CliffL62
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by CliffL62
-
-
Hi Kevin, i think at least, im fairly confident you've helped remove any remaining malware, i hope so....there remains an issue i think with the system suddenly freezing and also going into limbo, so some residual damage perhaps? thanks for your help anyway, appreciate your time. C
-
-
ok got malwarebytes running now, will send you new report soon
-
ran the adw cleaner again, this time it didn't show?
-
i ran the adw cleaner again and it says the the PUP.optional.legacy is still there?
-
I can't open it for some reason. I tried re-installing and i get a message saying source files corrupted. struggling here.
-
i think ive lost it, for some reason i couldn't copy it to the desktop, and i couldn't seem to copy and paste the text. this laptop keeps crashing, Sorry
-
Hi Kev...sorry i took so long had a few problems, hope ive done it right see 2 attached files please
cheers cliff
-
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by David (07-09-2017 15:44:29)
Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMSBPP5
Windows 7 Home Premium (X64) (2010-03-26 16:04:52)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================Administrator (S-1-5-21-1824231826-1585140496-3392153557-500 - Administrator - Disabled)
David (S-1-5-21-1824231826-1585140496-3392153557-1003 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1824231826-1585140496-3392153557-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1824231826-1585140496-3392153557-1002 - Limited - Enabled)==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
ArcSoft MediaImpression 2 (HKLM-x32\...\{46A1DD68-49E2-48DC-8B9F-142E6FE39223}) (Version: 2.0.90.1225 - ArcSoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\{DAB5C521-80B2-48C3-B0DA-326A1B331F55}) (Version: 9.0.570 - Citrix) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-0d70fa77-8446-4f2e-aaa2-bd71243bbbbf) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.10.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
Toshiba Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.05 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TRORMCLauncher (HKLM\...\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.7 - TOSHIBA) Hidden
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => C:\Program Files\TOSHIBA\TOSHIBA SD Memory Utilities\\SDFMTEXT.dll [2009-03-20] (TOSHIBA Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {19E9FF49-9465-4F21-8A99-F2E95846BD74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {1CDB2C3C-D641-4C41-AB7E-8AACCADB440A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {41CD63AC-313B-4343-8FE1-0B0E7C790241} - System32\Tasks\{ADBF5E60-BB24-4318-B68A-104197C59287} => C:\Windows\system32\pcalua.exe -a C:\Users\sheila\Downloads\intel_d3327228768d377.exe -d C:\Users\sheila\Downloads
Task: {531AB538-4266-46A3-9243-E4E3E9D41673} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe <==== ATTENTION
Task: {D3509851-51B9-4888-B723-F8429955EF83} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2017-08-26] (AO Kaspersky Lab)
Task: {F4F05E5B-0B67-43A3-8516-C25605FFD2A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-25] (Adobe Systems Incorporated)
Task: {FBFC5610-7818-48F0-ADE0-8D7B6F6F0399} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SDUpdate.exe <==== ATTENTION
Task: {FFEA8115-EBC1-43A0-8D9C-F398BC227A01} - System32\Tasks\{0C40AD06-37F2-4835-A8D1-EBB0117A5A7F} => C:\Program Files (x86)\Skype\Phone\Skype.exe(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe <==== ATTENTION
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SDUpdate.exe <==== ATTENTION==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============2017-09-05 18:42 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-09-05 18:42 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-09-05 18:42 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-09-05 18:42 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.comThere are 7936 more sites.
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123simsen.com -> www.123simsen.comThere are 7936 more sites.
==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2017-09-06 23:22 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.comThere are 15600 more lines.
==================== Other Areas ============================(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TOSHIBA Online Product Information => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D7E778CB-2271-4B6D-8B0F-10303A42A5A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A73D1CF5-E068-4097-99CC-09083E678DAE}] => (Allow) svchost.exe
FirewallRules: [{10BA38BD-56C5-45C3-AB44-3EB07B7ED85C}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{C8548076-DC2D-4DF1-BD30-759291A56722}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A786BE1E-CB41-4F03-BAC6-CC1A1D815188}] => (Allow) LPort=2869
FirewallRules: [{D538B225-3813-460E-BEA9-C54260EDDB12}] => (Allow) LPort=1900
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================Application errors:
==================
Error: (09/07/2017 11:51:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x00000000000199b5
Faulting process id: 0xd24
Faulting application start time: 0x01d327c744d9767e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: 903aadb2-93ba-11e7-84cf-705ab6702014Error: (09/07/2017 11:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x0000000000017971
Faulting process id: 0x918
Faulting application start time: 0x01d327c71cdb7803
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: 7bbeb636-93ba-11e7-84cf-705ab6702014Error: (09/07/2017 11:49:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x00000000000192b7
Faulting process id: 0x924
Faulting application start time: 0x01d327c6f3b18c26
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: 3bca7d9a-93ba-11e7-84cf-705ab6702014Error: (09/07/2017 11:48:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x0000000000016f11
Faulting process id: 0x1f4
Faulting application start time: 0x01d327b48af4e88c
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: 133b4b2f-93ba-11e7-84cf-705ab6702014Error: (09/07/2017 09:37:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x0000000000017971
Faulting process id: 0x83c
Faulting application start time: 0x01d327b35082a4fa
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: c1033fe9-93a7-11e7-84cf-705ab6702014Error: (09/07/2017 09:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
Exception code: 0xc0000005
Fault offset: 0x0000000000122e46
Faulting process id: 0x960
Faulting application start time: 0x01d327b2f41947f4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: 3c36fc28-93a6-11e7-8c42-705ab6702014Error: (09/07/2017 09:25:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
Exception code: 0xc0000005
Fault offset: 0x0000000000122e46
Faulting process id: 0xde0
Faulting application start time: 0x01d327b2e29ab48e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: 28cb9c04-93a6-11e7-8c42-705ab6702014Error: (09/07/2017 09:25:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
Exception code: 0xc0000005
Fault offset: 0x0000000000122e46
Faulting process id: 0x9e0
Faulting application start time: 0x01d327b2d126d433
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: 1759de90-93a6-11e7-8c42-705ab6702014Error: (09/07/2017 09:25:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1
Faulting module name: Qt5Qml.dll, version: 5.6.2.0, time stamp: 0x594d4621
Exception code: 0xc0000005
Fault offset: 0x000aaf25
Faulting process id: 0xc90
Faulting application start time: 0x01d327b23257f960
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
Report Id: 0c149291-93a6-11e7-8c42-705ab6702014Error: (09/07/2017 09:24:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
Exception code: 0xc0000005
Fault offset: 0x0000000000122e46
Faulting process id: 0x8a0
Faulting application start time: 0x01d327b2bf946ee5
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: 04cee4cf-93a6-11e7-8c42-705ab6702014
System errors:
=============
Error: (09/07/2017 03:42:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.Error: (09/07/2017 12:37:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Error: (09/07/2017 11:54:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Error: (09/07/2017 11:53:39 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000588b4, 0x0000000000000002, 0x00000000000588b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090717-23368-01.Error: (09/07/2017 11:53:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:51:25 on 07/09/2017 was unexpected.
CodeIntegrity:
===================================
Date: 2017-09-07 15:43:55.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.Date: 2017-09-07 15:43:55.132
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.Date: 2017-09-07 15:43:54.337
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.Date: 2017-09-07 15:43:53.432
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.Date: 2017-09-07 11:54:20.580
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.Date: 2017-09-07 09:29:16.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.Date: 2017-09-07 08:46:20.634
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.Date: 2017-09-06 22:01:22.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.Date: 2017-09-06 22:01:22.106
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.Date: 2017-09-06 21:23:47.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz
Percentage of memory in use: 45%
Total physical RAM: 2936.87 MB
Available physical RAM: 1596.54 MB
Total Virtual: 5871.88 MB
Available Virtual: 4160.52 MB==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:116.44 GB) (Free:62.14 GB) NTFS
Drive d: (Data) (Fixed) (Total:116.05 GB) (Free:109.32 GB) NTFS
Drive e: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:1.87 GB) (Free:1.44 GB) FAT
Drive g: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.17 GB) NTFS ==>[system with boot components (obtained from drive)]==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F90D3CF3)
