Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet timing out


  • Please log in to reply

#31
momq

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Attached File  RUTH-PC.txt   479.45KB   2 downloads


  • 0

Advertisements


#32
momq

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Thanks.  Here's the entire set of resulting reports:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Ruth (22-09-2018 17:30:57) Run:8
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Boot Mode: Normal

==============================================

fixlist content:
*****************
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
2018-09-22 08:11 - 2018-06-02 09:01 - 000000000 ____D C:\Users\Ruth\AppData\Local\AVAST Software
2018-09-22 08:11 - 2011-02-27 15:33 - 000000000 ____D C:\ProgramData\AVAST Software
2018-09-22 08:11 - 2011-02-27 15:33 - 000000000 ____D C:\Program Files\AVAST Software
Task: {20C253A5-3950-4675-B2F7-BAC0337DFB65} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {38F7060C-68F5-42CB-BD03-348C68B46BF6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {3B26E35B-3601-4886-8EC6-A463F3E842F3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {79B55048-C554-4440-976B-66DE295D3FBB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-21] (AVAST Software)
FirewallRules: [{C0699B73-56D9-430B-B540-7A7525EE1D21}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2CA9306E-EB6B-4F5D-94E0-F959AE560546}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

 

 

 

 

 

 

*****************

C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe => Could not close process
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19] => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Services\avast" => removed successfully.
avast => service removed successfully.
"HKLM\System\CurrentControlSet\Services\avastm" => removed successfully.
avastm => service removed successfully.
C:\Users\Ruth\AppData\Local\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully

"C:\Program Files\AVAST Software" folder move:

Could not move "C:\Program Files\AVAST Software" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{20C253A5-3950-4675-B2F7-BAC0337DFB65}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20C253A5-3950-4675-B2F7-BAC0337DFB65}" => removed successfully.
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38F7060C-68F5-42CB-BD03-348C68B46BF6}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38F7060C-68F5-42CB-BD03-348C68B46BF6}" => removed successfully.
C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineUA" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B26E35B-3601-4886-8EC6-A463F3E842F3}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B26E35B-3601-4886-8EC6-A463F3E842F3}" => removed successfully.
C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineCore" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{79B55048-C554-4440-976B-66DE295D3FBB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79B55048-C554-4440-976B-66DE295D3FBB}" => removed successfully.
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0699B73-56D9-430B-B540-7A7525EE1D21}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2CA9306E-EB6B-4F5D-94E0-F959AE560546}" => removed successfully.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-09-2018 20:21:17)

C:\Program Files\AVAST Software => moved successfully

==== End of Fixlog 20:21:18 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.09.2018
Ran by Ruth (administrator) on RUTH-PC (22-09-2018 20:45:14)
Running from C:\Users\Ruth\Desktop\Geeks
Loaded Profiles: Ruth (Available Profiles: Ruth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-01] (Dell Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-03-25] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-02-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2014-10-15]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{376B11B2-97E3-4F21-A3DE-E4AFFAC4966F}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {050D5BA4-EF02-47E4-BC2D-2DEDDB6DD694} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-19] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-24] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default [2018-09-18]
CHR Extension: (Avast Online Security) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2013-01-23] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-05-31] (Macrovision Europe Ltd.) [File not signed]
S4 GearSecurity; C:\Windows\System32\gearsec.exe [49152 2003-09-12] (GEAR Software) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [122384 2014-01-22] (Portrait Displays, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-25] (IDT, Inc.)
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-20] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-08-29] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [169704 2018-09-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [98024 2018-09-22] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46656 2018-09-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [228960 2018-09-22] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [80576 2018-09-22] (Malwarebytes)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [17168 2004-11-01] (Sonic Solutions) [File not signed]
S3 rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [48640 2010-03-20] (REDC) [File not signed]
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-20] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-20] (REDC) [File not signed]
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-21 08:20 - 2018-09-22 20:23 - 000080576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-09-18 20:18 - 2018-09-18 20:19 - 208620060 _____ C:\Users\Ruth\Documents\before_update.reg
2018-09-15 16:37 - 2018-09-15 16:37 - 000000000 ___HD C:\$AV_ASW
2018-09-15 15:52 - 2018-09-15 15:52 - 000003112 _____ C:\Users\Ruth\Downloads\fixlist.txt
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-09-14 21:05 - 2018-09-14 21:05 - 000000000 ____D C:\Program Files\Speccy
2018-09-14 21:02 - 2018-09-22 17:31 - 000000000 ____D C:\Users\Ruth\Desktop\Geeks
2018-09-14 21:02 - 2018-09-14 21:02 - 006889184 _____ (Piriform Ltd) C:\Users\Ruth\Downloads\spsetup132.exe
2018-09-14 20:57 - 2018-09-14 20:57 - 000006725 _____ C:\junk.txt
2018-09-13 20:36 - 2018-09-20 22:24 - 000047176 _____ () C:\Windows\system32\Drivers\staport.sys
2018-09-11 14:57 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2018-09-11 14:57 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-09-11 14:57 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-11 14:57 - 2018-08-28 01:41 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-11 14:57 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-11 14:57 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-11 14:57 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-11 14:57 - 2018-08-23 17:25 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-11 14:57 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-11 14:57 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-11 14:57 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-11 14:57 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-11 14:57 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-11 14:57 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-11 14:57 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-11 14:57 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-11 14:57 - 2018-08-23 17:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-11 14:57 - 2018-08-23 17:02 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-11 14:57 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-11 14:57 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-11 14:57 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-11 14:57 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-11 14:57 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-11 14:57 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-11 14:57 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-11 14:57 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-11 14:57 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-11 14:57 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-11 14:57 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-11 14:57 - 2018-08-23 16:44 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-11 14:57 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-11 14:57 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-11 14:57 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-11 14:57 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-11 14:57 - 2018-08-12 16:18 - 000240808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 001311400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-11 14:57 - 2018-08-12 16:17 - 000187560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-11 14:57 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-09-11 14:57 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-11 14:57 - 2018-08-10 11:45 - 000139360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-11 14:57 - 2018-08-10 11:45 - 000067248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-11 14:57 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000191072 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-11 14:57 - 2018-08-10 11:44 - 000136368 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-09-11 14:57 - 2018-08-10 11:43 - 001311928 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-11 14:57 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-11 14:57 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-11 14:57 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-11 14:57 - 2018-08-10 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-11 14:57 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-11 14:57 - 2018-08-10 11:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-11 14:57 - 2018-08-10 11:16 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-11 14:57 - 2018-08-10 11:16 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-11 14:57 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-11 14:57 - 2018-08-10 11:13 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-11 14:57 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-11 14:57 - 2018-08-10 11:10 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-11 14:57 - 2018-08-10 11:10 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-11 14:57 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-11 14:57 - 2018-08-10 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-11 14:57 - 2018-08-10 11:09 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-11 14:57 - 2018-07-29 11:40 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-11 14:57 - 2018-07-18 11:14 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-11 14:57 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-01 09:43 - 2018-09-01 09:43 - 001193601 _____ C:\Users\Ruth\Downloads\September 2018 Viewpoint.pdf
2018-08-29 20:31 - 2018-09-22 20:23 - 000228960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-29 20:31 - 2018-09-22 20:23 - 000098024 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-08-29 20:31 - 2018-09-22 20:23 - 000046656 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-08-29 20:31 - 2018-09-21 21:43 - 000169704 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-08-28 06:52 - 2018-09-22 20:45 - 000000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-22 20:31 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-22 20:31 - 2009-07-14 00:34 - 000014560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-22 20:23 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-22 17:27 - 2011-05-31 21:32 - 000000000 ____D C:\Users\Ruth\Documents\recipes
2018-09-21 21:37 - 2011-07-08 21:52 - 000000000 ____D C:\Users\Ruth\AppData\Local\Microsoft Help
2018-09-18 22:03 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-09-18 22:02 - 2016-06-03 06:05 - 000000000 _____ C:\Windows\system32\last.dump
2018-09-18 20:09 - 2016-05-14 17:56 - 000000000 ____D C:\Users\Ruth\Documents\Outlook Files
2018-09-18 06:17 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-09-17 17:03 - 2013-05-18 09:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-14 21:05 - 2013-11-29 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-09-14 21:05 - 2013-11-29 14:28 - 000000000 ____D C:\Program Files\CCleaner
2018-09-13 07:10 - 2011-02-19 11:14 - 000000031 _____ C:\tmuninst.ini
2018-09-13 03:05 - 2012-07-26 21:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-09-13 03:05 - 2011-06-19 08:06 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-09-13 03:05 - 2011-02-19 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 14:27 - 2014-01-25 21:17 - 000000000 ____D C:\Users\Ruth\AppData\Local\CrashDumps
2018-09-12 14:27 - 2011-03-04 07:18 - 000000000 ____D C:\Users\Ruth\Downloads\spelunky
2018-09-12 08:28 - 2017-03-29 21:18 - 000157744 _____ C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-12 05:33 - 2013-10-10 04:57 - 000000000 ____D C:\Windows\rescache
2018-09-12 04:38 - 2011-02-19 10:52 - 000801482 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 04:34 - 2016-07-03 14:07 - 000000000 ___RD C:\Users\Ruth\Podcasts
2018-09-12 04:32 - 2018-06-02 08:58 - 000514952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 03:48 - 2013-08-03 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 03:04 - 2011-03-08 07:33 - 136114104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-08-29 20:29 - 2018-08-08 07:00 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-08-24 22:19 - 2011-05-26 21:50 - 000002000 ____H C:\Users\Ruth\Documents\Default.rdp
2018-08-24 21:54 - 2009-07-14 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======

