Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10.02.2018 02 Ran by Admin (27-02-2018 23:52:22) Running from C:\Users\Admin\Desktop\FRST DOCs Microsoft® Windows Vista™ Home Basic (X86) (2013-12-07 15:43:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-144978628-2293470025-642614174-1000 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-144978628-2293470025-642614174-500 - Administrator - Disabled) Betty Tremblay (S-1-5-21-144978628-2293470025-642614174-1001 - Limited - Enabled) => C:\Users\Betty Tremblay Guest (S-1-5-21-144978628-2293470025-642614174-501 - Administrator - Enabled) => C:\Users\Guest ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 9.0 Sprint (HKLM\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) Accessibility (HKLM\...\{2C544254-39F2-4ACA-B779-ABF7297C96CF}) (Version: 1.39.0.19 - TOSHIBA) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0012 - ATK) AVG 2016 (HKLM\...\{AE3CE485-0996-413D-A897-D2F80D44982D}) (Version: 16.0.4776 - AVG Technologies) Hidden AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.1.3044 - AVG Technologies) CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.01.03 - TOSHIBA) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.) Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION) EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 52.5.3 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.3 ESR (x86 en-US)) (Version: 52.5.3 - Mozilla) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.) Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (HKLM\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.) Roxio EasyWrite Reader (HKLM\...\Roxio MRFilter) (Version: - ) swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.3.0 - Synaptics) TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.00.03 - ) TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.32 - TOSHIBA) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.07 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation) TOSHIBA Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: TOSH0501 - WildTangent) Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.) TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems) TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA) TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-02-26] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-02-11] (Intel Corporation) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-02-26] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {36AF97D0-6340-4933-9C35-0E82E23EB06A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-02-26] (AVG Technologies CZ, s.r.o.) Task: {4A31C49C-85C2-4EA9-9EE2-25B50291EDE4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task: {6E13EAB5-D9B5-4172-B280-A1F768473D95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {B91CE50D-5CC5-4790-B449-27E19E3AD80F} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-02-08] (AVG Technologies CZ, s.r.o.) Task: {FE22E279-6ECA-44AA-975A-F280CE801E59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2007-08-09 18:20 - 2007-02-05 20:13 - 000094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe 2018-02-26 22:29 - 2018-02-26 22:29 - 000289008 _____ () C:\Program Files\AVG\Antivirus\streamback.dll 2018-02-26 22:29 - 2018-02-26 22:29 - 000281328 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll 2018-02-27 16:48 - 2018-02-27 16:48 - 005822192 _____ () C:\Program Files\AVG\Antivirus\defs\18022716\algo.dll 2018-02-26 22:29 - 2018-02-26 22:29 - 000758000 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll 2018-02-26 22:29 - 2018-02-26 22:29 - 000964336 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll 2018-02-26 22:29 - 2018-02-26 22:29 - 000469744 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll 2007-08-09 19:00 - 2007-01-25 19:47 - 000136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe 2007-08-09 19:00 - 2007-01-25 19:50 - 000063096 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe 2018-02-04 20:55 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-02-26 22:29 - 2018-02-26 22:29 - 000618736 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll 2007-08-09 18:32 - 2007-05-18 05:43 - 000430080 _____ () C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe 2018-02-26 22:29 - 2018-02-26 22:29 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll 2016-09-06 16:15 - 2016-09-06 11:00 - 005197312 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2016-09-06 16:15 - 2016-09-06 11:00 - 000147456 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2018-02-24 23:50 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-144978628-2293470025-642614174-1000\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-144978628-2293470025-642614174-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-144978628-2293470025-642614174-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\Pictures\Boots.