RUTH-PC.txt 479.45KB
191 downloads
Internet timing out
Started by
momq
, Sep 12 2018 10:33 AM
#32
Posted 22 September 2018 - 07:17 PM
momq
- Topic Starter
-
- Member
-
- 29 posts
Member
Thanks. Here's the entire set of resulting reports:
Fix result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Ruth (22-09-2018 17:30:57) Run:8
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Boot Mode: Normal
==============================================
fixlist content:
*****************
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
2018-09-22 08:11 - 2018-06-02 09:01 - 000000000 ____D C:\Users\Ruth\AppData\Local\AVAST Software
2018-09-22 08:11 - 2011-02-27 15:33 - 000000000 ____D C:\ProgramData\AVAST Software
2018-09-22 08:11 - 2011-02-27 15:33 - 000000000 ____D C:\Program Files\AVAST Software
Task: {20C253A5-3950-4675-B2F7-BAC0337DFB65} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {38F7060C-68F5-42CB-BD03-348C68B46BF6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {3B26E35B-3601-4886-8EC6-A463F3E842F3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {79B55048-C554-4440-976B-66DE295D3FBB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-21] (AVAST Software)
FirewallRules: [{C0699B73-56D9-430B-B540-7A7525EE1D21}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2CA9306E-EB6B-4F5D-94E0-F959AE560546}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
*****************
C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe => Could not close process
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19] => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Services\avast" => removed successfully.
avast => service removed successfully.
"HKLM\System\CurrentControlSet\Services\avastm" => removed successfully.
avastm => service removed successfully.
C:\Users\Ruth\AppData\Local\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully
"C:\Program Files\AVAST Software" folder move:
Could not move "C:\Program Files\AVAST Software" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{20C253A5-3950-4675-B2F7-BAC0337DFB65}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20C253A5-3950-4675-B2F7-BAC0337DFB65}" => removed successfully.
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38F7060C-68F5-42CB-BD03-348C68B46BF6}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38F7060C-68F5-42CB-BD03-348C68B46BF6}" => removed successfully.
C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineUA" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B26E35B-3601-4886-8EC6-A463F3E842F3}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B26E35B-3601-4886-8EC6-A463F3E842F3}" => removed successfully.
C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineCore" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{79B55048-C554-4440-976B-66DE295D3FBB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79B55048-C554-4440-976B-66DE295D3FBB}" => removed successfully.
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0699B73-56D9-430B-B540-7A7525EE1D21}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2CA9306E-EB6B-4F5D-94E0-F959AE560546}" => removed successfully.
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
========= End of CMD: =========
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-09-2018 20:21:17)
C:\Program Files\AVAST Software => moved successfully
==== End of Fixlog 20:21:18 ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.09.2018
Ran by Ruth (administrator) on RUTH-PC (22-09-2018 20:45:14)
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-08-29] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [169704 2018-09-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [98024 2018-09-22] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46656 2018-09-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-09-22] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [80576 2018-09-22] (Malwarebytes)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
U3 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-21 08:20 - 2018-09-22 20:23 - 000080576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-09-18 20:18 - 2018-09-18 20:19 - 208620060 _____ C:\Users\Ruth\Documents\before_update.reg
2018-09-15 16:37 - 2018-09-15 16:37 - 000000000 ___HD C:\$AV_ASW
2018-09-15 15:52 - 2018-09-15 15:52 - 000003112 _____ C:\Users\Ruth\Downloads\fixlist.txt
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\Program Files\Speccy
2018-09-14 21:02 - 2018-09-22 17:31 - 000000000 ____D C:\Users\Ruth\Desktop\Geeks
2018-09-14 21:02 - 2018-09-14 21:02 - 006889184 _____ (Piriform Ltd) C:\Users\Ruth\Downloads\spsetup132.exe
2018-09-14 20:57 - 2018-09-14 20:57 - 000006725 _____ C:\junk.txt
2018-09-13 20:36 - 2018-09-20 22:24 - 000047176 _____ () C:\Windows\system32\Drivers\staport.sys
2018-09-11 14:57 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 14:57 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 14:57 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-11 14:57 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 14:57 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-11 14:57 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-11 14:57 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-11 14:57 - 2018-08-23 17:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-11 14:57 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-11 14:57 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-11 14:57 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-11 14:57 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-11 14:57 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-11 14:57 - 2018-08-23 17:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-11 14:57 - 2018-08-23 17:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-11 14:57 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-11 14:57 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-11 14:57 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-11 14:57 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-11 14:57 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-11 14:57 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-11 14:57 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-11 14:57 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-11 14:57 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-11 14:57 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-11 14:57 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-11 14:57 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-11 14:57 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 14:57 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 14:57 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 14:57 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 14:57 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 14:57 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 14:57 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 14:57 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 14:57 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 14:57 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 14:57 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 14:57 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 14:57 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 14:57 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 14:57 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 14:57 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 14:57 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 14:57 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-01 09:43 - 2018-09-01 09:43 - 001193601 _____ C:\Users\Ruth\Downloads\September 2018 Viewpoint.pdf
2018-08-29 20:31 - 2018-09-22 20:23 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-29 20:31 - 2018-09-22 20:23 - 000098024 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-08-29 20:31 - 2018-09-22 20:23 - 000046656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-08-29 20:31 - 2018-09-21 21:43 - 000169704 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-08-28 06:52 - 2018-09-22 20:45 - 000000000 ____D C:\FRST
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-22 20:31 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-22 20:31 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-22 20:23 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-22 17:27 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-09-21 21:37 - 2011-07-08 21:52 - 000000000 ____D C:\Users\Ruth\AppData\Local\Microsoft Help
2018-09-18 22:03 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-18 22:02 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-18 20:09 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-09-18 06:17 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-17 17:03 - 2013-05-18 09:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-14 21:05 - 2013-11-29 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-14 21:05 - 2013-11-29 14:28 - 000000000 ____D C:\Program Files\CCleaner
2018-09-13 07:10 - 2011-02-19 11:14 - 000000031 _____ C:\tmuninst.ini
2018-09-13 03:05 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-13 03:05 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-13 03:05 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 14:27 - 2014-01-25 21:17 - 000000000 ____D C:\Users\Ruth\AppData\Local\CrashDumps
2018-09-12 14:27 - 2011-03-04 07:18 - 000000000 ____D C:\Users\Ruth\Downloads\spelunky
2018-09-12 08:28 - 2017-03-29 21:18 - 000157744 _____ C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-12 05:33 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-09-12 04:38 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 04:34 - 2016-07-03 14:07 - 000000000 ___RD C:\Users\Ruth\Podcasts
2018-09-12 04:32 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 03:48 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 03:04 - 2011-03-08 07:33 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-08-29 20:29 - 2018-08-08 07:00 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-08-24 22:19 - 2011-05-26 21:50 - 000002000 ____H C:\Users\Ruth\Documents\Default.rdp
2018-08-24 21:54 - 2009-07-14 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp
==================== Files in the root of some directories =======
2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-09-15 00:58
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Ruth (22-09-2018 20:45:47)
Running from C:\Users\Ruth\Desktop\Geeks
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version: - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version: - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version: - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Visio Professional (HKLM\...\Visio Professional) (Version: - )
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E7BB6A9-8910-40E7-BB4F-06DD2650E834} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
==================== Loaded Modules (Whitelisted) ==============
1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-08-08 07:00 - 2018-08-29 20:29 - 002268736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-08-08 07:00 - 2018-08-29 20:29 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-07-30 01:34 - 2018-07-30 01:34 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2018-09-21 07:11 - 000000036 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{5299677F-C4C6-4CB2-AF48-D81D66DD1A54}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
19-09-2018 01:50:50 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/22/2018 05:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648
Faulting module name: mscorlib.ni.dll, version: 4.7.3163.0, time stamp: 0x5b58fac7
Exception code: 0xc0000005
Fault offset: 0x00393aba
Faulting process id: 0x91c
Faulting application start time: 0x01d452bbdc94a73f
Faulting application path: C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\399032397425364b053c532bbbeacc09\mscorlib.ni.dll
Report Id: 1c0ab852-beaf-11e8-9866-00059a3c7800
Error: (09/22/2018 05:33:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at System.Buffer.Memmove(Byte*, Byte*, UInt32)
at System.String.CtorCharPtrStartLength(Char*, Int32, Int32)
at System.Runtime.InteropServices.Marshal.PtrToStringUni(IntPtr, Int32)
at System.Data.SQLite.SQLite3_UTF16.UTF16ToString(IntPtr, Int32)
at System.Data.SQLite.SQLite3_UTF16.GetText(System.Data.SQLite.SQLiteStatement, Int32)
at System.Data.SQLite.SQLiteDataReader.GetString(Int32)
at BackupManifest.GetFile(System.Data.IDataReader)
at BackupEngine.CheckSource(System.String, System.Data.IDataReader, Boolean)
at BackupEngine.CheckSource(System.String)
at BackupEngine.VerifySourcesThreadProc()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
System errors:
=============
Error: (09/22/2018 08:21:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (09/22/2018 08:21:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (09/22/2018 05:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
==================== Memory info ===========================
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 37%
Total physical RAM: 2997.83 MB
Available physical RAM: 1887.81 MB
Total Virtual: 5994.03 MB
Available Virtual: 4817.67 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:23.96 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:665.18 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:394.62 GB) NTFS
\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 93.52 0 K 24 K 0
procexp.exe 2.09 35,036 K 53,876 K 6072 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
audiodg.exe 1.39 16,752 K 16,036 K 1132 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.62 59,520 K 35,684 K 3448 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.58 0 K 0 K n/a Hardware Interrupts and DPCs
WDDriveService.exe 0.56 8,692 K 12,884 K 2088 WD Drive Service Western Digital (Verified) Western Digital Technologies
iexplore.exe 0.29 128,404 K 128,672 K 2724 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
System 0.21 64 K 7,056 K 4
csrss.exe 0.18 2,832 K 22,556 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MBAMService.exe 0.17 112,668 K 144,600 K 2268 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
FRST.exe 0.08 21,220 K 35,584 K 4224 Farbar Recovery Scan Tool Farbar (No signature was present in the subject) Farbar
svchost.exe 0.08 16,036 K 16,112 K 880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.04 40,000 K 54,724 K 3464 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 18,636 K 31,120 K 988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 5,820 K 10,612 K 1684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CCleaner.exe 0.02 11,556 K 1,676 K 3744 CCleaner Piriform Ltd (Verified) Piriform Ltd
IAStorDataMgrSvc.exe 0.02 14,656 K 13,276 K 1880 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
svchost.exe 0.02 13,224 K 14,456 K 1380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 4,032 K 7,376 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
cvpnd.exe 0.02 2,296 K 6,316 K 1952 Cisco Systems VPN Client Cisco Systems, Inc. (Verified) Cisco Systems
taskhost.exe 0.01 21,440 K 18,204 K 3288 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 4,004 K 7,876 K 1772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WDBackupEngine.exe 0.01 26,740 K 7,996 K 2344 WD Backup Engine Western Digital (Verified) Western Digital Technologies
iexplore.exe < 0.01 19,144 K 32,256 K 4908 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
SearchIndexer.exe < 0.01 25,984 K 15,296 K 4008 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 10,016 K 8,660 K 1144 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
mbamtray.exe < 0.01 21,044 K 31,676 K 1608 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
svchost.exe < 0.01 7,420 K 13,428 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe < 0.01 5,688 K 12,688 K 568 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 1,448 K 3,780 K 440 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 72,728 K 81,392 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
DVMExportService.exe < 0.01 840 K 3,464 K 340 Windows Metadata Export Service DeviceVM, Inc. (No signature was present in the subject) DeviceVM, Inc.
stacsv.exe < 0.01 5,872 K 5,628 K 1024 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
WUDFHost.exe 1,252 K 4,308 K 3124 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 1,632 K 5,248 K 2920 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 6,244 K 9,980 K 3080 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,208 K 5,028 K 3604 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,392 K 4,252 K 1472 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,672 K 6,268 K 760 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,160 K 3,612 K 496 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WDRulesEngine.exe 18,400 K 4,188 K 2124 WD Rules Engine Western Digital (Verified) Western Digital Technologies
upeksvr.exe 5,296 K 10,996 K 1612 Fingerprint Server Process for Vista UPEK Inc. (Verified) UPEK Inc.
unsecapp.exe 1,044 K 3,712 K 2996 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TdmService.exe 2,832 K 8,704 K 1856 TDM Service Wave Systems Corp. (Verified) Wave Systems Corp.
