Ruth\AppData\Local\Microsoft Help
2018-09-20 22:24 - 2018-09-13 20:36 - 000047176 _____ () C:\Windows\system32\Drivers\staport.sys

==================== Files in the root of some directories =======

2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-15 00:22

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10.10.2018
Ran by Ruth (19-10-2018 21:05:39)
Running from C:\Users\Ruth\Desktop\Geeks
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version:  - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version:  - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Visio Professional (HKLM\...\Visio Professional) (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E7BB6A9-8910-40E7-BB4F-06DD2650E834} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-11] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-11] (Adobe Systems Incorporated)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670

==================== Loaded Modules (Whitelisted) ==============

1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-09-26 06:51 - 2018-09-12 17:57 - 002281640 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-26 06:51 - 2018-09-12 11:35 - 002230048 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-07-30 01:34 - 2018-07-30 01:34 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-10-10 03:45 - 2018-10-10 03:45 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\03c8dea5416354040dbac0726ebcd21f\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-09-21 07:11 - 000000036 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{5299677F-C4C6-4CB2-AF48-D81D66DD1A54}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-10-2018 03:01:48 Windows Update
11-10-2018 03:00:18 Windows Update
15-10-2018 21:14:01 Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
17-10-2018 03:55:03 Windows Update

==================== Faulty Device Manager Devices =============

Name: Intel® 82577LM Gigabit Network Connection
Description: Intel® 82577LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1kexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 51%
Total physical RAM: 2997.83 MB
Available physical RAM: 1467.19 MB
Total Virtual: 5994.03 MB
Available Virtual: 4394.45 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:24.67 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:665.18 GB) NTFS
Drive j: (Toddler & 2's) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:394.54 GB) NTFS

\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#52
RKinner
Posted 19 October 2018 - 08:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Not seeing any errors so apparently we chased the installer error away.  No sign of Cisco either so I think the VPN is gone.  How is it running now?

 

Go to

http://www.speedtest.net/

and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v

Is that about what you paid for?


  • 0

#53
momq
Posted 20 October 2018 - 07:08 AM

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Thanks for all of your time and patience on this.  Here's the result of the speed test:

 

TEST_DATE TIME_ZONE DOWNLOAD_MEGABITS UPLOAD_MEGABITS LATENCY_MS SERVER_NAME DISTANCE_MILES 10/20/2018 12:55 PM GMT 23.84 4.96 27 Delton, MI 50

 

My service provider offers 25 mbps upload and download speeds for the price I'm paying, so I'm not really there.  I'll check on other computers we have going against the same internet service and see how they compare.  Download is pretty good, so maybe I'll just let it go.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP