Jump to content

CliffL62

Members
  • Posts

    13
  • Joined

  • Last visited

Posts posted by CliffL62

  1. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
    Ran by David (07-09-2017 15:44:29)
    Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMSBPP5
    Windows 7 Home Premium (X64) (2010-03-26 16:04:52)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1824231826-1585140496-3392153557-500 - Administrator - Disabled)
    David (S-1-5-21-1824231826-1585140496-3392153557-1003 - Administrator - Enabled) => C:\Users\David
    Guest (S-1-5-21-1824231826-1585140496-3392153557-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1824231826-1585140496-3392153557-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
    Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
    Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    ArcSoft MediaImpression 2 (HKLM-x32\...\{46A1DD68-49E2-48DC-8B9F-142E6FE39223}) (Version: 2.0.90.1225 - ArcSoft)
    CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
    eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.)
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    GoToAssist Corporate (HKLM-x32\...\{DAB5C521-80B2-48C3-B0DA-326A1B331F55}) (Version: 9.0.570 - Citrix) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
    Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
    Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler 1st Frame (HKLM-x32\...\WTA-0d70fa77-8446-4f2e-aaa2-bd71243bbbbf) (Version: 3.0.2.59 - WildTangent) Hidden
    Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
    Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)
    TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.10.64 - TOSHIBA Corporation)
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
    Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
    Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
    Toshiba Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)
    TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
    Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.05 - Toshiba Europe GmbH)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
    TRORMCLauncher (HKLM\...\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.7 - TOSHIBA) Hidden
    TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.9 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => C:\Program Files\TOSHIBA\TOSHIBA SD Memory Utilities\\SDFMTEXT.dll [2009-03-20] (TOSHIBA Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation)
    ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {19E9FF49-9465-4F21-8A99-F2E95846BD74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
    Task: {1CDB2C3C-D641-4C41-AB7E-8AACCADB440A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
    Task: {41CD63AC-313B-4343-8FE1-0B0E7C790241} - System32\Tasks\{ADBF5E60-BB24-4318-B68A-104197C59287} => C:\Windows\system32\pcalua.exe -a C:\Users\sheila\Downloads\intel_d3327228768d377.exe -d C:\Users\sheila\Downloads
    Task: {531AB538-4266-46A3-9243-E4E3E9D41673} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe <==== ATTENTION
    Task: {D3509851-51B9-4888-B723-F8429955EF83} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2017-08-26] (AO Kaspersky Lab)
    Task: {F4F05E5B-0B67-43A3-8516-C25605FFD2A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-25] (Adobe Systems Incorporated)
    Task: {FBFC5610-7818-48F0-ADE0-8D7B6F6F0399} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SDUpdate.exe <==== ATTENTION
    Task: {FFEA8115-EBC1-43A0-8D9C-F398BC227A01} - System32\Tasks\{0C40AD06-37F2-4835-A8D1-EBB0117A5A7F} => C:\Program Files (x86)\Skype\Phone\Skype.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SDUpdate.exe <==== ATTENTION

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-09-05 18:42 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-09-05 18:42 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-09-05 18:42 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-09-05 18:42 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7936 more sites.

    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123simsen.com -> www.123simsen.com

    There are 7936 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2017-09-06 23:22 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    10sek.com
    127.0.0.1    www.10sek.com
    127.0.0.1    www.1-2005-search.com
    127.0.0.1    1-2005-search.com
    127.0.0.1    123fporn.info
    127.0.0.1    www.123fporn.info
    127.0.0.1    www.123haustiereundmehr.com
    127.0.0.1    123haustiereundmehr.com
    127.0.0.1    123moviedownload.com
    127.0.0.1    www.123moviedownload.com

    There are 15600 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
    MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    MSCONFIG\startupreg: TOSHIBA Online Product Information => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
    MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
    MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
    MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D7E778CB-2271-4B6D-8B0F-10303A42A5A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{A73D1CF5-E068-4097-99CC-09083E678DAE}] => (Allow) svchost.exe
    FirewallRules: [{10BA38BD-56C5-45C3-AB44-3EB07B7ED85C}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{C8548076-DC2D-4DF1-BD30-759291A56722}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{A786BE1E-CB41-4F03-BAC6-CC1A1D815188}] => (Allow) LPort=2869
    FirewallRules: [{D538B225-3813-460E-BEA9-C54260EDDB12}] => (Allow) LPort=1900
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/07/2017 11:51:56 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
    Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
    Exception code: 0xc0000005
    Fault offset: 0x00000000000199b5
    Faulting process id: 0xd24
    Faulting application start time: 0x01d327c744d9767e
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    Report Id: 903aadb2-93ba-11e7-84cf-705ab6702014

