Jump to content

CliffL62

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by CliffL62

  1. Hi Kevin, i think at least, im fairly confident you've helped remove any remaining malware, i hope so....there remains an issue i think with the system suddenly freezing and also going into limbo, so some residual damage perhaps? thanks for your help anyway, appreciate your time. C
  2. here, it looks good. maybe the HD is damaged causing it to crash suddenly? malwarebytes-..txt
  3. ok got malwarebytes running now, will send you new report soon
  4. i ran the adw cleaner again and it says the the PUP.optional.legacy is still there?
  5. I can't open it for some reason. I tried re-installing and i get a message saying source files corrupted. struggling here.
  6. i think ive lost it, for some reason i couldn't copy it to the desktop, and i couldn't seem to copy and paste the text. this laptop keeps crashing, Sorry
  7. Hi Kev...sorry i took so long had a few problems, hope ive done it right see 2 attached files please cheers cliff AdwCleaner[C3].txt Fixlog.txt
  8. Not sure about this Kev, is mine a bit different? : Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware ive got a drop down menu that say " always detect PUPs" is that what you mean?
  9. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by David (07-09-2017 15:44:29) Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMSBPP5 Windows 7 Home Premium (X64) (2010-03-26 16:04:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1824231826-1585140496-3392153557-500 - Administrator - Disabled) David (S-1-5-21-1824231826-1585140496-3392153557-1003 - Administrator - Enabled) => C:\Users\David Guest (S-1-5-21-1824231826-1585140496-3392153557-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1824231826-1585140496-3392153557-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.) Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated) Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) ArcSoft MediaImpression 2 (HKLM-x32\...\{46A1DD68-49E2-48DC-8B9F-142E6FE39223}) (Version: 2.0.90.1225 - ArcSoft) CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.) FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\{DAB5C521-80B2-48C3-B0DA-326A1B331F55}) (Version: 9.0.570 - Citrix) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler 1st Frame (HKLM-x32\...\WTA-0d70fa77-8446-4f2e-aaa2-bd71243bbbbf) (Version: 3.0.2.59 - WildTangent) Hidden Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated) Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation) TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.10.64 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - ) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation) TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA) Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation) Toshiba Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation) TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION) Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.05 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation) TRORMCLauncher (HKLM\...\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.7 - TOSHIBA) Hidden TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.9 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.) ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => C:\Program Files\TOSHIBA\TOSHIBA SD Memory Utilities\\SDFMTEXT.dll [2009-03-20] (TOSHIBA Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation) ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {19E9FF49-9465-4F21-8A99-F2E95846BD74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd) Task: {1CDB2C3C-D641-4C41-AB7E-8AACCADB440A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION) Task: {41CD63AC-313B-4343-8FE1-0B0E7C790241} - System32\Tasks\{ADBF5E60-BB24-4318-B68A-104197C59287} => C:\Windows\system32\pcalua.exe -a C:\Users\sheila\Downloads\intel_d3327228768d377.exe -d C:\Users\sheila\Downloads Task: {531AB538-4266-46A3-9243-E4E3E9D41673} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe <==== ATTENTION Task: {D3509851-51B9-4888-B723-F8429955EF83} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2017-08-26] (AO Kaspersky Lab) Task: {F4F05E5B-0B67-43A3-8516-C25605FFD2A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-25] (Adobe Systems Incorporated) Task: {FBFC5610-7818-48F0-ADE0-8D7B6F6F0399} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SDUpdate.exe <==== ATTENTION Task: {FFEA8115-EBC1-43A0-8D9C-F398BC227A01} - System32\Tasks\{0C40AD06-37F2-4835-A8D1-EBB0117A5A7F} => C:\Program Files (x86)\Skype\Phone\Skype.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe <==== ATTENTION Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SDUpdate.