taskeng.exe 1,368 K 4,608 K 3712 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 47,484 K 23,752 K 2228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 9,832 K 11,812 K 4560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 11,008 K 13,072 K 1776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,408 K 5,928 K 2008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,896 K 7,992 K 692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,748 K 4,792 K 3192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 780 K 2,816 K 948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 6,060 K 11,048 K 1572 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 320 K 892 K 328 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 4,828 K 8,572 K 544 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 1,320 K 3,196 K 576 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
InstallFilterService.exe 1,444 K 4,776 K 1248 (No signature was present in the subject)
HostStorageService.exe 1,228 K 3,708 K 1628 Host Storage Application Broadcom Corporation (Verified) Broadcom Corp
GoogleToolbarUser_32.exe 4,160 K 7,632 K 5904 Google Toolbar Broker Google Inc. (Verified) Google Inc
FlashUtil32_31_0_0_108_ActiveX.exe 2,164 K 7,020 K 5664 Adobe® Flash® Player Installer/Uninstaller 31.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
escsvc.exe 968 K 3,980 K 536 Epson Scanner Service (32bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation
EPCP.exe 3,352 K 7,524 K 448 Epson Customer Participation SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
E_JT50RP.EXE 748 K 2,664 K 572 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
dllhost.exe 1,480 K 4,952 K 4888 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 560 K 2,300 K 1480 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 328 N/A
csrss.exe 440 N/A
wininit.exe 496 N/A
csrss.exe 504 N/A
services.exe 544 N/A
lsass.exe 568 KeyIso, SamSs
lsm.exe 576 N/A
svchost.exe 692 DcomLaunch, PlugPlay, Power
winlogon.exe 760 N/A
svchost.exe 804 RpcEptMapper, RpcSs
svchost.exe 880 Audiosrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 916 AudioEndpointBuilder, hidserv,
HomeGroupListener, Netman, PcaSvc, SysMain,
TrkWks, UxSms, WdiSystemHost, Wlansvc,
WPDBusEnum, wudfsvc
svchost.exe 956 EventSystem, fdPHost, FontCache, netprofm,
nsi, SstpSvc, WdiServiceHost,
WinHttpAutoProxySvc
svchost.exe 988 Appinfo, BITS, Browser, EapHost, gpsvc,
IKEEXT, LanmanServer, MMCSS, ProfSvc,
RasMan, Schedule, seclogon, SENS,
ShellHWDetection, Themes, Winmgmt, wuauserv
stacsv.exe 1024 STacSV
audiodg.exe 1132 N/A
svchost.exe 1380 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, TapiSrv
wlanext.exe 1472 N/A
conhost.exe 1480 N/A
spoolsv.exe 1572 Spooler
upeksvr.exe 1612 N/A
HostStorageService.exe 1628 Credential Vault Host Storage
svchost.exe 1684 FDResPub, SCardSvr, SSDPSRV, upnphost
svchost.exe 1776 BFE, DPS, MpsSvc
TdmService.exe 1856 TdmService
cvpnd.exe 1952 CVPND
svchost.exe 2008 DiagTrack
DVMExportService.exe 340 DvmMDES
EPCP.exe 448 EpsonCustomerParticipation
escsvc.exe 536 EpsonScanSvc
E_JT50RP.EXE 572 EPSON_PM_RPCV4_05
svchost.exe 948 HsfXAudioService
InstallFilterService.exe 1248 InstallFilterService
svchost.exe 1772 StiSvc
WDDriveService.exe 2088 WDDriveService
WDRulesEngine.exe 2124 WDRulesService
svchost.exe 2228 WinDefend
MBAMService.exe 2268 MBAMService
WDBackupEngine.exe 2344 WDBackup
WUDFHost.exe 2920 N/A
unsecapp.exe 2996 N/A
WmiPrvSE.exe 3080 N/A
WUDFHost.exe 3124 N/A
svchost.exe 3192 PolicyAgent
taskhost.exe 3288 N/A
dwm.exe 3448 N/A
explorer.exe 3464 N/A
taskeng.exe 3712 N/A
CCleaner.exe 3744 N/A
SearchIndexer.exe 4008 WSearch
mbamtray.exe 1608 N/A
IAStorDataMgrSvc.exe 1880 IAStorDataMgrSvc
wmpnetwk.exe 1144 WMPNetworkSvc
svchost.exe 4560 p2pimsvc, p2psvc, PNRPsvc
dllhost.exe 4888 N/A
FRST.exe 4224 N/A
iexplore.exe 4908 N/A
iexplore.exe 2724 N/A
GoogleToolbarUser_32.exe 5904 N/A
FlashUtil32_31_0_0_108_Ac 5664 N/A
procexp.exe 6072 N/A
WmiPrvSE.exe 3604 N/A
cmd.exe 5152 N/A
conhost.exe 5036 N/A
tasklist.exe 832 N/A
#33
Posted 22 September 2018 - 07:19 PM
momq
- Topic Starter
-
- Member
-
- 29 posts
Member
I know the last two posts look like I did them in the wrong order, but I actually did everything on the second post first, then had some trouble with the attachment and wound up posting it as a separate post, which went in before the one I was working one.