    Error: (09/07/2017 11:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
    Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
    Exception code: 0xc0000005
    Fault offset: 0x0000000000017971
    Faulting process id: 0x918
    Faulting application start time: 0x01d327c71cdb7803
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    Report Id: 7bbeb636-93ba-11e7-84cf-705ab6702014

    Error: (09/07/2017 11:49:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
    Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
    Exception code: 0xc0000005
    Fault offset: 0x00000000000192b7
    Faulting process id: 0x924
    Faulting application start time: 0x01d327c6f3b18c26
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    Report Id: 3bca7d9a-93ba-11e7-84cf-705ab6702014

    Error: (09/07/2017 11:48:26 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
    Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
    Exception code: 0xc0000005
    Fault offset: 0x0000000000016f11
    Faulting process id: 0x1f4
    Faulting application start time: 0x01d327b48af4e88c
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    Report Id: 133b4b2f-93ba-11e7-84cf-705ab6702014

    Error: (09/07/2017 09:37:17 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
    Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
    Exception code: 0xc0000005
    Fault offset: 0x0000000000017971
    Faulting process id: 0x83c
    Faulting application start time: 0x01d327b35082a4fa
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    Report Id: c1033fe9-93a7-11e7-84cf-705ab6702014

    Error: (09/07/2017 09:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
    Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
    Exception code: 0xc0000005
    Fault offset: 0x0000000000122e46
    Faulting process id: 0x960
    Faulting application start time: 0x01d327b2f41947f4
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
    Report Id: 3c36fc28-93a6-11e7-8c42-705ab6702014

    Error: (09/07/2017 09:25:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
    Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
    Exception code: 0xc0000005
    Fault offset: 0x0000000000122e46
    Faulting process id: 0xde0
    Faulting application start time: 0x01d327b2e29ab48e
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
    Report Id: 28cb9c04-93a6-11e7-8c42-705ab6702014

    Error: (09/07/2017 09:25:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
    Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
    Exception code: 0xc0000005
    Fault offset: 0x0000000000122e46
    Faulting process id: 0x9e0
    Faulting application start time: 0x01d327b2d126d433
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
    Report Id: 1759de90-93a6-11e7-8c42-705ab6702014

    Error: (09/07/2017 09:25:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1
    Faulting module name: Qt5Qml.dll, version: 5.6.2.0, time stamp: 0x594d4621
    Exception code: 0xc0000005
    Fault offset: 0x000aaf25
    Faulting process id: 0xc90
    Faulting application start time: 0x01d327b23257f960
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
    Report Id: 0c149291-93a6-11e7-8c42-705ab6702014

    Error: (09/07/2017 09:24:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
    Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
    Exception code: 0xc0000005
    Fault offset: 0x0000000000122e46
    Faulting process id: 0x8a0
    Faulting application start time: 0x01d327b2bf946ee5
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
    Report Id: 04cee4cf-93a6-11e7-8c42-705ab6702014


    System errors:
    =============
    Error: (09/07/2017 03:42:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.

    Error: (09/07/2017 12:37:45 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (09/07/2017 11:54:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
    Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Error: (09/07/2017 11:53:39 AM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000588b4, 0x0000000000000002, 0x00000000000588b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090717-23368-01.

    Error: (09/07/2017 11:53:32 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:51:25 on ‎07/‎09/‎2017 was unexpected.


    CodeIntegrity:
    ===================================
      Date: 2017-09-07 15:43:55.787
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

      Date: 2017-09-07 15:43:55.132
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

      Date: 2017-09-07 15:43:54.337
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

      Date: 2017-09-07 15:43:53.432
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

      Date: 2017-09-07 11:54:20.580
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

      Date: 2017-09-07 09:29:16.997
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

      Date: 2017-09-07 08:46:20.634
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

      Date: 2017-09-06 22:01:22.699
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

      Date: 2017-09-06 22:01:22.106
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

      Date: 2017-09-06 21:23:47.511
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.