2014-03-22 14:52 - 2014-03-22 14:53 - 000012953 _____ () C:\Users\Ruth\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-03-22 14:47 - 2014-03-22 14:47 - 000012952 _____ () C:\Users\Ruth\AppData\Roaming\Microsoft Excel 97-2003.CAL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 00:58

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15.09.2018
Ran by Ruth (22-09-2018 20:45:47)
Running from C:\Users\Ruth\Desktop\Geeks
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-26 00:14:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2901265624-1651440242-2863941745-500 - Administrator - Disabled)
Guest (S-1-5-21-2901265624-1651440242-2863941745-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901265624-1651440242-2863941745-1002 - Limited - Enabled)
Ruth (S-1-5-21-2901265624-1651440242-2863941745-1000 - Administrator - Enabled) => C:\Users\Ruth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B2367B4-2636-4939-9C7E-099C46AD228C}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Dropbox (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EditPlus (HKLM\...\EditPlus) (Version:  - ES-Computing)
Enchanted Cavern 2 (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\EnchantedCavern2_MicrosoftVistaXP-SIDR-60_EN_GEN) (Version:  - Iplay)
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
Games Manager (HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\...\GamesManager) (Version: 2.15.3.974 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{6F522D78-94EF-4559-8A69-FAEED767EA42}) (Version: 12.7.4.76 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Pivot Software (HKLM\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SDK (HKLM\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Visio Professional (HKLM\...\Visio Professional) (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901265624-1651440242-2863941745-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2014-11-21] (Apple Inc.)
ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-19] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2012-09-19] (Western Digital)
ContextMenuHandlers1_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2901265624-1651440242-2863941745-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruth\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E4F61A-D141-4733-8DA3-8746C86D91C0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {0E7BB6A9-8910-40E7-BB4F-06DD2650E834} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {1A10FD8B-BAA5-40D6-ABE7-B643F020D65B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {212C0061-C498-420C-9569-86F66C2CA60B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {317549AB-7F32-4329-AD8A-D9B1C6414299} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-13] (Adobe Systems Incorporated)
Task: {4D789B1D-E001-4AD6-AB48-74A12161C72A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {5144766C-6B2A-44F4-8B28-30B3FB704C23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {56A034AA-26AD-474D-9D81-17DA8FB32566} - System32\Tasks\{8A1CF835-1AA4-49F3-830A-2479CFAF5023} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE -c C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Task: {A7691F6A-CCDA-40AF-8046-02FC825D94E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {FEE751D7-A7B8-4C62-A3A2-D16241A1678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ruth\Desktop\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games\Play MSN Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=11008813 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670
ShortcutWithArgument: C:\Users\Ruth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Games Manager - Casual Games.lnk -> C:\Users\Ruth\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.uri=hxxp://client.iplay.com/gamesmanager/110500670/bootstrap.html -config.channel=110500670