#34
Posted 22 September 2018 - 09:20 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (09/22/2018 05:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Usually a disk check will fix this. Not sure which drive it is so probably need to do all
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You may receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
The disk check will run and will probably take an hour or more to finish.
Repeat the disk check for each drive letter you have. You probably won't need to reboot for the rest and don't need to clear the events after the first time.
Reboot after the last one and
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
#35
Posted 23 September 2018 - 06:29 AM
momq
- Topic Starter
-
- Member
-
- 29 posts
Member
I'll take these steps if you think it will be useful, but before I do, let me fill you in on a known issue with my pc. Several years ago I replaced the hard drive with a bigger one. I imaged the old one (which was dying) and restored it to the new one. This left part of it unusable, but other than that, it seemed to work ok. I'm wondering if that might be triggering the error you found.
#36
Posted 23 September 2018 - 07:40 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Not likely. That's common when you clone a smaller drive onto a larger one. The unused portion of the hard drive can be salvaged if you want. You just need to right click on Computer, select Manage then click on the drive with the unused space. Right click and Extend Volume. It will let you tell it how much. Alternatively you can format the unused space and give it a new drive letter.
Odds are this is not the C: drive. Windows makes it hard to tell which is which but usually the C: is 0 or 1 and this one refers to 2.
#37
Posted 23 September 2018 - 10:51 AM
momq
- Topic Starter
-
- Member
-
- 29 posts
Member
I ran checkdisk on the C drive with no unexpected warnings. When I tried D, though, a message box popped up saying:"Windows can't check the disk while it's in use. Do you want to dismount this volume first? Note: All opened handles to this volume will become invalid"
I have an option to Force a dismount or Cancel. What should I do?
#38
Posted 23 September 2018 - 11:24 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Dismount (close any programs you have open first)
#39
Posted 23 September 2018 - 06:11 PM
momq
- Topic Starter
-
- Member
-
- 29 posts
Member
Ok. Thanks. I ran VIEW a couple of times without success before I discovered that the problem was a permissions problem where the program was writing the output logs. The solution was to run it as administrator.
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/09/2018 8:03:59 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/09/2018 7:27:45 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Log: 'System' Date/Time: 23/09/2018 7:27:30 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Error Category: 2
Event: 137 Source: Ntfs
The default transaction resource manager on volume K: encountered a non-retryable error and could not start. The data contains the error code.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Error Category: 0
Event: 16 Source: volsnap
The shadow copies of volume K: were aborted because volume K:, which contains shadow copy storage for this shadow copy, was force dismounted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/09/2018 7:27:03 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Log: 'System' Date/Time: 23/09/2018 7:26:55 PM
Type: Warning Category: 0
Event: 27 Source: e1kexpress
The event description cannot be found.
Log: 'System' Date/Time: 23/09/2018 7:26:53 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5800&MI_01\7&66de6c9&0&0001.