    ==================== Memory info =========================== 

    Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz
    Percentage of memory in use: 45%
    Total physical RAM: 2936.87 MB
    Available physical RAM: 1596.54 MB
    Total Virtual: 5871.88 MB
    Available Virtual: 4160.52 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:116.44 GB) (Free:62.14 GB) NTFS
    Drive d: (Data) (Fixed) (Total:116.05 GB) (Free:109.32 GB) NTFS
    Drive e: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
    Drive f: () (Removable) (Total:1.87 GB) (Free:1.44 GB) FAT
    Drive g: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.17 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F90D3CF3)
    Partition 1: (Active) - (Size=400 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=116.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=116.1 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 1.9 GB) (Disk ID: 00BC17FA)
    Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

    ==================== End of Addition.txt ============================

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
    Ran by David (administrator) on SHEILA-TOSHIBA (07-09-2017 15:43:38)
    Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMSBPP5
    Loaded Profiles: David (Available Profiles: David)
    Platform: Windows 7 Home Premium (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [RestrictRun] 0
    HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
    HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\Policies\Explorer: [RestrictRun] 0
    HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04]
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04]
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{272014C2-587F-448B-8071-CEA0C481CF21}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
    SearchScopes: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> {2845B4D9-7165-45EB-981F-1788342FA76B} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
    SearchScopes: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> {49E0392F-484F-4545-99FF-1AC27A78F31F} URL = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-10-27] (Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    Toolbar: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    FireFox:
    ========
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2011-10-27] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-06] ()

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-02] (WildTangent)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-09-05] ()
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-07] (Malwarebytes)
    S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-07] (Malwarebytes)
    S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-07] (Malwarebytes)
    S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-07] (Malwarebytes)
    R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation )

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-07 15:43 - 2017-09-07 15:43 - 000000000 ____D C:\FRST
    2017-09-07 11:53 - 2017-09-07 11:53 - 313502155 _____ C:\Windows\MEMORY.DMP
    2017-09-07 11:53 - 2017-09-07 11:53 - 000276640 _____ C:\Windows\Minidump\090717-23368-01.dmp
    2017-09-07 09:29 - 2017-09-07 11:51 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-09-07 09:14 - 2017-09-07 11:54 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-09-07 09:14 - 2017-09-07 11:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-09-07 09:14 - 2017-09-07 11:51 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-09-07 09:14 - 2017-09-07 09:14 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-09-07 09:14 - 2017-09-07 09:14 - 000001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-09-07 09:14 - 2017-09-07 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-09-07 09:14 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-09-06 20:30 - 2017-09-06 20:30 - 000338960 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-09-06 19:51 - 2017-09-06 19:51 - 000003168 _____ C:\Windows\System32\Tasks\{ADBF5E60-BB24-4318-B68A-104197C59287}
    2017-09-06 16:09 - 2017-09-06 16:12 - 000000000 ____D C:\22cc4209c89321e6912b0e
    2017-09-06 09:11 - 2017-09-06 09:11 - 1442316288 _____ C:\bstB4CE.tmp
    2017-09-06 08:56 - 2017-09-06 08:56 - 000000000 ____D C:\Users\David\AppData\Roaming\GlarySoft
    2017-09-05 23:47 - 2017-09-05 23:47 - 000000000 ____D C:\Windows\system32\%LOCALAPPDATA%
    2017-09-05 20:39 - 2017-09-05 20:40 - 000000000 ____D C:\ProgramData\Oracle
    2017-09-05 19:08 - 2017-09-06 08:06 - 000001888 _____ C:\Users\Public\Desktop\Defraggler.lnk
    2017-09-05 19:07 - 2017-09-05 19:07 - 004619752 _____ (Piriform Ltd) C:\Users\David\Downloads\dfsetup221.exe
    2017-09-05 18:52 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-185222.backup
    2017-09-05 18:43 - 2017-09-05 18:43 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2017-09-05 18:43 - 2017-09-05 18:43 - 000001350 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2017-09-05 18:43 - 2017-09-05 18:43 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2017-09-05 18:43 - 2017-09-05 18:43 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2017-09-05 18:43 - 2017-09-05 18:43 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2017-09-05 18:43 - 2017-09-05 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2017-09-05 18:42 - 2017-09-05 18:43 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-09-05 18:42 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
    2017-09-05 18:41 - 2017-09-05 18:42 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\David\Downloads\spybotsd-2.6.46.exe
    2017-09-05 18:20 - 2017-09-05 18:21 - 000000000 ____D C:\Users\David\AppData\Roaming\Device Doctor
    2017-09-05 18:08 - 2017-09-06 09:14 - 000000000 ____D C:\32788R22FWJFW
    2017-09-05 17:26 - 2017-09-06 20:04 - 000000000 ____D C:\AdwCleaner
    2017-09-05 16:28 - 2017-09-05 17:58 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
    2017-09-05 16:03 - 2017-09-05 16:04 - 000215710 _____ C:\TDSSKiller.3.1.0.15_05.09.2017_16.03.38_log.txt
    2017-09-05 16:02 - 2017-09-05 16:02 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_16.02.32_log.txt
    2017-09-05 15:39 - 2017-09-05 15:40 - 000076570 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.39.13_log.txt
    2017-09-05 15:38 - 2017-09-05 15:38 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.38.39_log.txt
    2017-09-05 15:37 - 2017-09-05 15:37 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.37.25_log.txt
    2017-09-05 14:53 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145355.backup
    2017-09-05 14:52 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145250.backup
    2017-09-05 14:51 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145107.backup
    2017-09-05 14:51 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145104.backup
    2017-09-05 14:50 - 2017-09-05 14:50 - 000002430 _____ C:\Windows\System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task
    2017-09-05 14:50 - 2017-09-05 14:50 - 000002424 _____ C:\Windows\System32\Tasks\Spybot - Search & Destroy -  Scheduled Task
    2017-09-05 14:50 - 2017-09-05 14:50 - 000000280 _____ C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
    2017-09-05 14:50 - 2017-09-05 14:50 - 000000272 _____ C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
    2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144754.backup
    2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144739.backup
    2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144731.backup
    2017-09-05 14:35 - 2017-09-06 20:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-09-05 12:28 - 2017-09-05 12:28 - 000000000 ____D C:\Users\David\AppData\Local\VirtualStore
    2017-08-26 00:59 - 2017-08-26 00:59 - 000000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2017-08-26 00:29 - 2017-08-26 00:29 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
    2017-08-26 00:24 - 2017-09-06 10:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab
    2017-08-26 00:14 - 2017-08-26 00:14 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-08-26 00:05 - 2017-08-26 00:05 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
    2017-08-26 00:00 - 2017-09-06 10:13 - 000000000 ____D C:\Program Files (x86)\Avira
    2017-08-26 00:00 - 2017-09-06 10:11 - 000000000 ____D C:\ProgramData\Avira
    2017-08-25 23:44 - 2017-08-25 23:44 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
    2017-08-25 23:02 - 2017-08-25 23:03 - 066347240 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.2.2.2018.exe
    2017-08-25 23:01 - 2017-08-25 23:01 - 013994341 _____ C:\Users\David\Downloads\Malwarebytes-3.0.2.422.dmg
    2017-08-25 23:01 - 2017-08-25 23:01 - 002950368 _____ (Malwarebytes ) C:\Users\David\Downloads\DE38.tmp
    2017-08-25 21:03 - 2017-08-25 21:03 - 000000000 ____D C:\Users\David\AppData\Roaming\WildTangent

