Jump to content

Trying to fix old Satellite Laptop


CliffL62
 Share

Recommended Posts

Hi, brand new here; my aged mother wanted me to bin her old Toshiba L500 laptop, running on Windows 7, because it won't run anymore.
I thought i'd try and save it from the landfill, but not having much luck running the scan, it's finding several hundred threats, i think they are PUP malware, but something always shuts it down at the final heuristic stage, any suggestions?? C.

Link to post
Share on other sites

Hello CliffL62 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply..

THank you,

Kevin
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by David (07-09-2017 15:44:29)
Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMSBPP5
Windows 7 Home Premium (X64) (2010-03-26 16:04:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1824231826-1585140496-3392153557-500 - Administrator - Disabled)
David (S-1-5-21-1824231826-1585140496-3392153557-1003 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1824231826-1585140496-3392153557-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1824231826-1585140496-3392153557-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
ArcSoft MediaImpression 2 (HKLM-x32\...\{46A1DD68-49E2-48DC-8B9F-142E6FE39223}) (Version: 2.0.90.1225 - ArcSoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\{DAB5C521-80B2-48C3-B0DA-326A1B331F55}) (Version: 9.0.570 - Citrix) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-0d70fa77-8446-4f2e-aaa2-bd71243bbbbf) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.10.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
Toshiba Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.05 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TRORMCLauncher (HKLM\...\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.7 - TOSHIBA) Hidden
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => C:\Program Files\TOSHIBA\TOSHIBA SD Memory Utilities\\SDFMTEXT.dll [2009-03-20] (TOSHIBA Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-08-27] (Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19E9FF49-9465-4F21-8A99-F2E95846BD74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {1CDB2C3C-D641-4C41-AB7E-8AACCADB440A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {41CD63AC-313B-4343-8FE1-0B0E7C790241} - System32\Tasks\{ADBF5E60-BB24-4318-B68A-104197C59287} => C:\Windows\system32\pcalua.exe -a C:\Users\sheila\Downloads\intel_d3327228768d377.exe -d C:\Users\sheila\Downloads
Task: {531AB538-4266-46A3-9243-E4E3E9D41673} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe <==== ATTENTION
Task: {D3509851-51B9-4888-B723-F8429955EF83} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2017-08-26] (AO Kaspersky Lab)
Task: {F4F05E5B-0B67-43A3-8516-C25605FFD2A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-25] (Adobe Systems Incorporated)
Task: {FBFC5610-7818-48F0-ADE0-8D7B6F6F0399} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SDUpdate.exe <==== ATTENTION
Task: {FFEA8115-EBC1-43A0-8D9C-F398BC227A01} - System32\Tasks\{0C40AD06-37F2-4835-A8D1-EBB0117A5A7F} => C:\Program Files (x86)\Skype\Phone\Skype.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SpybotSD.exe <==== ATTENTION
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Users\sheila\AppData\Local\Temp\HBCD\SpybotSD\SDUpdate.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-05 18:42 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-09-05 18:42 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-09-05 18:42 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-09-05 18:42 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-09-06 23:22 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15600 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TOSHIBA Online Product Information => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D7E778CB-2271-4B6D-8B0F-10303A42A5A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A73D1CF5-E068-4097-99CC-09083E678DAE}] => (Allow) svchost.exe
FirewallRules: [{10BA38BD-56C5-45C3-AB44-3EB07B7ED85C}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{C8548076-DC2D-4DF1-BD30-759291A56722}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A786BE1E-CB41-4F03-BAC6-CC1A1D815188}] => (Allow) LPort=2869
FirewallRules: [{D538B225-3813-460E-BEA9-C54260EDDB12}] => (Allow) LPort=1900
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2017 11:51:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x00000000000199b5
Faulting process id: 0xd24
Faulting application start time: 0x01d327c744d9767e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: 903aadb2-93ba-11e7-84cf-705ab6702014

Error: (09/07/2017 11:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x0000000000017971
Faulting process id: 0x918
Faulting application start time: 0x01d327c71cdb7803
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: 7bbeb636-93ba-11e7-84cf-705ab6702014

Error: (09/07/2017 11:49:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x00000000000192b7
Faulting process id: 0x924
Faulting application start time: 0x01d327c6f3b18c26
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: 3bca7d9a-93ba-11e7-84cf-705ab6702014

Error: (09/07/2017 11:48:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x0000000000016f11
Faulting process id: 0x1f4
Faulting application start time: 0x01d327b48af4e88c
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: 133b4b2f-93ba-11e7-84cf-705ab6702014