Log: 'System' Date/Time: 23/09/2018 7:25:31 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 23/09/2018 7:25:31 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/09/2018 8:06:50 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/09/2018 12:03:39 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 24/09/2018 12:00:39 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 23/09/2018 11:58:06 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 23/09/2018 7:27:36 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648 Faulting module name: ntdll.dll, version: 6.1.7601.24231, time stamp: 0x5b6db285 Exception code: 0xc0000005 Fault offset: 0x00055e08 Faulting process id: 0x8cc Faulting application start time: 0x01d453737801a395 Faulting application path: C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: b94e96aa-bf66-11e8-850a-00059a3c7800
Log: 'Application' Date/Time: 23/09/2018 7:27:36 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at System.Data.SQLite.UnsafeNativeMethods.sqlite3_step(IntPtr)
at System.Data.SQLite.SQLite3.Step(System.Data.SQLite.SQLiteStatement)
at System.Data.SQLite.SQLiteDataReader.NextResult()
at System.Data.SQLite.SQLiteDataReader..ctor(System.Data.SQLite.SQLiteCommand, System.Data.CommandBehavior)
at System.Data.SQLite.SQLiteCommand.ExecuteReader(System.Data.CommandBehavior)
at System.Data.SQLite.SQLiteCommand.ExecuteNonQuery()
at WDEngine.ChangeJournalDB.Add(WDEngine.USNInfo[])
at <Module>.WDEngine.Journal.Populate(WDEngine.Journal*)
at <Module>.WDEngine.Journal.Init(WDEngine.Journal*)
at <Module>.WDEngine.Journal.StartMonitoring(Char*)
at WDEngine.ChangeJournal.StartMonitoring(System.String)
at WDEngine.FileWatch.ProcessChangeJournal(WDEngine.WatchVolumeInfo)
at WDEngine.FileWatch.DoQueuedTask()
at WDEngine.FileWatch.Main()
at BackupController.ThreadProc(System.Object)
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Log: 'Application' Date/Time: 23/09/2018 7:27:21 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b Exception code: 0xe0434352 Fault offset: 0x0000845d Faulting process id: 0xb70 Faulting application start time: 0x01d4537368793168 Faulting application path: C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: b05008b7-bf66-11e8-850a-00059a3c7800
Log: 'Application' Date/Time: 23/09/2018 7:27:20 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
at System.Data.SQLite.SQLiteConnection.CheckDisposed()
at System.Data.SQLite.SQLiteConnection.get_State()
at WDIO.DBFile.Close()
at WDIO.ManifestManager.!ManifestManager()
at WDIO.ManifestManager.Dispose(Boolean)
at WDIO.ManifestManager.Finalize()
Log: 'Application' Date/Time: 23/09/2018 7:22:10 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 23/09/2018 7:22:06 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 23/09/2018 4:47:28 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#40
Posted 23 September 2018 - 09:45 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Lot of errors from: WDBackupEngine.exe. Don't know if the program needs to be reinstalled or if the drive where it stores stuff is full.
Seeing
An error was detected on device \Device\Harddisk1\DR1 during a paging operation
May need another diskcheck on the drive that stores pagefile.sys
https://www.techadvi...ilesys-3608749/
Sometimes doing a defrag will help tho you usually need a third party defrag program to move the pagefile.sys
Could also be a result of running the disk check. Try clearing the events again, reboot and then run VEW again.
#41
Posted 24 September 2018 - 09:42 PM
momq
- Topic Starter
-
- Member
-
- 29 posts
Member
Re-ran the check on C:, cleared the log files again, re-ran VIEW. I unplugged two USB external hard drives yesterday. Might any of the errors be because something is looking for them. Should I plug them back in and scan them? I only use them for extra data space.
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/09/2018 11:34:46 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/09/2018 2:08:26 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured
DNS servers responded.
Log: 'System' Date/Time: 25/09/2018 2:05:29 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system
administrator should review the list of libraries to ensure they are related to
trusted applications.
Log: 'System' Date/Time: 25/09/2018 2:05:15 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB
\VID_0A5C&PID_5800&MI_01\7&66de6c9&0&0001.
Log: 'System' Date/Time: 25/09/2018 2:05:14 AM
Type: Warning Category: 0
Event: 27 Source: e1kexpress
The event description cannot be found.
Log: 'System' Date/Time: 25/09/2018 1:03:22 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 25/09/2018 1:03:22 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows
\System32\bcmihvsrv.dll
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/09/2018 11:36:32 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/09/2018 3:33:28 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS
\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.