==================== Loaded Modules (Whitelisted) ==============

1996-11-17 00:00 - 1996-11-17 00:00 - 000022016 _____ () C:\Windows\system32\docobj.dll
2007-07-16 11:58 - 2007-07-16 11:58 - 000197408 _____ () C:\Windows\system32\vpnapi.dll
2011-02-19 10:50 - 2010-01-10 14:01 - 000060928 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
2018-08-08 07:00 - 2018-08-29 20:29 - 002268736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-08-08 07:00 - 2018-08-29 20:29 - 002216592 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-07-30 01:34 - 2018-07-30 01:34 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-08-16 04:22 - 2018-08-16 04:22 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22bdc6efe2783439f27e175765b23e99\IsdiInterop.ni.dll
2011-02-19 10:50 - 2010-03-03 22:08 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2018-09-21 07:11 - 000000036 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2901265624-1651440242-2863941745-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DellBtrEvent => D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
MSCONFIG\startupreg: DT HPC => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5E7B661-4950-4DBD-9DC3-6980CFD945A8}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D462DEAC-FF33-45FA-928F-ACB527DDF1A3}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6BE60CBF-6190-4195-8EA3-EA503892C642}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30BFC3C5-FD63-4266-86A5-F0E6A937BEA3}] => (Allow) LPort=2869
FirewallRules: [{1D93F029-F790-49E9-947B-5A0C9104BB81}] => (Allow) LPort=1900
FirewallRules: [{1A9048AB-70D5-43B1-AC9F-F68B74160BE0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979EE3D3-6E09-45A6-94D5-97B04BFF7066}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{094EBA46-E0BB-454A-8BA9-F3916580CACD}] => (Allow) LPort=51484
FirewallRules: [{E7C40231-3458-4992-A4F7-9665190A74BB}] => (Allow) LPort=5000
FirewallRules: [{9A081341-6A0A-4F17-B09D-BEB9EBBC843D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62888B66-491E-414E-BF0D-2FF6C462E8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{465CE1F6-90CE-4F4D-94FF-21C58AA074FE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{50E3654D-6DDF-4D11-B5E4-D9E7DEF73FEE}] => (Allow) C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A91F899-2595-4D06-86B8-8470BC7084F7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EA3C04F9-C600-4BA9-B959-AA58AA712409}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BC7C9E01-B185-4A8C-B76A-FC5F875B54BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{40E722D1-0FAB-4A2E-AD64-6B560AE90E0E}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7D5EDB7C-F5B1-4386-8FFE-A7F5C7589CDD}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{ED646DB6-54D6-4887-854A-A3DF03F1E4AE}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C6F1660C-71E1-4A5F-98F3-EFBEC1623FC6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{64AFB952-B21E-418C-A3D1-91B31E6D079F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{FB10775D-0A8A-4631-8DE0-786B1836A00C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C13782A8-95B2-471D-956E-9EA833912A0F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4F2C3869-9430-4E42-8D35-74B5D375541D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DF5C11C3-3E75-4183-B257-B13C6E999689}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E85515A5-A441-4276-82AA-2E74D0ECD89E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{153FEB5F-FD46-48CD-B943-A99D713D7F26}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{33C60737-1E84-48F9-B9E5-F458994211E8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{BAD69ED0-2E9C-40CA-ABEA-1C9A7E03B487}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1121C4FD-090C-4964-A663-A52E1D473044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCC1CEBF-24FA-4F5E-88B1-DEA31A312801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{374C2550-C5AB-48E6-A40D-77C505CB48E3}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{FF7B1219-FFC4-44E3-BDBD-EDC8DFF980F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{21D55C60-B9B0-4928-A701-11D49FCE86CF}] => (Allow) LPort=61117
FirewallRules: [{02A63254-11E3-4E22-8108-4B6BF17F05CA}] => (Allow) LPort=61116
FirewallRules: [{D8CB2731-D142-4CFD-97DE-28C60A722DD0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{89C06B5C-2D22-4297-8FF8-1D9FA910A952}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{5299677F-C4C6-4CB2-AF48-D81D66DD1A54}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-09-2018 01:50:50 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2018 05:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648
Faulting module name: mscorlib.ni.dll, version: 4.7.3163.0, time stamp: 0x5b58fac7
Exception code: 0xc0000005
Fault offset: 0x00393aba
Faulting process id: 0x91c
Faulting application start time: 0x01d452bbdc94a73f
Faulting application path: C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\399032397425364b053c532bbbeacc09\mscorlib.ni.dll
Report Id: 1c0ab852-beaf-11e8-9866-00059a3c7800