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-05 18:42 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2017-09-05 18:42 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2017-09-05 18:42 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2017-09-05 18:42 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7936 more sites. IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123simsen.com -> www.123simsen.com There are 7936 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2017-09-06 23:22 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15600 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: TOSHIBA Online Product Information => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D7E778CB-2271-4B6D-8B0F-10303A42A5A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{A73D1CF5-E068-4097-99CC-09083E678DAE}] => (Allow) svchost.exe FirewallRules: [{10BA38BD-56C5-45C3-AB44-3EB07B7ED85C}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{C8548076-DC2D-4DF1-BD30-759291A56722}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A786BE1E-CB41-4F03-BAC6-CC1A1D815188}] => (Allow) LPort=2869 FirewallRules: [{D538B225-3813-460E-BEA9-C54260EDDB12}] => (Allow) LPort=1900 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/07/2017 11:51:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1 Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456 Exception code: 0xc0000005 Fault offset: 0x00000000000199b5 Faulting process id: 0xd24 Faulting application start time: 0x01d327c744d9767e Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll Report Id: 903aadb2-93ba-11e7-84cf-705ab6702014 Error: (09/07/2017 11:51:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1 Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456 Exception code: 0xc0000005 Fault offset: 0x0000000000017971 Faulting process id: 0x918 Faulting application start time: 0x01d327c71cdb7803 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll Report Id: 7bbeb636-93ba-11e7-84cf-705ab6702014 Error: (09/07/2017 11:49:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1 Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456 Exception code: 0xc0000005 Fault offset: 0x00000000000192b7 Faulting process id: 0x924 Faulting application start time: 0x01d327c6f3b18c26 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll Report Id: 3bca7d9a-93ba-11e7-84cf-705ab6702014 Error: (09/07/2017 11:48:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1 Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456 Exception code: 0xc0000005 Fault offset: 0x0000000000016f11 Faulting process id: 0x1f4 Faulting application start time: 0x01d327b48af4e88c Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll Report Id: 133b4b2f-93ba-11e7-84cf-705ab6702014 Error: (09/07/2017 09:37:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1 Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456 Exception code: 0xc0000005 Fault offset: 0x0000000000017971 Faulting process id: 0x83c Faulting application start time: 0x01d327b35082a4fa Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll Report Id: c1033fe9-93a7-11e7-84cf-705ab6702014 Error: (09/07/2017 09:26:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1 Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9 Exception code: 0xc0000005 Fault offset: 0x0000000000122e46 Faulting process id: 0x960 Faulting application start time: 0x01d327b2f41947f4 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll Report Id: 3c36fc28-93a6-11e7-8c42-705ab6702014 Error: (09/07/2017 09:25:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1 Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9 Exception code: 0xc0000005 Fault offset: 0x0000000000122e46 Faulting process id: 0xde0 Faulting application start time: 0x01d327b2e29ab48e Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll Report Id: 28cb9c04-93a6-11e7-8c42-705ab6702014 Error: (09/07/2017 09:25:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1 Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9 Exception code: 0xc0000005 Fault offset: 0x0000000000122e46 Faulting process id: 0x9e0 Faulting application start time: 0x01d327b2d126d433 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll Report Id: 1759de90-93a6-11e7-8c42-705ab6702014 Error: (09/07/2017 09:25:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1 Faulting module name: Qt5Qml.dll, version: 5.6.2.0, time stamp: 0x594d4621 Exception code: 0xc0000005 Fault offset: 0x000aaf25 Faulting process id: 0xc90 Faulting application start time: 0x01d327b23257f960 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll Report Id: 0c149291-93a6-11e7-8c42-705ab6702014 Error: (09/07/2017 09:24:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1 Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9 Exception code: 0xc0000005 Fault offset: 0x0000000000122e46 Faulting process id: 0x8a0 Faulting application start time: 