DLL". Dependent Assembly
Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",t
ype="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for
detailed diagnosis.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#42
Posted 25 September 2018 - 03:58 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
No. Errors are for the most part trivial.
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5800&MI_01\7&66de6c9&0&0001.
Log: 'System' Date/Time: 25/09/2018 2:05:14 AM
Search for
services.msc
hit Enter.
This should bring up the Services Window. Scroll down to
Windows Driver Foundation - User-mode Driver Framework
and right click and select Properties. Then change the Startup Type: to Automatic and OK.
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The systemadministrator should review the list of libraries to ensure they are related to
trusted applications.
Download, Save
wininit.zip 336bytes
171 downloads
Caused by a poor uninstall.
Right click Extract All, Extract. Right click on wininit.reg and MERGE. Ignore the warning.
Log: 'System' Date/Time: 25/09/2018 2:08:26 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configuredDNS servers responded.
Possibly a slow network connection startup. If it is not warning you that you have no Internet Connectivity then not a problem. Could also be caused by your Cisco VPN stuff.
Log: 'Application' Date/Time: 25/09/2018 3:33:28 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.
DLL". Dependent Assembly
Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",t
ype="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for
detailed diagnosis.
This one means that some install is not happy but I can't tell you what. Is there a program which is not working?
I'm going on a week-long trip today. Leaving in a few minute to the airport. Will have a computer with but not much time. May not get back to you for a while.
#43
Posted 25 September 2018 - 06:14 AM
momq
- Topic Starter
-
- Member
-
- 29 posts
Member
Thanks so much for the help you've given me! I'll go ahead and do the next tasks you've given to me, but don't worry about responding until after your trip. Safe travels!
#44
Posted 04 October 2018 - 10:54 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I'm back. Let's do a new FRST scan to see where we are. Make sure Addition.txt is checked so you get two logs. Post both.
#45
Posted 08 October 2018 - 12:32 PM
momq
- Topic Starter
-
- Member
-
- 29 posts
Member
Welcome back!
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06.10.2018
Ran by Ruth (administrator) on RUTH-PC (08-10-2018 14:15:30)
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-09-11] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [175024 2018-09-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101688 2018-10-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [51696 2018-10-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229472 2018-10-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [81600 2018-10-08] (Malwarebytes)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
U3 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-08 14:05 - 2018-10-08 14:05 - 000229472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-08 14:05 - 2018-10-08 14:05 - 000101688 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-08 14:05 - 2018-10-08 14:05 - 000081600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-10-08 14:05 - 2018-10-08 14:05 - 000051696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-09-28 23:13 - 2018-09-28 23:13 - 000799117 _____ C:\Users\Ruth\Downloads\October 2018.pdf
2018-09-26 06:52 - 2018-09-26 06:52 - 000175024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-09-26 06:52 - 2018-09-26 06:52 - 000000000 ____D C:\Users\Ruth\AppData\Local\mbamtray
2018-09-26 06:51 - 2018-09-26 06:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-26 06:51 - 2018-09-11 13:18 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-09-23 20:03 - 2018-09-24 23:36 - 000000935 _____ C:\VEW.txt
2018-09-18 20:18 - 2018-09-18 20:19 - 208620060 _____ C:\Users\Ruth\Documents\before_update.reg
2018-09-15 16:37 - 2018-09-15 16:37 - 000000000 ___HD C:\$AV_ASW
2018-09-15 15:52 - 2018-09-15 15:52 - 000003112 _____ C:\Users\Ruth\Downloads\fixlist.txt
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\Program Files\Speccy
2018-09-14 21:02 - 2018-10-08 14:14 - 000000000 ____D C:\Users\Ruth\Desktop\Geeks
2018-09-14 21:02 - 2018-09-14 21:02 - 006889184 _____ (Piriform Ltd) C:\Users\Ruth\Downloads\spsetup132.exe
2018-09-14 20:57 - 2018-09-22 20:59 - 000006401 _____ C:\junk.txt
2018-09-13 20:36 - 2018-09-20 22:24 - 000047176 _____ () C:\Windows\system32\Drivers\staport.sys
2018-09-11 14:57 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 14:57 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 14:57 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-11 14:57 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 14:57 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-11 14:57 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-11 14:57 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-11 14:57 - 2018-08-23 17:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-11 14:57 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-11 14:57 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-11 14:57 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-11 14:57 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-11 14:57 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-11 14:57 - 2018-08-23 17:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-11 14:57 - 2018-08-23 17:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-11 14:57 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-11 14:57 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-11 14:57 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-11 14:57 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-11 14:57 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-11 14:57 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-11 14:57 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-11 14:57 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-11 14:57 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-11 14:57 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-11 14:57 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-11 14:57 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-11 14:57 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 14:57 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 14:57 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 14:57 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 14:57 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 14:57 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 14:57 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 14:57 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 14:57 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 14:57 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 14:57 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 14:57 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 14:57 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 14:57 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 14:57 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 14:57 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 14:57 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 14:57 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-08 14:15 - 2018-08-28 06:52 - 000000000 ____D C:\FRST
2018-10-08 14:13 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-08 14:13 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-08 14:05 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-08 13:56 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-10-01 12:01 - 2011-02-25 20:14 - 000000000 ____D C:\Users\Ruth
2018-09-26 06:53 - 2011-05-31 21:21 - 000000000 ____D C:\Users\Ruth\AppData\Local\ElevatedDiagnostics
2018-09-23 19:55 - 2011-02-25 20:14 - 000000000 ____D C:\Users\Ruth\AppData\Local\VirtualStore
2018-09-22 17:27 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-09-21 21:37 - 2011-07-08 21:52 - 000000000 ____D C:\Users\Ruth\AppData\Local\Microsoft Help
2018-09-18 22:03 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-18 22:02 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-18 06:17 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-17 17:03 - 2013-05-18 09:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-14 21:05 - 2013-11-29 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-14 21:05 - 2013-11-29 14:28 - 000000000 ____D C:\Program Files\CCleaner
2018-09-13 07:10 - 2011-02-19 11:14 - 000000031 _____ C:\tmuninst.ini
2018-09-13 03:05 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-13 03:05 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-13 03:05 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 14:27 - 2014-01-25 21:17 - 000000000 ____D C:\Users\Ruth\AppData\Local\CrashDumps
2018-09-12 14:27 - 2011-03-04 07:18 - 000000000 ____D C:\Users\Ruth\Downloads\spelunky
2018-09-12 08:28 - 2017-03-29 21:18 - 000157744 _____ C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-12 05:33 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-09-12 04:38 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 04:34 - 2016-07-03 14:07 - 000000000 ___RD C:\Users\Ruth\Podcasts
2018-09-12 04:32 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 03:48 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 03:04 - 2011-03-08 07:33 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-10-05 00:55
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06.10.2018
Ran by Ruth (08-10-2018 14:17:10)
Running from C:\Users\Ruth\Desktop\Geeks
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version: - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version: - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version: - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Visio Professional (HKLM\...\Visio Professional) (Version: - )
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E7BB6A9-8910-40E7-BB4F-06DD2650E834} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
==================== Loaded Modules (Whitelisted) ==============
1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-09-26 06:51 - 2018-09-12 17:57 - 002281640 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-26 06:51 - 2018-09-12 11:35 - 002230048 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-07-30 01:34 - 2018-07-30 01:34 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2018-09-21 07:11 - 000000036 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{5299677F-C4C6-4CB2-AF48-D81D66DD1A54}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
01-10-2018 12:01:32 Windows Update
04-10-2018 14:54:44 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/08/2018 02:00:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (10/01/2018 12:06:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (09/26/2018 12:55:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (09/25/2018 08:19:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (09/25/2018 08:15:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (09/24/2018 11:33:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (10/05/2018 06:25:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
Error: (10/05/2018 06:25:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
Error: (09/30/2018 09:20:49 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
Error: (09/30/2018 09:19:48 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
Error: (09/27/2018 06:11:18 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
Error: (09/27/2018 06:11:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
Error: (09/27/2018 02:24:11 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
Error: (09/26/2018 01:17:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
==================== Memory info ===========================
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 33%
Total physical RAM: 2997.83 MB
Available physical RAM: 2003.72 MB
Total Virtual: 5994.03 MB
Available Virtual: 4761.54 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:26.17 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:665.18 GB) NTFS
Drive j: (Toddler & 2's) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:394.54 GB) NTFS
\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