Error: (09/07/2017 09:37:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MwacLib.dll, version: 3.0.0.257, time stamp: 0x599de456
Exception code: 0xc0000005
Fault offset: 0x0000000000017971
Faulting process id: 0x83c
Faulting application start time: 0x01d327b35082a4fa
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
Report Id: c1033fe9-93a7-11e7-84cf-705ab6702014

Error: (09/07/2017 09:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
Exception code: 0xc0000005
Fault offset: 0x0000000000122e46
Faulting process id: 0x960
Faulting application start time: 0x01d327b2f41947f4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: 3c36fc28-93a6-11e7-8c42-705ab6702014

Error: (09/07/2017 09:25:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
Exception code: 0xc0000005
Fault offset: 0x0000000000122e46
Faulting process id: 0xde0
Faulting application start time: 0x01d327b2e29ab48e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: 28cb9c04-93a6-11e7-8c42-705ab6702014

Error: (09/07/2017 09:25:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
Exception code: 0xc0000005
Fault offset: 0x0000000000122e46
Faulting process id: 0x9e0
Faulting application start time: 0x01d327b2d126d433
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: 1759de90-93a6-11e7-8c42-705ab6702014

Error: (09/07/2017 09:25:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1
Faulting module name: Qt5Qml.dll, version: 5.6.2.0, time stamp: 0x594d4621
Exception code: 0xc0000005
Fault offset: 0x000aaf25
Faulting process id: 0xc90
Faulting application start time: 0x01d327b23257f960
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
Report Id: 0c149291-93a6-11e7-8c42-705ab6702014

Error: (09/07/2017 09:24:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: MBAMCore.dll, version: 3.0.0.584, time stamp: 0x5988b5b9
Exception code: 0xc0000005
Fault offset: 0x0000000000122e46
Faulting process id: 0x8a0
Faulting application start time: 0x01d327b2bf946ee5
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: 04cee4cf-93a6-11e7-8c42-705ab6702014


System errors:
=============
Error: (09/07/2017 03:42:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/07/2017 03:42:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/07/2017 12:37:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/07/2017 11:54:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/07/2017 11:53:39 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000588b4, 0x0000000000000002, 0x00000000000588b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090717-23368-01.

Error: (09/07/2017 11:53:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:51:25 on ‎07/‎09/‎2017 was unexpected.


CodeIntegrity:
===================================
  Date: 2017-09-07 15:43:55.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-07 15:43:55.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-07 15:43:54.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-07 15:43:53.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-07 11:54:20.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-07 09:29:16.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-07 08:46:20.634
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-06 22:01:22.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-06 22:01:22.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-06 21:23:47.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz
Percentage of memory in use: 45%
Total physical RAM: 2936.87 MB
Available physical RAM: 1596.54 MB
Total Virtual: 5871.88 MB
Available Virtual: 4160.52 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:116.44 GB) (Free:62.14 GB) NTFS
Drive d: (Data) (Fixed) (Total:116.05 GB) (Free:109.32 GB) NTFS
Drive e: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:1.87 GB) (Free:1.44 GB) FAT
Drive g: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.17 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F90D3CF3)
Partition 1: (Active) - (Size=400 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00BC17FA)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by David (administrator) on SHEILA-TOSHIBA (07-09-2017 15:43:38)
Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WMSBPP5
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-04]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{272014C2-587F-448B-8071-CEA0C481CF21}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1824231826-1585140496-3392153557-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
SearchScopes: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> {2845B4D9-7165-45EB-981F-1788342FA76B} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> {49E0392F-484F-4545-99FF-1AC27A78F31F} URL = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-10-27] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-1824231826-1585140496-3392153557-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2011-10-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-06] ()