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-07 14:14 - 2009-07-14 06:13 - 000726444 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-09-07 14:14 - 2009-07-14 05:45 - 000016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-09-07 14:14 - 2009-07-14 05:45 - 000016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-09-07 14:14 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
    2017-09-07 11:53 - 2013-08-13 17:55 - 000000000 ____D C:\Windows\Minidump
    2017-09-07 11:53 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-07 09:33 - 2016-12-24 11:25 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
    2017-09-07 09:00 - 2016-12-24 11:25 - 000001267 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-09-07 09:00 - 2016-12-24 11:25 - 000000000 ____D C:\Users\David\AppData\Local\Google
    2017-09-07 09:00 - 2009-09-04 15:37 - 000000000 ____D C:\Program Files (x86)\Google
    2017-09-07 08:50 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-09-06 21:14 - 2010-03-26 17:04 - 000000000 ____D C:\Users\sheila
    2017-09-06 21:05 - 2016-12-24 11:25 - 000079608 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-09-06 21:01 - 2014-06-06 10:43 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2017-09-06 19:39 - 2010-04-05 10:29 - 000000000 ____D C:\ProgramData\Skype
    2017-09-06 15:49 - 2010-03-26 17:14 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D8565A64-2DD8-4256-A825-4966D8602269}
    2017-09-06 09:33 - 2009-07-14 03:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20170906-232217.backup
    2017-09-05 20:48 - 2014-04-06 17:08 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-09-05 20:40 - 2011-10-27 18:31 - 000000000 ____D C:\Program Files\Java
    2017-09-05 19:08 - 2011-08-26 08:37 - 000000000 ____D C:\Program Files\Defraggler
    2017-09-05 18:52 - 2009-07-14 03:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20170906-093309.backup
    2017-09-05 18:03 - 2016-12-24 11:24 - 000000000 ____D C:\Users\David
    2017-09-05 17:48 - 2016-10-30 23:36 - 000000000 ____D C:\Program Files\Common Files\AV
    2017-09-05 17:25 - 2015-11-08 00:56 - 000000000 ____D C:\ProgramData\Avg
    2017-09-05 17:22 - 2015-01-18 20:36 - 000000000 ____D C:\ProgramData\MFAData
    2017-09-05 14:52 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
    2017-09-05 13:04 - 2016-12-23 15:22 - 000000000 ____D C:\ProgramData\HitmanPro
    2017-08-26 06:28 - 2014-06-07 11:48 - 000000000 ____D C:\Program Files (x86)\WildGames
    2017-08-26 06:28 - 2014-06-06 11:06 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
    2017-08-26 06:28 - 2011-10-28 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
    2017-08-26 06:28 - 2011-08-26 08:33 - 000000000 ____D C:\Program Files\CCleaner
    2017-08-26 06:28 - 2009-09-04 15:41 - 000000000 ____D C:\ProgramData\WildTangent
    2017-08-26 06:28 - 2009-09-04 15:41 - 000000000 ____D C:\Program Files (x86)\TOSHIBA Games
    2017-08-26 06:28 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2017-08-26 06:20 - 2009-07-14 08:44 - 000000000 ___RD C:\Users\Public\Recorded TV
    2017-08-26 06:19 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
    2017-08-26 06:17 - 2009-09-04 15:38 - 000000000 ____D C:\Program Files\Google
    2017-08-26 06:17 - 2009-09-04 15:37 - 000000000 ____D C:\ProgramData\Google
    2017-08-26 00:59 - 2011-10-27 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2017-08-26 00:22 - 2016-12-11 18:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2017-08-25 22:36 - 2012-11-23 15:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-08-25 22:36 - 2012-11-23 15:48 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-08-25 22:36 - 2012-11-23 15:48 - 000000000 ____D C:\Windows\system32\Macromed
    2017-08-25 22:36 - 2011-08-24 08:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-08-25 22:36 - 2010-04-09 16:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed

    ==================== Files in the root of some directories =======

    2016-12-26 13:45 - 2016-12-26 23:31 - 000007596 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
    2016-12-24 23:42 - 2016-12-24 23:42 - 000000000 _____ () C:\Users\David\AppData\Local\{8AF5B394-B7D7-48E6-BBE1-A153E694DCE0}
    2010-04-05 10:41 - 2010-04-05 10:41 - 000000056 _____ () C:\ProgramData\ezsidmv.dat

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-11-04 11:48

    ==================== End of FRST.txt ============================

  2. Hi, brand new here; my aged mother wanted me to bin her old Toshiba L500 laptop, running on Windows 7, because it won't run anymore.
    I thought i'd try and save it from the landfill, but not having much luck running the scan, it's finding several hundred threats, i think they are PUP malware, but something always shuts it down at the final heuristic stage, any suggestions?? C.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.