Partition 1: (Active) - (Size=400 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116.1 GB) - (Type=07 NTFS)========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00BC17FA)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by David (administrator) on SHEILA-TOSHIBA (07-09-2017 15:43:38)
Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMSBPP5
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{272014C2-587F-448B-8071-CEA0C481CF21}: [DhcpNameServer] 192.168.0.1Internet Explorer:
==================
HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
SearchScopes: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> {2845B4D9-7165-45EB-981F-1788342FA76B} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> {49E0392F-484F-4545-99FF-1AC27A78F31F} URL = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-10-27] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabFireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2011-10-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-06] ()==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-02] (WildTangent)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-09-05] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-07] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-07] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-07] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-07] (Malwarebytes)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation )==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-07 15:43 - 2017-09-07 15:43 - 000000000 ____D C:\FRST
2017-09-07 11:53 - 2017-09-07 11:53 - 313502155 _____ C:\Windows\MEMORY.DMP
2017-09-07 11:53 - 2017-09-07 11:53 - 000276640 _____ C:\Windows\Minidump\090717-23368-01.dmp
2017-09-07 09:29 - 2017-09-07 11:51 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-07 09:14 - 2017-09-07 11:54 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-07 09:14 - 2017-09-07 11:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-07 09:14 - 2017-09-07 11:51 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-07 09:14 - 2017-09-07 09:14 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-07 09:14 - 2017-09-07 09:14 - 000001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-07 09:14 - 2017-09-07 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-07 09:14 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-06 20:30 - 2017-09-06 20:30 - 000338960 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-06 19:51 - 2017-09-06 19:51 - 000003168 _____ C:\Windows\System32\Tasks\{ADBF5E60-BB24-4318-B68A-104197C59287}
2017-09-06 16:09 - 2017-09-06 16:12 - 000000000 ____D C:\22cc4209c89321e6912b0e
2017-09-06 09:11 - 2017-09-06 09:11 - 1442316288 _____ C:\bstB4CE.tmp
2017-09-06 08:56 - 2017-09-06 08:56 - 000000000 ____D C:\Users\David\AppData\Roaming\GlarySoft
2017-09-05 23:47 - 2017-09-05 23:47 - 000000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2017-09-05 20:39 - 2017-09-05 20:40 - 000000000 ____D C:\ProgramData\Oracle
2017-09-05 19:08 - 2017-09-06 08:06 - 000001888 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-09-05 19:07 - 2017-09-05 19:07 - 004619752 _____ (Piriform Ltd) C:\Users\David\Downloads\dfsetup221.exe
2017-09-05 18:52 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-185222.backup
2017-09-05 18:43 - 2017-09-05 18:43 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-09-05 18:43 - 2017-09-05 18:43 - 000001350 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-09-05 18:43 - 2017-09-05 18:43 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-09-05 18:43 - 2017-09-05 18:43 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-09-05 18:43 - 2017-09-05 18:43 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-09-05 18:43 - 2017-09-05 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-09-05 18:42 - 2017-09-05 18:43 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-09-05 18:42 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-09-05 18:41 - 2017-09-05 18:42 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\David\Downloads\spybotsd-2.6.46.exe
2017-09-05 18:20 - 2017-09-05 18:21 - 000000000 ____D C:\Users\David\AppData\Roaming\Device Doctor
2017-09-05 18:08 - 2017-09-06 09:14 - 000000000 ____D C:\32788R22FWJFW
2017-09-05 17:26 - 2017-09-06 20:04 - 000000000 ____D C:\AdwCleaner
2017-09-05 16:28 - 2017-09-05 17:58 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-09-05 16:03 - 2017-09-05 16:04 - 000215710 _____ C:\TDSSKiller.3.1.0.15_05.09.2017_16.03.38_log.txt
2017-09-05 16:02 - 2017-09-05 16:02 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_16.02.32_log.txt
2017-09-05 15:39 - 2017-09-05 15:40 - 000076570 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.39.13_log.txt
2017-09-05 15:38 - 2017-09-05 15:38 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.38.39_log.txt
2017-09-05 15:37 - 2017-09-05 15:37 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.37.25_log.txt
2017-09-05 14:53 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145355.backup
2017-09-05 14:52 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145250.backup
2017-09-05 14:51 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145107.backup
2017-09-05 14:51 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145104.backup
2017-09-05 14:50 - 2017-09-05 14:50 - 000002430 _____ C:\Windows\System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task
2017-09-05 14:50 - 2017-09-05 14:50 - 000002424 _____ C:\Windows\System32\Tasks\Spybot - Search & Destroy - Scheduled Task
2017-09-05 14:50 - 2017-09-05 14:50 - 000000280 _____ C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
2017-09-05 14:50 - 2017-09-05 14:50 - 000000272 _____ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144754.backup
2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144739.backup
2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144731.backup
2017-09-05 14:35 - 2017-09-06 20:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-05 12:28 - 2017-09-05 12:28 - 000000000 ____D C:\Users\David\AppData\Local\VirtualStore