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-02] (WildTangent)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-09-05] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-07] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-07] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-07] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-07] (Malwarebytes)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-07 15:43 - 2017-09-07 15:43 - 000000000 ____D C:\FRST
2017-09-07 11:53 - 2017-09-07 11:53 - 313502155 _____ C:\Windows\MEMORY.DMP
2017-09-07 11:53 - 2017-09-07 11:53 - 000276640 _____ C:\Windows\Minidump\090717-23368-01.dmp
2017-09-07 09:29 - 2017-09-07 11:51 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-07 09:14 - 2017-09-07 11:54 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-07 09:14 - 2017-09-07 11:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-07 09:14 - 2017-09-07 11:51 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-07 09:14 - 2017-09-07 09:14 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-07 09:14 - 2017-09-07 09:14 - 000001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-07 09:14 - 2017-09-07 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-07 09:14 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-06 20:30 - 2017-09-06 20:30 - 000338960 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-06 19:51 - 2017-09-06 19:51 - 000003168 _____ C:\Windows\System32\Tasks\{ADBF5E60-BB24-4318-B68A-104197C59287}
2017-09-06 16:09 - 2017-09-06 16:12 - 000000000 ____D C:\22cc4209c89321e6912b0e
2017-09-06 09:11 - 2017-09-06 09:11 - 1442316288 _____ C:\bstB4CE.tmp
2017-09-06 08:56 - 2017-09-06 08:56 - 000000000 ____D C:\Users\David\AppData\Roaming\GlarySoft
2017-09-05 23:47 - 2017-09-05 23:47 - 000000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2017-09-05 20:39 - 2017-09-05 20:40 - 000000000 ____D C:\ProgramData\Oracle
2017-09-05 19:08 - 2017-09-06 08:06 - 000001888 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-09-05 19:07 - 2017-09-05 19:07 - 004619752 _____ (Piriform Ltd) C:\Users\David\Downloads\dfsetup221.exe
2017-09-05 18:52 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-185222.backup
2017-09-05 18:43 - 2017-09-05 18:43 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-09-05 18:43 - 2017-09-05 18:43 - 000001350 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-09-05 18:43 - 2017-09-05 18:43 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-09-05 18:43 - 2017-09-05 18:43 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-09-05 18:43 - 2017-09-05 18:43 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-09-05 18:43 - 2017-09-05 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-09-05 18:42 - 2017-09-05 18:43 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-09-05 18:42 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-09-05 18:41 - 2017-09-05 18:42 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\David\Downloads\spybotsd-2.6.46.exe
2017-09-05 18:20 - 2017-09-05 18:21 - 000000000 ____D C:\Users\David\AppData\Roaming\Device Doctor
2017-09-05 18:08 - 2017-09-06 09:14 - 000000000 ____D C:\32788R22FWJFW
2017-09-05 17:26 - 2017-09-06 20:04 - 000000000 ____D C:\AdwCleaner
2017-09-05 16:28 - 2017-09-05 17:58 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-09-05 16:03 - 2017-09-05 16:04 - 000215710 _____ C:\TDSSKiller.3.1.0.15_05.09.2017_16.03.38_log.txt
2017-09-05 16:02 - 2017-09-05 16:02 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_16.02.32_log.txt
2017-09-05 15:39 - 2017-09-05 15:40 - 000076570 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.39.13_log.txt
2017-09-05 15:38 - 2017-09-05 15:38 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.38.39_log.txt
2017-09-05 15:37 - 2017-09-05 15:37 - 000000354 _____ C:\TDSSKiller.2.8.15.0_05.09.2017_15.37.25_log.txt
2017-09-05 14:53 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145355.backup
2017-09-05 14:52 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145250.backup
2017-09-05 14:51 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145107.backup
2017-09-05 14:51 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-145104.backup
2017-09-05 14:50 - 2017-09-05 14:50 - 000002430 _____ C:\Windows\System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task
2017-09-05 14:50 - 2017-09-05 14:50 - 000002424 _____ C:\Windows\System32\Tasks\Spybot - Search & Destroy -  Scheduled Task
2017-09-05 14:50 - 2017-09-05 14:50 - 000000280 _____ C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2017-09-05 14:50 - 2017-09-05 14:50 - 000000272 _____ C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144754.backup
2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144739.backup
2017-09-05 14:47 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170905-144731.backup
2017-09-05 14:35 - 2017-09-06 20:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-05 12:28 - 2017-09-05 12:28 - 000000000 ____D C:\Users\David\AppData\Local\VirtualStore