Error: (09/22/2018 05:33:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at System.Buffer.Memmove(Byte*, Byte*, UInt32)
   at System.String.CtorCharPtrStartLength(Char*, Int32, Int32)
   at System.Runtime.InteropServices.Marshal.PtrToStringUni(IntPtr, Int32)
   at System.Data.SQLite.SQLite3_UTF16.UTF16ToString(IntPtr, Int32)
   at System.Data.SQLite.SQLite3_UTF16.GetText(System.Data.SQLite.SQLiteStatement, Int32)
   at System.Data.SQLite.SQLiteDataReader.GetString(Int32)
   at BackupManifest.GetFile(System.Data.IDataReader)
   at BackupEngine.CheckSource(System.String, System.Data.IDataReader, Boolean)
   at BackupEngine.CheckSource(System.String)
   at BackupEngine.VerifySourcesThreadProc()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

System errors:
=============
Error: (09/22/2018 08:21:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/22/2018 08:21:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/22/2018 05:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 37%
Total physical RAM: 2997.83 MB
Available physical RAM: 1887.81 MB
Total Virtual: 5994.03 MB
Available Virtual: 4817.67 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:132.36 GB) (Free:23.96 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.86 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:665.18 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:394.62 GB) NTFS

\\?\Volume{dc72c046-3c46-11e0-b2e7-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 563DE73A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 93.52 0 K 24 K 0   
procexp.exe 2.09 35,036 K 53,876 K 6072 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
audiodg.exe 1.39 16,752 K 16,036 K 1132 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.62 59,520 K 35,684 K 3448 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.58 0 K 0 K n/a Hardware Interrupts and DPCs  
WDDriveService.exe 0.56 8,692 K 12,884 K 2088 WD Drive Service Western Digital (Verified) Western Digital Technologies
iexplore.exe 0.29 128,404 K 128,672 K 2724 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
System 0.21 64 K 7,056 K 4   
csrss.exe 0.18 2,832 K 22,556 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MBAMService.exe 0.17 112,668 K 144,600 K 2268 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
FRST.exe 0.08 21,220 K 35,584 K 4224 Farbar Recovery Scan Tool Farbar (No signature was present in the subject) Farbar
svchost.exe 0.08 16,036 K 16,112 K 880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.04 40,000 K 54,724 K 3464 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 18,636 K 31,120 K 988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 5,820 K 10,612 K 1684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CCleaner.exe 0.02 11,556 K 1,676 K 3744 CCleaner Piriform Ltd (Verified) Piriform Ltd
IAStorDataMgrSvc.exe 0.02 14,656 K 13,276 K 1880 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
svchost.exe 0.02 13,224 K 14,456 K 1380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 4,032 K 7,376 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
cvpnd.exe 0.02 2,296 K 6,316 K 1952 Cisco Systems VPN Client Cisco Systems, Inc. (Verified) Cisco Systems
taskhost.exe 0.01 21,440 K 18,204 K 3288 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 4,004 K 7,876 K 1772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WDBackupEngine.exe 0.01 26,740 K 7,996 K 2344 WD Backup Engine Western Digital  (Verified) Western Digital Technologies
iexplore.exe < 0.01 19,144 K 32,256 K 4908 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
SearchIndexer.exe < 0.01 25,984 K 15,296 K 4008 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 10,016 K 8,660 K 1144 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
mbamtray.exe < 0.01 21,044 K 31,676 K 1608 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
svchost.exe < 0.01 7,420 K 13,428 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe < 0.01 5,688 K 12,688 K 568 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 1,448 K 3,780 K 440 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 72,728 K 81,392 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
DVMExportService.exe < 0.01 840 K 3,464 K 340 Windows Metadata Export Service DeviceVM, Inc. (No signature was present in the subject) DeviceVM, Inc.
stacsv.exe < 0.01 5,872 K 5,628 K 1024 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
WUDFHost.exe  1,252 K 4,308 K 3124 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe  1,632 K 5,248 K 2920 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  6,244 K 9,980 K 3080 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  2,208 K 5,028 K 3604 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe  1,392 K 4,252 K 1472 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,672 K 6,268 K 760 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,160 K 3,612 K 496 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WDRulesEngine.exe  18,400 K 4,188 K 2124 WD Rules Engine Western Digital  (Verified) Western Digital Technologies
upeksvr.exe  5,296 K 10,996 K 1612 Fingerprint Server Process for Vista UPEK Inc. (Verified) UPEK Inc.
unsecapp.exe  1,044 K 3,712 K 2996 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TdmService.exe  2,832 K 8,704 K 1856 TDM Service Wave Systems Corp. (Verified) Wave Systems Corp.
taskeng.exe  1,368 K 4,608 K 3712 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  47,484 K 23,752 K 2228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  9,832 K 11,812 K 4560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  11,008 K 13,072 K 1776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,408 K 5,928 K 2008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,896 K 7,992 K 692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,748 K 4,792 K 3192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  780 K 2,816 K 948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe  6,060 K 11,048 K 1572 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  320 K 892 K 328 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe  4,828 K 8,572 K 544 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
lsm.exe  1,320 K 3,196 K 576 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
InstallFilterService.exe  1,444 K 4,776 K 1248   (No signature was present in the subject)
HostStorageService.exe  1,228 K 3,708 K 1628 Host Storage Application Broadcom Corporation (Verified) Broadcom Corp
GoogleToolbarUser_32.exe  4,160 K 7,632 K 5904 Google Toolbar Broker Google Inc. (Verified) Google Inc
FlashUtil32_31_0_0_108_ActiveX.exe  2,164 K 7,020 K 5664 Adobe® Flash® Player Installer/Uninstaller 31.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
escsvc.exe  968 K 3,980 K 536 Epson Scanner Service (32bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation
EPCP.exe  3,352 K 7,524 K 448 Epson Customer Participation SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
E_JT50RP.EXE  748 K 2,664 K 572 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
dllhost.exe  1,480 K 4,952 K 4888 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
conhost.exe  560 K 2,300 K 1480 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