0x01d327b2bf946ee5 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll Report Id: 04cee4cf-93a6-11e7-8c42-705ab6702014 System errors: ============= Error: (09/07/2017 03:42:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (09/07/2017 12:37:45 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (09/07/2017 11:54:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (09/07/2017 11:53:39 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000588b4, 0x0000000000000002, 0x00000000000588b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090717-23368-01. Error: (09/07/2017 11:53:32 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:51:25 on ‎07/‎09/‎2017 was unexpected. CodeIntegrity: =================================== Date: 2017-09-07 15:43:55.787 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2017-09-07 15:43:55.132 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2017-09-07 15:43:54.337 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2017-09-07 15:43:53.432 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2017-09-07 11:54:20.580 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2017-09-07 09:29:16.997 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2017-09-07 08:46:20.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2017-09-06 22:01:22.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2017-09-06 22:01:22.106 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2017-09-06 21:23:47.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz Percentage of memory in use: 45% Total physical RAM: 2936.87 MB Available physical RAM: 1596.54 MB Total Virtual: 5871.88 MB Available Virtual: 4160.52 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:116.44 GB) (Free:62.14 GB) NTFS Drive d: (Data) (Fixed) (Total:116.05 GB) (Free:109.32 GB) NTFS Drive e: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS Drive f: () (Removable) (Total:1.87 GB) (Free:1.44 GB) FAT Drive g: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.17 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F90D3CF3) Partition 1: (Active) - (Size=400 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=116.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=116.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 00BC17FA) Partition 1: (Active) - (Size=1.9 GB) - (Type=06) ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by David (administrator) on SHEILA-TOSHIBA (07-09-2017 15:43:38) Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMSBPP5 Loaded Profiles: David (Available Profiles: David) Platform: Windows 7 Home Premium (X64) Language: English (United States) Internet Explorer Version 9 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd) HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{272014C2-587F-448B-8071-CEA0C481CF21}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH SearchScopes: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> {2845B4D9-7165-45EB-981F-1788342FA76B} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> {49E0392F-484F-4545-99FF-1AC27A78F31F} URL = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-10-27] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FireFox: ======== FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2011-10-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-06] () ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-02] (WildTangent) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) [File not signed] R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.) R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-09-05] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-07] (Malwarebytes) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-07] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-07] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-07] (Malwarebytes) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation ) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-07 15:43 - 2017-09-07 15:43 - 000000000 ____D C:\FRST 2017-09-07 11:53 - 2017-09-07 11:53 - 313502155 _____ C:\Windows\MEMORY.DMP 2017-09-07 11:53 - 2017-09-07 11:53 - 000276640 _____ C:\Windows\Minidump\090717-23368-01.dmp 2017-09-07 09:29 - 2017-09-07 11:51 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-09-07 09:14 - 2017-09-07 11:54 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-07 09:14 - 2017-09-07 11:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-09-07 09:14 - 2017-09-07 11:51 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-07 09:14 - 2017-09-07 09:14 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-09-07 09:14 - 2017-09-07 09:14 - 000001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-07 09:14 - 2017-09-07 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-07 09:14 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-09-06 20:30 - 2017-09-06 20:30 - 000338960 _____ C:\Windows\system32\FNTCACHE.DAT 2017-09-06 19:51 - 2017-09-06 19:51 - 000003168 _____ C:\Windows\System32\Tasks\{ADBF5E60-BB24-4318-B68A-104197C59287} 2017-09-06 16:09 - 2017-09-06 16:12 - 000000000 ____D C:\22cc4209c89321e6912b0e 2017-09-06 09:11 - 2017-09-06 09:11 - 1442316288 _____ C:\bstB4CE.tmp 2017-09-06 08:56 - 2017-09-06 08:56 - 000000000 ____D C:\Users\David\AppData\Roaming\GlarySoft 2017-09-05 23:47 - 2017-09-05 23:47 - 000000000 ____D C:\Windows\system32\%LOCALAPPDATA% 2017-09-05 20:39 - 2017-09-05 20:40 - 000000000 ____D C:\ProgramData\Oracle 2017-09-05 19:08 - 2017-09-06 08:06 - 000001888 _____ C:\Users\Public\Desktop\Defraggler.lnk 2017-09-05 19:07 - 2017-09-05 19:07 - 004619752 _____ (Piriform Ltd) C:\Users\David\Downloads\dfsetup221.exe 2017-09-05 18:52 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-185222.backup 2017-09-05 18:43 - 2017-09-05 18:43 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2017-09-05 18:43 - 2017-09-05 18:43 - 000001350 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2017-09-05 18:43 - 2017-09-05 18:43 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2017-09-05 18:43 - 2017-09-05 18:43 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2017-09-05 18:43 - 2017-09-05 18:43 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job 2017-09-05 18:43 - 2017-09-05 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2017-09-05 18:42 - 2017-09-05 18:43 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-09-05 18:42 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe 2017-09-05 18:41 - 2017-09-05 18:42 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\David\Downloads\spybotsd-2.6.46.exe 2017-09-05 18:20 - 2017-09-05 18:21 - 000000000 ____D C:\Users\David\AppData\Roaming\Device Doctor 2017-09-05 18:08 - 2017-09-06 09:14 - 000000000 ____D C:\32788R22FWJFW 2017-09-05 17:26 - 2017-09-06 20:04 - 000000000 ____D C:\AdwCleaner 2017-09-05 16:28 - 2017-09-05 17:58 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2017-09-05 16:03 - 2017-09-05 16:04 - 000215710 _____ C:\TDSSKiller.3.1.0.15_05.09.2017_16.03.38_log.txt 2017-09-05 16:02 - 2017-09-05 16:02 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_16.02.32_log.txt 2017-09-05 15:39 - 2017-09-05 15:40 - 000076570 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.39.13_log.txt 2017-09-05 15:38 - 2017-09-05 15:38 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.38.39_log.txt 2017-09-05 15:37 - 2017-09-05 15:37 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.37.25_log.txt 2017-09-05 14:53 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145355.backup 2017-09-05 14:52 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145250.backup 2017-09-05 14:51 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145107.backup 2017-09-05 14:51 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145104.backup 2017-09-05 14:50 - 2017-09-05 14:50 - 000002430 _____ C:\Windows\System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task 2017-09-05 14:50 - 2017-09-05 14:50 - 000002424 _____ C:\Windows\System32\Tasks\Spybot - Search & Destroy - Scheduled Task 2017-09-05 14:50 - 2017-09-05 14:50 - 000000280 _____ C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job 2017-09-05 14:50 - 2017-09-05 14:50 - 000000272 _____ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job 2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144754.backup 2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144739.backup 2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144731.backup 2017-09-05 14:35 - 2017-09-06 20:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-09-05 12:28 - 2017-09-05 12:28 - 000000000 ____D C:\Users\David\AppData\Local\VirtualStore 2017-08-26 00:59 - 2017-08-26 00:59 - 000000829 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-08-26 00:29 - 2017-08-26 00:29 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-08-26 00:24 - 2017-09-06 10:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-08-26 00:14 - 2017-08-26 00:14 - 000000000 ____D C:\Program Files\Malwarebytes 2017-08-26 00:05 - 2017-08-26 00:05 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2017-08-26 00:00 - 2017-09-06 10:13 - 000000000 ____D C:\Program Files (x86)\Avira 2017-08-26 00:00 - 2017-09-06 10:11 - 000000000 ____D C:\ProgramData\Avira 2017-08-25 23:44 - 2017-08-25 23:44 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics 2017-08-25 23:02 - 2017-08-25 23:03 - 066347240 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.2.2.2018.exe 2017-08-25 23:01 - 2017-08-25 23:01 - 013994341 _____ C:\Users\David\Downloads\Malwarebytes-3.0.2.422.dmg 2017-08-25 23:01 - 2017-08-25 23:01 - 002950368 _____ (Malwarebytes ) C:\Users\David\Downloads\DE38.tmp 2017-08-25 21:03 - 2017-08-25 21:03 - 000000000 ____D