2017-08-26 00:59 - 2017-08-26 00:59 - 000000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-26 00:29 - 2017-08-26 00:29 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-08-26 00:24 - 2017-09-06 10:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-08-26 00:14 - 2017-08-26 00:14 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-26 00:05 - 2017-08-26 00:05 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-08-26 00:00 - 2017-09-06 10:13 - 000000000 ____D C:\Program Files (x86)\Avira
2017-08-26 00:00 - 2017-09-06 10:11 - 000000000 ____D C:\ProgramData\Avira
2017-08-25 23:44 - 2017-08-25 23:44 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2017-08-25 23:02 - 2017-08-25 23:03 - 066347240 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-08-25 23:01 - 2017-08-25 23:01 - 013994341 _____ C:\Users\David\Downloads\Malwarebytes-3.0.2.422.dmg
2017-08-25 23:01 - 2017-08-25 23:01 - 002950368 _____ (Malwarebytes ) C:\Users\David\Downloads\DE38.tmp
2017-08-25 21:03 - 2017-08-25 21:03 - 000000000 ____D C:\Users\David\AppData\Roaming\WildTangent==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-07 14:14 - 2009-07-14 06:13 - 000726444 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-07 14:14 - 2009-07-14 05:45 - 000016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-07 14:14 - 2009-07-14 05:45 - 000016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-07 14:14 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-09-07 11:53 - 2013-08-13 17:55 - 000000000 ____D C:\Windows\Minidump
2017-09-07 11:53 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-07 09:33 - 2016-12-24 11:25 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2017-09-07 09:00 - 2016-12-24 11:25 - 000001267 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-07 09:00 - 2016-12-24 11:25 - 000000000 ____D C:\Users\David\AppData\Local\Google
2017-09-07 09:00 - 2009-09-04 15:37 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-07 08:50 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-06 21:14 - 2010-03-26 17:04 - 000000000 ____D C:\Users\sheila
2017-09-06 21:05 - 2016-12-24 11:25 - 000079608 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-06 21:01 - 2014-06-06 10:43 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-06 19:39 - 2010-04-05 10:29 - 000000000 ____D C:\ProgramData\Skype
2017-09-06 15:49 - 2010-03-26 17:14 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D8565A64-2DD8-4256-A825-4966D8602269}
2017-09-06 09:33 - 2009-07-14 03:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20170906-232217.backup
2017-09-05 20:48 - 2014-04-06 17:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-05 20:40 - 2011-10-27 18:31 - 000000000 ____D C:\Program Files\Java
2017-09-05 19:08 - 2011-08-26 08:37 - 000000000 ____D C:\Program Files\Defraggler
2017-09-05 18:52 - 2009-07-14 03:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20170906-093309.backup
2017-09-05 18:03 - 2016-12-24 11:24 - 000000000 ____D C:\Users\David
2017-09-05 17:48 - 2016-10-30 23:36 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-05 17:25 - 2015-11-08 00:56 - 000000000 ____D C:\ProgramData\Avg
2017-09-05 17:22 - 2015-01-18 20:36 - 000000000 ____D C:\ProgramData\MFAData
2017-09-05 14:52 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-05 13:04 - 2016-12-23 15:22 - 000000000 ____D C:\ProgramData\HitmanPro
2017-08-26 06:28 - 2014-06-07 11:48 - 000000000 ____D C:\Program Files (x86)\WildGames
2017-08-26 06:28 - 2014-06-06 11:06 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2017-08-26 06:28 - 2011-10-28 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-08-26 06:28 - 2011-08-26 08:33 - 000000000 ____D C:\Program Files\CCleaner
2017-08-26 06:28 - 2009-09-04 15:41 - 000000000 ____D C:\ProgramData\WildTangent
2017-08-26 06:28 - 2009-09-04 15:41 - 000000000 ____D C:\Program Files (x86)\TOSHIBA Games
2017-08-26 06:28 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-26 06:20 - 2009-07-14 08:44 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-08-26 06:19 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2017-08-26 06:17 - 2009-09-04 15:38 - 000000000 ____D C:\Program Files\Google
2017-08-26 06:17 - 2009-09-04 15:37 - 000000000 ____D C:\ProgramData\Google
2017-08-26 00:59 - 2011-10-27 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-26 00:22 - 2016-12-11 18:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-08-25 22:36 - 2012-11-23 15:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-25 22:36 - 2012-11-23 15:48 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-25 22:36 - 2012-11-23 15:48 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-25 22:36 - 2011-08-24 08:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-25 22:36 - 2010-04-09 16:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed==================== Files in the root of some directories =======
2016-12-26 13:45 - 2016-12-26 23:31 - 000007596 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2016-12-24 23:42 - 2016-12-24 23:42 - 000000000 _____ () C:\Users\David\AppData\Local\{8AF5B394-B7D7-48E6-BBE1-A153E694DCE0}
2010-04-05 10:41 - 2010-04-05 10:41 - 000000056 _____ () C:\ProgramData\ezsidmv.dat==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-11-04 11:48
==================== End of FRST.txt ============================
-
Thanks Kevin, just seen this, will get back to you. C
-
Hi, brand new here; my aged mother wanted me to bin her old Toshiba L500 laptop, running on Windows 7, because it won't run anymore.
I thought i'd try and save it from the landfill, but not having much luck running the scan, it's finding several hundred threats, i think they are PUP malware, but something always shuts it down at the final heuristic stage, any suggestions?? C.
Trying to fix old Satellite Laptop
in Resolved Malware Removal Logs
Posted
ok thanks c