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WMPNSS-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [WMPNSS-In-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [WMPNSS-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [WMPNSS-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [WMPNSS-WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [TCP Query User{B568B700-47E7-4900-A90A-C7DE92AE7801}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{53DFE34E-9374-42FC-9AE0-E94F21FFF7B1}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [{2D2269FA-EAED-4AF2-A475-48B518C6EF21}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{5557D815-1A87-487F-867D-0A2C707F9BE4}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{4A45D8BD-816A-459F-AC7F-AE42992EECFA}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{89676831-57EE-4E58-976F-E5B9576C96FC}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{EB3D8379-B078-4EF1-B956-F16B2E2EC2D6}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{5E55D80B-EAFE-41E4-A360-643B668D68C6}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe FirewallRules: [{579A119E-EF2D-4715-9F5A-6D7470FA3A35}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [{C0703ED2-45D2-434F-8B4C-438F9672AB2A}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [{0A656B49-2FE7-49FF-8C46-21475406A20F}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [{71E6999F-13B9-4ECD-A27F-34DDB53D3016}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe FirewallRules: [TCP Query User{B5E2788D-AA7D-40E0-B28D-4FF81C056910}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{C74D3921-1936-460D-867C-9396366A92C1}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger ==================== Restore Points ========================= 22-02-2018 19:08:58 Scheduled Checkpoint 23-02-2018 20:18:35 Scheduled Checkpoint 24-02-2018 11:39:28 Scheduled Checkpoint 24-02-2018 23:50:00 Restore Point Created by FRST 25-02-2018 13:37:15 Scheduled Checkpoint 26-02-2018 14:39:42 Scheduled Checkpoint 26-02-2018 21:34:19 Restore Point Created by FRST 27-02-2018 19:56:04 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Built-in Infrared Device Description: Built-in Infrared Device Class Guid: {6bdd1fc5-810f-11d0-bec7-08002be2092f} Manufacturer: (Standard Infrared Port) Service: irsir Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/27/2018 05:58:36 PM) (Source: WerSvc) (EventID: 5007) (User: ) Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9. Error: (02/27/2018 04:51:31 PM) (Source: usbperf) (EventID: 2004) (User: ) Description: Usbperf data collection failed. Collect function called with usupported Query Type. Error: (02/27/2018 04:49:18 PM) (Source: usbperf) (EventID: 2004) (User: ) Description: Usbperf data collection failed. Collect function called with usupported Query Type. Error: (02/27/2018 04:49:15 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/27/2018 04:49:15 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code. Error: (02/27/2018 04:49:15 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "DFSR" in DLL "C:\Windows\System32\DfsrPerf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/27/2018 09:14:42 AM) (Source: WerSvc) (EventID: 5007) (User: ) Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9. Error: (02/26/2018 10:29:31 PM) (Source: WerSvc) (EventID: 5007) (User: ) Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9. Error: (02/26/2018 09:34:17 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {c9187c6a-f0eb-4887-ba72-294a96c287ec} Error: (02/26/2018 07:14:24 PM) (Source: WerSvc) (EventID: 5007) (User: ) Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9. System errors: ============= Error: (02/27/2018 11:22:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2018 11:22:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2018 11:22:00 PM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: The DHCP allocator has disabled itself on IP address 10.0.0.8, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. Error: (02/27/2018 11:22:00 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: The ICS_IPV6 failed to configure IPv6 stack. Error: (02/27/2018 11:20:56 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: Event-ID 412 Error: (02/27/2018 11:20:46 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:18:01 PM on 2/27/2018 was unexpected. Error: (02/27/2018 05:00:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2018 05:00:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2018 04:59:46 PM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: The DHCP allocator has disabled itself on IP address 10.0.0.8, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. Error: (02/27/2018 04:59:46 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: The ICS_IPV6 failed to configure IPv6 stack. CodeIntegrity: =================================== Date: 2017-12-09 16:52:22.676 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-12-09 16:52:22.629 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-12-09 16:52:22.567 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-12-09 16:52:22.520 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-12-09 16:52:22.473 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-12-09 16:52:22.427 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-12-09 16:52:22.146 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2017-12-09 16:52:22.099 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2017-12-09 16:52:22.052 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2017-12-09 16:52:22.005 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz Percentage of memory in use: 52% Total physical RAM: 3062.44 MB Available physical RAM: 1447.63 MB Total Virtual: 6304.57 MB Available Virtual: 4675.63 MB ==================== Drives ================================ Drive c: (SQ004525V02) (Fixed) (Total:73.06 GB) (Free:40.52 GB) NTFS ==>[drive with boot components (obtained from BCD)] \\?\Volume{43956e0f-5f55-11e3-8818-806e6f6e6963}\ (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: E3AF5BFE) Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Active) - (Size=73.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================