C:\Users\David\AppData\Roaming\WildTangent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-07 14:14 - 2009-07-14 06:13 - 000726444 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-07 14:14 - 2009-07-14 05:45 - 000016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-07 14:14 - 2009-07-14 05:45 - 000016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-07 14:14 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2017-09-07 11:53 - 2013-08-13 17:55 - 000000000 ____D C:\Windows\Minidump 2017-09-07 11:53 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-07 09:33 - 2016-12-24 11:25 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps 2017-09-07 09:00 - 2016-12-24 11:25 - 000001267 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-09-07 09:00 - 2016-12-24 11:25 - 000000000 ____D C:\Users\David\AppData\Local\Google 2017-09-07 09:00 - 2009-09-04 15:37 - 000000000 ____D C:\Program Files (x86)\Google 2017-09-07 08:50 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-09-06 21:14 - 2010-03-26 17:04 - 000000000 ____D C:\Users\sheila 2017-09-06 21:05 - 2016-12-24 11:25 - 000079608 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT 2017-09-06 21:01 - 2014-06-06 10:43 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-09-06 19:39 - 2010-04-05 10:29 - 000000000 ____D C:\ProgramData\Skype 2017-09-06 15:49 - 2010-03-26 17:14 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D8565A64-2DD8-4256-A825-4966D8602269} 2017-09-06 09:33 - 2009-07-14 03:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20170906-232217.backup 2017-09-05 20:48 - 2014-04-06 17:08 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-05 20:40 - 2011-10-27 18:31 - 000000000 ____D C:\Program Files\Java 2017-09-05 19:08 - 2011-08-26 08:37 - 000000000 ____D C:\Program Files\Defraggler 2017-09-05 18:52 - 2009-07-14 03:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20170906-093309.backup 2017-09-05 18:03 - 2016-12-24 11:24 - 000000000 ____D C:\Users\David 2017-09-05 17:48 - 2016-10-30 23:36 - 000000000 ____D C:\Program Files\Common Files\AV 2017-09-05 17:25 - 2015-11-08 00:56 - 000000000 ____D C:\ProgramData\Avg 2017-09-05 17:22 - 2015-01-18 20:36 - 000000000 ____D C:\ProgramData\MFAData 2017-09-05 14:52 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF 2017-09-05 13:04 - 2016-12-23 15:22 - 000000000 ____D C:\ProgramData\HitmanPro 2017-08-26 06:28 - 2014-06-07 11:48 - 000000000 ____D C:\Program Files (x86)\WildGames 2017-08-26 06:28 - 2014-06-06 11:06 - 000000000 ____D C:\Program Files (x86)\WildTangent Games 2017-08-26 06:28 - 2011-10-28 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2017-08-26 06:28 - 2011-08-26 08:33 - 000000000 ____D C:\Program Files\CCleaner 2017-08-26 06:28 - 2009-09-04 15:41 - 000000000 ____D C:\ProgramData\WildTangent 2017-08-26 06:28 - 2009-09-04 15:41 - 000000000 ____D C:\Program Files (x86)\TOSHIBA Games 2017-08-26 06:28 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-08-26 06:20 - 2009-07-14 08:44 - 000000000 ___RD C:\Users\Public\Recorded TV 2017-08-26 06:19 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration 2017-08-26 06:17 - 2009-09-04 15:38 - 000000000 ____D C:\Program Files\Google 2017-08-26 06:17 - 2009-09-04 15:37 - 000000000 ____D C:\ProgramData\Google 2017-08-26 00:59 - 2011-10-27 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-08-26 00:22 - 2016-12-11 18:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-08-25 22:36 - 2012-11-23 15:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-08-25 22:36 - 2012-11-23 15:48 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-08-25 22:36 - 2012-11-23 15:48 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-25 22:36 - 2011-08-24 08:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-25 22:36 - 2010-04-09 16:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed ==================== Files in the root of some directories ======= 2016-12-26 13:45 - 2016-12-26 23:31 - 000007596 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg 2016-12-24 23:42 - 2016-12-24 23:42 - 000000000 _____ () C:\Users\David\AppData\Local\{8AF5B394-B7D7-48E6-BBE1-A153E694DCE0} 2010-04-05 10:41 - 2010-04-05 10:41 - 000000056 _____ () C:\ProgramData\ezsidmv.dat ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-04 11:48 ==================== End of FRST.txt ============================
  10. Thanks Kevin, just seen this, will get back to you. C
  11. Hi, brand new here; my aged mother wanted me to bin her old Toshiba L500 laptop, running on Windows 7, because it won't run anymore. I thought i'd try and save it from the landfill, but not having much luck running the scan, it's finding several hundred threats, i think they are PUP malware, but something always shuts it down at the final heuristic stage, any suggestions?? C.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.