2017-08-26 00:59 - 2017-08-26 00:59 - 000000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-26 00:29 - 2017-08-26 00:29 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-08-26 00:24 - 2017-09-06 10:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-08-26 00:14 - 2017-08-26 00:14 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-26 00:05 - 2017-08-26 00:05 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-08-26 00:00 - 2017-09-06 10:13 - 000000000 ____D C:\Program Files (x86)\Avira
2017-08-26 00:00 - 2017-09-06 10:11 - 000000000 ____D C:\ProgramData\Avira
2017-08-25 23:44 - 2017-08-25 23:44 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2017-08-25 23:02 - 2017-08-25 23:03 - 066347240 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-08-25 23:01 - 2017-08-25 23:01 - 013994341 _____ C:\Users\David\Downloads\Malwarebytes-3.0.2.422.dmg
2017-08-25 23:01 - 2017-08-25 23:01 - 002950368 _____ (Malwarebytes ) C:\Users\David\Downloads\DE38.tmp
2017-08-25 21:03 - 2017-08-25 21:03 - 000000000 ____D C:\Users\David\AppData\Roaming\WildTangent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-07 14:14 - 2009-07-14 06:13 - 000726444 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-07 14:14 - 2009-07-14 05:45 - 000016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-07 14:14 - 2009-07-14 05:45 - 000016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-07 14:14 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-09-07 11:53 - 2013-08-13 17:55 - 000000000 ____D C:\Windows\Minidump
2017-09-07 11:53 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-07 09:33 - 2016-12-24 11:25 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2017-09-07 09:00 - 2016-12-24 11:25 - 000001267 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-07 09:00 - 2016-12-24 11:25 - 000000000 ____D C:\Users\David\AppData\Local\Google
2017-09-07 09:00 - 2009-09-04 15:37 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-07 08:50 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-06 21:14 - 2010-03-26 17:04 - 000000000 ____D C:\Users\sheila
2017-09-06 21:05 - 2016-12-24 11:25 - 000079608 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-06 21:01 - 2014-06-06 10:43 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-06 19:39 - 2010-04-05 10:29 - 000000000 ____D C:\ProgramData\Skype
2017-09-06 15:49 - 2010-03-26 17:14 - 000003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D8565A64-2DD8-4256-A825-4966D8602269}
2017-09-06 09:33 - 2009-07-14 03:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20170906-232217.backup
2017-09-05 20:48 - 2014-04-06 17:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-05 20:40 - 2011-10-27 18:31 - 000000000 ____D C:\Program Files\Java
2017-09-05 19:08 - 2011-08-26 08:37 - 000000000 ____D C:\Program Files\Defraggler
2017-09-05 18:52 - 2009-07-14 03:34 - 000454512 ____R C:\Windows\system32\Drivers\etc\hosts.20170906-093309.backup
2017-09-05 18:03 - 2016-12-24 11:24 - 000000000 ____D C:\Users\David
2017-09-05 17:48 - 2016-10-30 23:36 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-05 17:25 - 2015-11-08 00:56 - 000000000 ____D C:\ProgramData\Avg
2017-09-05 17:22 - 2015-01-18 20:36 - 000000000 ____D C:\ProgramData\MFAData
2017-09-05 14:52 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-05 13:04 - 2016-12-23 15:22 - 000000000 ____D C:\ProgramData\HitmanPro
2017-08-26 06:28 - 2014-06-07 11:48 - 000000000 ____D C:\Program Files (x86)\WildGames
2017-08-26 06:28 - 2014-06-06 11:06 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2017-08-26 06:28 - 2011-10-28 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-08-26 06:28 - 2011-08-26 08:33 - 000000000 ____D C:\Program Files\CCleaner
2017-08-26 06:28 - 2009-09-04 15:41 - 000000000 ____D C:\ProgramData\WildTangent
2017-08-26 06:28 - 2009-09-04 15:41 - 000000000 ____D C:\Program Files (x86)\TOSHIBA Games
2017-08-26 06:28 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-26 06:20 - 2009-07-14 08:44 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-08-26 06:19 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2017-08-26 06:17 - 2009-09-04 15:38 - 000000000 ____D C:\Program Files\Google
2017-08-26 06:17 - 2009-09-04 15:37 - 000000000 ____D C:\ProgramData\Google
2017-08-26 00:59 - 2011-10-27 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-26 00:22 - 2016-12-11 18:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-08-25 22:36 - 2012-11-23 15:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-25 22:36 - 2012-11-23 15:48 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-25 22:36 - 2012-11-23 15:48 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-25 22:36 - 2011-08-24 08:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-25 22:36 - 2010-04-09 16:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2016-12-26 13:45 - 2016-12-26 23:31 - 000007596 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2016-12-24 23:42 - 2016-12-24 23:42 - 000000000 _____ () C:\Users\David\AppData\Local\{8AF5B394-B7D7-48E6-BBE1-A153E694DCE0}
2010-04-05 10:41 - 2010-04-05 10:41 - 000000056 _____ () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-04 11:48

==================== End of FRST.txt ============================

Link to post
Share on other sites

Thanks for those logs CliffL62, continue as follows:

Uninstall SpyBot Search & Destroy, reboot when complete https://www.safer-networking.org/faq/how-to-uninstall-2/

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.