 

Image Name                     PID Services                                   
========================= ======== ============================================
System Idle Process              0 N/A                                        
System                           4 N/A                                        
smss.exe                       328 N/A                                        
csrss.exe                      440 N/A                                        
wininit.exe                    496 N/A                                        
csrss.exe                      504 N/A                                        
services.exe                   544 N/A                                        
lsass.exe                      568 KeyIso, SamSs                              
lsm.exe                        576 N/A                                        
svchost.exe                    692 DcomLaunch, PlugPlay, Power                
winlogon.exe                   760 N/A                                        
svchost.exe                    804 RpcEptMapper, RpcSs                        
svchost.exe                    880 Audiosrv, Dhcp, eventlog,                  
                                   HomeGroupProvider, lmhosts, wscsvc         
svchost.exe                    916 AudioEndpointBuilder, hidserv,             
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, WdiSystemHost, Wlansvc,     
                                   WPDBusEnum, wudfsvc                        
svchost.exe                    956 EventSystem, fdPHost, FontCache, netprofm, 
                                   nsi, SstpSvc, WdiServiceHost,              
                                   WinHttpAutoProxySvc                        
svchost.exe                    988 Appinfo, BITS, Browser, EapHost, gpsvc,    
                                   IKEEXT, LanmanServer, MMCSS, ProfSvc,      
                                   RasMan, Schedule, seclogon, SENS,          
                                   ShellHWDetection, Themes, Winmgmt, wuauserv
stacsv.exe                    1024 STacSV                                     
audiodg.exe                   1132 N/A                                        
svchost.exe                   1380 CryptSvc, Dnscache, LanmanWorkstation,     
                                   NlaSvc, TapiSrv                            
wlanext.exe                   1472 N/A                                        
conhost.exe                   1480 N/A                                        
spoolsv.exe                   1572 Spooler                                    
upeksvr.exe                   1612 N/A                                        
HostStorageService.exe        1628 Credential Vault Host Storage              
svchost.exe                   1684 FDResPub, SCardSvr, SSDPSRV, upnphost      
svchost.exe                   1776 BFE, DPS, MpsSvc                           
TdmService.exe                1856 TdmService                                 
cvpnd.exe                     1952 CVPND                                      
svchost.exe                   2008 DiagTrack                                  
DVMExportService.exe           340 DvmMDES                                    
EPCP.exe                       448 EpsonCustomerParticipation                 
escsvc.exe                     536 EpsonScanSvc                               
E_JT50RP.EXE                   572 EPSON_PM_RPCV4_05                          
svchost.exe                    948 HsfXAudioService                           
InstallFilterService.exe      1248 InstallFilterService                       
svchost.exe                   1772 StiSvc                                     
WDDriveService.exe            2088 WDDriveService                             
WDRulesEngine.exe             2124 WDRulesService                             
svchost.exe                   2228 WinDefend                                  
MBAMService.exe               2268 MBAMService                                
WDBackupEngine.exe            2344 WDBackup                                   
WUDFHost.exe                  2920 N/A                                        
unsecapp.exe                  2996 N/A                                        
WmiPrvSE.exe                  3080 N/A                                        
WUDFHost.exe                  3124 N/A                                        
svchost.exe                   3192 PolicyAgent                                
taskhost.exe                  3288 N/A                                        
dwm.exe                       3448 N/A                                        
explorer.exe                  3464 N/A                                        
taskeng.exe                   3712 N/A                                        
CCleaner.exe                  3744 N/A                                        
SearchIndexer.exe             4008 WSearch                                    
mbamtray.exe                  1608 N/A                                        
IAStorDataMgrSvc.exe          1880 IAStorDataMgrSvc                           
wmpnetwk.exe                  1144 WMPNetworkSvc                              
svchost.exe                   4560 p2pimsvc, p2psvc, PNRPsvc                  
dllhost.exe                   4888 N/A                                        
FRST.exe                      4224 N/A                                        
iexplore.exe                  4908 N/A                                        
iexplore.exe                  2724 N/A                                        
GoogleToolbarUser_32.exe      5904 N/A                                        
FlashUtil32_31_0_0_108_Ac     5664 N/A                                        
procexp.exe                   6072 N/A                                        
WmiPrvSE.exe                  3604 N/A                                        
cmd.exe                       5152 N/A                                        
conhost.exe                   5036 N/A                                        
tasklist.exe                   832 N/A  


  • 0

#33
momq

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I know the last two posts look like I did them in the wrong order, but I actually did everything on the second post first, then had some trouble with the attachment and wound up posting it as a separate post, which went in before the one I was working one. 


  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,063 posts
  • MVP
Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (09/22/2018 05:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

 

Usually a disk check will fix this.  Not sure which drive it is so probably need to do all

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You may receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.



The disk check will run and will probably take an hour or more to finish.

 

Repeat the disk check for each drive letter you have.  You probably won't need to reboot for the rest and don't need to clear the events after the first time.

 

Reboot after the last one and

 

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)



 


  • 0

#35
momq

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I'll take these steps if you think it will be useful, but before I do, let me fill you in on a known issue with my pc.  Several years ago I replaced the hard drive with a bigger one.  I imaged the old one (which was dying) and restored it to the new one.  This left part of it unusable, but other than that, it seemed to work ok.  I'm wondering if that might be triggering the error you found.


  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,063 posts
  • MVP

Not likely.  That's common when you clone a smaller drive onto a larger one.  The unused portion of the hard drive can be salvaged if you want.  You just need to right click on Computer, select Manage then click on the drive with the unused space.  Right click and Extend Volume.  It will let you tell it how much.  Alternatively you can format the unused space and give it a new drive letter.

 

Odds are this is not the C: drive.  Windows makes it hard to tell which is which but usually the C: is 0 or 1 and this one refers to 2.


  • 0

#37
momq

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I ran checkdisk on the C drive with no unexpected warnings.  When I tried D, though, a message box popped up saying:"Windows can't check the disk while it's in use.  Do you want to dismount this volume first?  Note: All opened handles to this volume will become invalid"

I have an option to Force a dismount or Cancel.  What should I do?


  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,063 posts
  • MVP

Dismount  (close any programs you have open first)


  • 0

#39
momq

momq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Ok.  Thanks.  I ran VIEW  a couple of times without success before I discovered that the problem was a permissions problem where the program was writing the output logs.  The solution was to run it as administrator.

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/09/2018 8:03:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/09/2018 7:27:45 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/09/2018 7:27:30 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Error Category: 2
Event: 137 Source: Ntfs
The default transaction resource manager on volume K: encountered a non-retryable error and could not start.  The data contains the error code.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Error Category: 0
Event: 16 Source: volsnap
The shadow copies of volume K: were aborted because volume K:, which contains shadow copy storage for this shadow copy, was force dismounted.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/09/2018 7:27:03 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 23/09/2018 7:26:55 PM
Type: Warning Category: 0
Event: 27 Source: e1kexpress
The event description cannot be found.

Log: 'System' Date/Time: 23/09/2018 7:26:53 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5800&MI_01\7&66de6c9&0&0001.

Log: 'System' Date/Time: 23/09/2018 7:25:31 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 23/09/2018 7:25:31 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 23/09/2018 7:23:41 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/09/2018 8:06:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/09/2018 12:03:39 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 24/09/2018 12:00:39 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 23/09/2018 11:58:06 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 23/09/2018 7:27:36 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648 Faulting module name: ntdll.dll, version: 6.1.7601.24231, time stamp: 0x5b6db285 Exception code: 0xc0000005 Fault offset: 0x00055e08 Faulting process id: 0x8cc Faulting application start time: 0x01d453737801a395 Faulting application path: C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: b94e96aa-bf66-11e8-850a-00059a3c7800

Log: 'Application' Date/Time: 23/09/2018 7:27:36 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at System.Data.SQLite.UnsafeNativeMethods.sqlite3_step(IntPtr)
   at System.Data.SQLite.SQLite3.Step(System.Data.SQLite.SQLiteStatement)
   at System.Data.SQLite.SQLiteDataReader.NextResult()
   at System.Data.SQLite.SQLiteDataReader..ctor(System.Data.SQLite.SQLiteCommand, System.Data.CommandBehavior)
   at System.Data.SQLite.SQLiteCommand.ExecuteReader(System.Data.CommandBehavior)
   at System.Data.SQLite.SQLiteCommand.ExecuteNonQuery()
   at WDEngine.ChangeJournalDB.Add(WDEngine.USNInfo[])
   at <Module>.WDEngine.Journal.Populate(WDEngine.Journal*)
   at <Module>.WDEngine.Journal.Init(WDEngine.Journal*)
   at <Module>.WDEngine.Journal.StartMonitoring(Char*)
   at WDEngine.ChangeJournal.StartMonitoring(System.String)
   at WDEngine.FileWatch.ProcessChangeJournal(WDEngine.WatchVolumeInfo)
   at WDEngine.FileWatch.DoQueuedTask()
   at WDEngine.FileWatch.Main()
   at BackupController.ThreadProc(System.Object)
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

 

Log: 'Application' Date/Time: 23/09/2018 7:27:21 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24168, time stamp: 0x5b1aa77b Exception code: 0xe0434352 Fault offset: 0x0000845d Faulting process id: 0xb70 Faulting application start time: 0x01d4537368793168 Faulting application path: C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: b05008b7-bf66-11e8-850a-00059a3c7800

Log: 'Application' Date/Time: 23/09/2018 7:27:20 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at WDIO.DBFile.Close()
   at WDIO.ManifestManager.!ManifestManager()
   at WDIO.ManifestManager.Dispose(Boolean)
   at WDIO.ManifestManager.Finalize()

 

Log: 'Application' Date/Time: 23/09/2018 7:22:10 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 23/09/2018 7:22:06 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 23/09/2018 4:47:28 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,063 posts
  • MVP

Lot of errors from:  WDBackupEngine.exe.  Don't know if the program needs to be reinstalled or if the drive where it stores stuff is full.

 

Seeing

An error was detected on device \Device\Harddisk1\DR1 during a paging operation

 

 

May need another diskcheck on the drive that stores pagefile.sys

https://www.techadvi...ilesys-3608749/

Sometimes doing a defrag will help tho you usually need a third party defrag program to move the pagefile.sys

 

Could also be a result of running the disk check.  Try clearing the events again, reboot and then run VEW again.


  • 0

Advertisements







Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP