jeffreyjr Posted November 11, 2017 ID:1181597 Share Posted November 11, 2017 Hello, Malwarebytes Anti-Malware detected PUP.Optional.Spigot.A, I quarantined it and thought it was taken care but I got the notification again and it's from the same location. Is this harmful? And how do I get rid of it? ATB Jeff Link to post Share on other sites More sharing options...
Aura Posted November 11, 2017 ID:1181598 Share Posted November 11, 2017 Hi Jeff Can you provide me the Malwarebytes log where I can see the detection? Link to post Share on other sites More sharing options...
jeffreyjr Posted November 11, 2017 Author ID:1181601 Share Posted November 11, 2017 Hello Aura, Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/11/17 Scan Time: 1:19 PM Log File: e21ae13e-c6e2-11e7-aeb4-000000000000.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.2951 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User-PC\User -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 321283 Threats Detected: 55 Threats Quarantined: 55 Time Elapsed: 2 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 21 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.3_0\_locales\en, Quarantined, [1968], [362981],1.0.2951 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.4_0\_locales\en, Quarantined, [1968], [362981],1.0.2951 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.3_0\html\popup, Quarantined, [1968], [362981],1.0.2951 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.4_0\html\popup, Quarantined, [1968], [362981],1.0.2951 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.3_0\_metadata, Quarantined, [1968], [362981],1.0.2951 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.4_0\_metadata, Quarantined, [1968], [362981],1.0.2951 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.3_0\js\popup, Quarantined, [1968], [362981],1.0.2951 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.3_0\_locales, Quarantined, [1968], [362981],1.0.2951 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.4_0\js\popup, Quarantined, [1968], [362981],1.0.2951 PUP.Optional.Spigot.Generic, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm\5.4_0\_locales, Quarantined, [1968], [362981],1.0.2951 Link to post Share on other sites More sharing options...
Aura Posted November 11, 2017 ID:1181603 Share Posted November 11, 2017 Ah alright, follow the instructions below. Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Download the right version of FRST for your system:FRST 32-bit FRST 64-bitNote: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using. Move the executable (FRST.exe or FRST64.exe) on your Desktop Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds Make sure the Addition.txt box is checked Click on the Scan button On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files Copy and paste the content of both FRST.txt and Addition.txt in your next reply Link to post Share on other sites More sharing options...
jeffreyjr Posted November 11, 2017 Author ID:1181609 Share Posted November 11, 2017 R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [122520 2017-08-08] (COMODO) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] () R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-08-08] (COMODO) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-11] (Malwarebytes) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-11 22:29 - 2017-11-11 22:29 - 000023240 _____ C:\Users\User\Downloads\FRST.txt 2017-11-11 22:28 - 2017-11-11 22:29 - 000000000 ____D C:\FRST 2017-11-11 22:27 - 2017-11-11 22:27 - 002392576 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2017-11-11 21:58 - 2017-11-11 21:58 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2017-11-11 21:58 - 2017-11-11 21:58 - 000000160 _____ C:\Windows\system32\bootdelete.lst 2017-11-11 21:51 - 2017-11-11 22:03 - 000000000 ____D C:\ProgramData\HitmanPro 2017-11-11 21:50 - 2017-11-11 21:50 - 011584088 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe 2017-11-11 21:31 - 2017-11-11 21:41 - 000000000 ____D C:\AdwCleaner 2017-11-11 21:31 - 2017-11-11 21:31 - 008261584 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.0.4.0.exe 2017-11-11 13:18 - 2017-11-11 13:18 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-11-11 13:18 - 2017-11-11 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-11-11 13:18 - 2017-11-11 13:18 - 000000000 ____D C:\ProgramData\MB2Migration 2017-11-11 13:18 - 2017-11-11 13:18 - 000000000 ____D C:\Program Files\Malwarebytes 2017-11-11 13:18 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-11-11 13:17 - 2017-11-11 13:23 - 000269572 _____ C:\Windows\ntbtlog.txt 2017-11-07 13:39 - 2017-11-07 13:39 - 000204717 _____ C:\Users\User\Downloads\21 Oct 2017 Invoice 63080461 for account 638281 (1).pdf 2017-10-29 10:13 - 2017-10-29 10:15 - 000000000 ____D C:\Users\User\AppData\Roaming\WhatsApp 2017-10-29 10:13 - 2017-10-29 10:15 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-10-29 10:13 - 2017-10-29 10:15 - 000000000 ____D C:\Users\User\AppData\Local\WhatsApp 2017-10-29 10:13 - 2017-10-29 10:13 - 000000000 ____D C:\Users\User\AppData\Local\SquirrelTemp 2017-10-29 10:11 - 2017-10-29 10:12 - 076363776 _____ (WhatsApp) C:\Users\User\Downloads\WhatsAppSetup.exe 2017-10-22 09:44 - 2017-10-22 09:44 - 000204717 _____ C:\Users\User\Downloads\21 Oct 2017 Invoice 63080461 for account 638281.pdf 2017-10-20 17:36 - 2017-10-20 17:35 - 000402608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe 2017-10-18 18:11 - 2017-10-18 18:11 - 000049039 _____ C:\Users\User\Downloads\CUST_1000022748_ACC_3000039253_September_2017.pdf 2017-10-18 18:09 - 2017-10-18 18:09 - 000059729 _____ C:\Users\User\Downloads\CUST_1000022748_ACC_3000039254_August_2017 (1).pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-11 21:50 - 2009-07-14 04:45 - 000020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-11 21:50 - 2009-07-14 04:45 - 000020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-11 21:47 - 2009-07-14 05:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-11 21:47 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf 2017-11-11 21:42 - 2016-11-04 15:56 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-11-11 21:42 - 2016-10-31 20:05 - 000003590 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2017-11-11 21:42 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-11 15:55 - 2016-11-04 13:22 - 000000000 ____D C:\Users\User\Documents\JEFF 2017-11-11 13:18 - 2016-11-04 15:56 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-11-10 21:50 - 2017-07-07 01:03 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2017-11-10 21:50 - 2017-03-25 07:10 - 000004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update 2017-11-06 17:43 - 2017-04-04 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-11-06 17:43 - 2016-10-31 20:07 - 000000874 _____ C:\Users\Public\Desktop\AVG.lnk 2017-11-04 17:32 - 2017-06-25 09:40 - 000000000 ____D C:\Program Files (x86)\Comodo 2017-10-26 18:47 - 2017-03-25 07:10 - 001022288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000579584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000355856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000193768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000140192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys 2017-10-20 17:35 - 2016-10-31 20:05 - 000000000 ____D C:\ProgramData\Avg 2017-10-17 18:30 - 2017-07-21 16:15 - 000000000 _____ C:\Windows\SysWOW64\last.dump Some files in TEMP: ==================== 2010-02-24 08:39 - 2010-02-24 08:39 - 006891472 _____ (Acresso Software Inc. ) C:\Users\User\AppData\Local\Temp\CP210x.exe 2017-06-30 19:18 - 2017-07-07 01:03 - 004113960 _____ (COMODO) C:\Users\User\AppData\Local\Temp\ise_installer.exe 2016-11-04 13:35 - 2014-03-12 13:40 - 001122384 ____N (CANON INC.) C:\Users\User\AppData\Local\Temp\MSETUP4.EXE 2017-01-11 11:21 - 2017-01-11 11:21 - 048843976 _____ (Sony) C:\Users\User\AppData\Local\Temp\xcs1BEB.tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-30 01:11 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-11-2017 Ran by User (11-11-2017 22:29:33) Running from C:\Users\User\Downloads Windows 7 Professional Service Pack 1 (X64) (2016-10-08 16:46:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-476993151-3778327809-1164886011-500 - Administrator - Disabled) Guest (S-1-5-21-476993151-3778327809-1164886011-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-476993151-3778327809-1164886011-1002 - Limited - Enabled) User (S-1-5-21-476993151-3778327809-1164886011-1000 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems) Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated) AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies) AVG PC TuneUp (HKLM-x32\...\{A3DEEC4D-7D8A-465E-90BD-B853A19DDF82}) (Version: 16.75.1 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.75.3.10304 - AVG Technologies) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.566 - AVG Technologies) calibre (HKLM-x32\...\{C94D271E-A338-48CD-A4F6-F031E928BC1F}) (Version: 2.80.0 - Kovid Goyal) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.) Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.01 - Canon Inc.) Canon MG5600 series On-screen Manual (HKLM-x32\...\Canon MG5600 series On-screen Manual) (Version: 7.7.1 - Canon Inc.) Canon MG5600 series User Registration (HKLM-x32\...\Canon MG5600 series User Registration) (Version: - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.) Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 58.0.3029.115 - Comodo) COMODO Firewall (HKLM\...\{A1E718A7-BB83-41B8-BA96-BC219C322B8E}) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) Hidden COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) Core Temp 1.4.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.4.1 - ALCPU) CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.A.) Cypress TrackPad (HKLM\...\{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1) (Version: 2.5.3.65 - Cypress Semiconductor, Inc.) Dell System Detect (HKU\S-1-5-21-476993151-3778327809-1164886011-1000\...\58d94f3ce2c27db0) (Version: 7.9.0.10 - Dell) EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd) FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden GeekBuddy (HKLM\...\{FEBB7160-584E-4B30-B0ED-59E355EFCF72}) (Version: 4.30.227 - Comodo Security Solutions Inc) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation) Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo) Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories) Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{E823686A-C928-4789-937A-FAF7790EF2C5}) (Version: 5.40.29 - Silicon Laboratories, Inc.) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Xperia Companion (HKLM-x32\...\{3FC90BF7-B316-40DF-819C-A06D70E5ED2E}) (Version: 1.4.7.0 - Sony) Hidden Xperia Companion (HKLM-x32\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony) Xperia Companion Service (HKLM\...\{D045DF86-7FF9-4CF2-919A-7BD172A43AAC}) (Version: 1.4.7.0 - Sony) Hidden YTLcard system 2.12.10.12 (HKLM-x32\...\YTLcard system) (Version: 2.12.10.12 - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-01-03] (Adobe Systems Inc.) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-20] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-07-26] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-29] (COMODO) ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-29] (COMODO) ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] () ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-07-26] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-07-26] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-03-09] (Intel Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-01-03] (Adobe Systems Inc.) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-20] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-29] (COMODO) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] () ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08388EE0-42D5-4195-9AB4-AA84F5A76798} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-10-20] (AVG Technologies CZ, s.r.o.) Task: {3BC1FFC5-5059-4F78-BD7C-3BF499E1D798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.) Task: {47B50703-5B7B-4E2B-A6AA-5C23227B5961} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-29] (COMODO) Task: {5176AB55-EABF-4533-B40C-A9681A4BB164} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {77F5553B-0E13-40AC-A798-6E074D0B173D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-08-02] (McAfee, Inc.) Task: {788E518C-FFA8-4F62-A75C-56FA16477163} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-08-29] (COMODO) Task: {8D5710BB-AF4F-42F6-B243-53426DA450C3} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-29] (COMODO) Task: {979CBAE4-4BED-4ECB-B637-A219B843265F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-29] (COMODO) Task: {98A2DB02-A5C4-4E09-AC83-FE6F819D9582} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-07-26] (AVG Technologies CZ, s.r.o.) Task: {B93D46D2-8995-4334-9ECC-12CB71230C51} - System32\Tasks\Games\UpdateCheck_S-1-5-21-476993151-3778327809-1164886011-1000 Task: {BBBACCA0-18B1-41F0-94CF-E2D5D39EE6D6} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {ED6CC5AE-17D5-43DD-B446-5331622BEB58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-06-08 03:42 - 2017-08-29 04:56 - 000244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll 2017-06-08 03:41 - 2017-08-29 04:55 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll 2011-09-15 16:46 - 2011-09-15 16:46 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-10-08 17:08 - 2013-03-09 00:06 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2017-11-11 13:18 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2016-12-16 17:39 - 2016-06-03 12:15 - 000278720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe 2017-09-06 14:24 - 2017-09-06 14:24 - 000068528 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll 2017-09-06 14:24 - 2017-09-06 14:24 - 000170952 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll 2017-10-25 17:46 - 2017-10-25 17:46 - 000853048 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll 2017-10-20 17:35 - 2017-10-20 17:35 - 000287832 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll 2017-09-27 17:55 - 2017-09-21 07:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll 2017-09-27 17:55 - 2017-09-21 07:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll 2017-09-06 14:24 - 2017-09-06 14:24 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll 2017-10-20 17:35 - 2017-10-20 17:35 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2017-10-20 17:35 - 2017-10-20 17:35 - 000218208 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll 2017-10-20 17:35 - 2017-10-20 17:35 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll 2017-10-20 17:35 - 2017-10-20 17:35 - 000152224 _____ () C:\Program Files (x86)\AVG\Antivirus\network_notifications.dll 2017-11-11 13:11 - 2017-11-11 13:11 - 005879136 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17111100\algo.dll 2017-10-25 17:46 - 2017-10-25 17:46 - 000704456 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll 2017-10-20 17:35 - 2017-10-20 17:35 - 000242568 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 001296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll 2016-12-16 17:39 - 2016-06-03 12:12 - 000024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll 2016-12-16 17:39 - 2016-06-03 12:12 - 000188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll 2016-12-16 17:39 - 2016-06-03 12:12 - 000173760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll 2016-12-16 17:39 - 2016-06-03 12:13 - 000056512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll 2016-12-16 17:39 - 2016-06-03 12:12 - 000018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll 2016-12-16 17:39 - 2016-06-03 12:12 - 000128192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll 2016-12-16 17:39 - 2016-06-03 12:13 - 000085184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll 2016-12-16 17:39 - 2016-06-03 12:12 - 000040128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll 2016-12-16 17:39 - 2016-06-03 12:13 - 000114880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll 2016-12-16 17:39 - 2016-06-03 12:12 - 000026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll 2016-12-16 17:39 - 2016-06-03 12:12 - 000220864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll 2016-12-16 17:39 - 2016-06-03 12:12 - 000021184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll 2017-07-03 17:01 - 2017-07-03 17:02 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll 2016-11-28 19:48 - 2016-11-28 19:48 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2016-12-16 17:39 - 2015-12-10 06:04 - 000224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll 2016-10-08 17:06 - 2012-06-25 09:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2010-01-09 20:18 - 2010-01-09 20:18 - 004254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2010-01-21 01:34 - 2010-01-21 01:34 - 008793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-476993151-3778327809-1164886011-1000\...\dell.com -> dell.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2017-02-23 09:38 - 000002010 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-476993151-3778327809-1164886011-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 156.154.70.22 - 156.154.71.22 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{64D0C386-D014-4ABB-B270-11E6D4F5C26B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{D877CE8D-9075-4DD0-A56F-E9CA4D5F5377}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{D4D822B1-90E5-41CE-B651-723CD747CEEE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{72727F02-3EA1-4484-96B1-B001840562EF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{819E0004-56AA-433F-A265-14A228A8B01D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{3BF88A47-C14B-4075-B977-6DC1136F2ABC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{C93F1418-288A-46EE-9125-8954196F897C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{634AEEC1-3060-4E62-BA4B-6C440347964B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{5E8681BA-A98E-4686-BFC7-F0808E73E7EE}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{41AA74E6-8D28-465E-B3B6-A4B5C7168AE8}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{BCB811B1-ED9A-43E8-ABCC-C24230329497}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{7075B622-1402-4EE3-9E0A-ADC5F177B7CD}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe FirewallRules: [{D6434FD3-E6CB-48B8-A92E-A490733739C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000295EFC0.72). hr = 0x80070005, Access is denied. . Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b0,(null),0,REG_BINARY,00000000071FE140.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {9bbd14b5-27da-48e6-9806-e1a64f783abf} Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000938,(null),0,REG_BINARY,000000000200DF70.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {2c8381ce-90be-430e-8c2c-a75af0236a8f} Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b0,(null),0,REG_BINARY,00000000071FE140.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {9bbd14b5-27da-48e6-9806-e1a64f783abf} Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000938,(null),0,REG_BINARY,000000000200DF70.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {2c8381ce-90be-430e-8c2c-a75af0236a8f} Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000204,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000002B8ED40.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {2011106f-1efa-4650-9416-2eb0c00e9ae0} Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d4,(null),0,REG_BINARY,0000000001C8E290.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {681daa30-35fe-47bd-8b28-6275bc3efa92} Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,0000000002A3ECF0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {ff14a951-4954-41da-b9b9-f92f65bba019} Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001cc,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000001FCF1C0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {12ef1044-1a52-4e10-99b0-ad4038477c3c} Error: (11/11/2017 09:58:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d4,(null),0,REG_BINARY,0000000001C8E290.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {681daa30-35fe-47bd-8b28-6275bc3efa92} System errors: ============= Error: (11/11/2017 09:52:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (11/11/2017 09:50:41 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (11/11/2017 09:42:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (11/11/2017 09:42:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Service Installer TrueKey service failed to start due to the following error: The system cannot find the file specified. Error: (11/11/2017 09:41:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (11/11/2017 09:41:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (11/11/2017 09:41:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (11/11/2017 09:41:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (11/11/2017 09:41:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (11/11/2017 09:41:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. CodeIntegrity: =================================== Date: 2017-11-11 22:27:37.551 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-11 22:27:37.455 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-11 22:18:56.935 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-11 22:18:56.846 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-11 22:12:24.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-11 22:12:24.046 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-11 21:51:19.593 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-11 21:51:19.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-11 21:42:16.424 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-11 21:42:16.346 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3667U CPU @ 2.00GHz Percentage of memory in use: 39% Total physical RAM: 7750.51 MB Available physical RAM: 4705.7 MB Total Virtual: 15499.21 MB Available Virtual: 12386.16 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.37 GB) (Free:158.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 8AEA3259) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted November 11, 2017 ID:1181610 Share Posted November 11, 2017 I'm missing the first half of your FRST.txt log. Can you simply attach it instead? Link to post Share on other sites More sharing options...
jeffreyjr Posted November 11, 2017 Author ID:1181616 Share Posted November 11, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2017 Ran by User (administrator) on USER-PC (11-11-2017 22:29:07) Running from C:\Users\User\Downloads Loaded Profiles: User (Available Profiles: User) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Cypress Semiconductor Corporation) C:\Program Files\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor, Inc.) C:\Program Files\Cypress\TrackPad\CyHidWin.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe (CyberGhost S.A.) C:\Program Files\CyberGhost 6\CyberGhost.exe (COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (CyberGhost S.A.) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (Microsoft Corporation) C:\Windows\System32\vds.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel(R) Corporation) HKLM\...\Run: [CyCpIo] => C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2460672 2013-12-04] (Cypress Semiconductor Corporation) HKLM\...\Run: [CyHidWin] => C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2667008 2013-12-04] (Cypress Semiconductor, Inc.) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-10-20] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-08-29] (COMODO) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-08] (COMODO) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-476993151-3778327809-1164886011-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2088832 2016-12-22] (Sony) HKU\S-1-5-21-476993151-3778327809-1164886011-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1248848 2017-08-31] (CyberGhost S.A.) HKU\S-1-5-21-476993151-3778327809-1164886011-1000\...\MountPoints2: {8bb111a1-ea1c-11e6-bb77-00dbdf129b29} - D:\startme.exe HKU\S-1-5-21-476993151-3778327809-1164886011-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-10-08] (Microsoft Corporation) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" BootExecute: autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2517D0E5-EC4D-4E1E-A721-520CC5BFC30A}: [NameServer] 156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{2517D0E5-EC4D-4E1E-A721-520CC5BFC30A}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-476993151-3778327809-1164886011-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.yahoo.com/?fr=fp-comodo&type=19_6106005_58.0.3029.114_u_hp SearchScopes: HKU\S-1-5-21-476993151-3778327809-1164886011-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_6106005_58.0.3029.114_u_ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-476993151-3778327809-1164886011-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_6106005_58.0.3029.114_u_ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-476993151-3778327809-1164886011-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33050001005_10.0.1.6258_u_ds SearchScopes: HKU\S-1-5-21-476993151-3778327809-1164886011-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CEFBDD80-6D05-4C06-9E53-1517A44CBB4D}&mid=85c31b4691bc47cf9d51d19299f672da-9035bb9d909f409f5260f3410512f50f1178b65d&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-10-31 20:30:35&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll => No File BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-476993151-3778327809-1164886011-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-02-23] [not signed] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.co.uk/ CHR StartupUrls: Default -> "hxxp://www.google.co.uk/" CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-11-11] CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-16] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-16] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-04] CHR Extension: (Map Beast) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hieeelcojjgdkghajofnhblijiadaodm [2017-11-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-16] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-26] CHR HKU\S-1-5-21-476993151-3778327809-1164886011-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-10-20] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7496672 2017-10-20] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.) R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [232528 2017-08-31] (CyberGhost S.A.) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501616 2017-08-29] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-08-29] (COMODO) R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-09-27] (Comodo) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd) R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-08] (COMODO) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] () R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-07-26] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2017-07-26] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2017-07-26] (AVG Technologies CZ, s.r.o.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony) S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-10-20] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314640 2017-10-20] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-10-20] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-10-20] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-10-20] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-10-20] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [140192 2017-10-20] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-10-20] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-10-20] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1022288 2017-10-26] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [579584 2017-10-20] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [193768 2017-10-20] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [355856 2017-10-20] (AVG Technologies CZ, s.r.o.) R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-12-25] (Windows (R) Win 7 DDK provider) [File not signed] R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-08-08] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [844584 2017-08-08] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-08-08] (COMODO) R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [145408 2013-12-04] (Cypress Semiconductor, Inc.) R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [19968 2013-12-04] (Cypress Semiconductor, Inc.) R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [102400 2013-12-04] (Cypress Semiconductor, Inc.) R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [File not signed] R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [122520 2017-08-08] (COMODO) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] () R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-08-08] (COMODO) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-11] (Malwarebytes) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-11 22:29 - 2017-11-11 22:29 - 000023240 _____ C:\Users\User\Downloads\FRST.txt 2017-11-11 22:28 - 2017-11-11 22:29 - 000000000 ____D C:\FRST 2017-11-11 22:27 - 2017-11-11 22:27 - 002392576 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2017-11-11 21:58 - 2017-11-11 21:58 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2017-11-11 21:58 - 2017-11-11 21:58 - 000000160 _____ C:\Windows\system32\bootdelete.lst 2017-11-11 21:51 - 2017-11-11 22:03 - 000000000 ____D C:\ProgramData\HitmanPro 2017-11-11 21:50 - 2017-11-11 21:50 - 011584088 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe 2017-11-11 21:31 - 2017-11-11 21:41 - 000000000 ____D C:\AdwCleaner 2017-11-11 21:31 - 2017-11-11 21:31 - 008261584 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.0.4.0.exe 2017-11-11 13:18 - 2017-11-11 13:18 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-11-11 13:18 - 2017-11-11 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-11-11 13:18 - 2017-11-11 13:18 - 000000000 ____D C:\ProgramData\MB2Migration 2017-11-11 13:18 - 2017-11-11 13:18 - 000000000 ____D C:\Program Files\Malwarebytes 2017-11-11 13:18 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-11-11 13:17 - 2017-11-11 13:23 - 000269572 _____ C:\Windows\ntbtlog.txt 2017-11-07 13:39 - 2017-11-07 13:39 - 000204717 _____ C:\Users\User\Downloads\21 Oct 2017 Invoice 63080461 for account 638281 (1).pdf 2017-10-29 10:13 - 2017-10-29 10:15 - 000000000 ____D C:\Users\User\AppData\Roaming\WhatsApp 2017-10-29 10:13 - 2017-10-29 10:15 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-10-29 10:13 - 2017-10-29 10:15 - 000000000 ____D C:\Users\User\AppData\Local\WhatsApp 2017-10-29 10:13 - 2017-10-29 10:13 - 000000000 ____D C:\Users\User\AppData\Local\SquirrelTemp 2017-10-29 10:11 - 2017-10-29 10:12 - 076363776 _____ (WhatsApp) C:\Users\User\Downloads\WhatsAppSetup.exe 2017-10-22 09:44 - 2017-10-22 09:44 - 000204717 _____ C:\Users\User\Downloads\21 Oct 2017 Invoice 63080461 for account 638281.pdf 2017-10-20 17:36 - 2017-10-20 17:35 - 000402608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe 2017-10-18 18:11 - 2017-10-18 18:11 - 000049039 _____ C:\Users\User\Downloads\CUST_1000022748_ACC_3000039253_September_2017.pdf 2017-10-18 18:09 - 2017-10-18 18:09 - 000059729 _____ C:\Users\User\Downloads\CUST_1000022748_ACC_3000039254_August_2017 (1).pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-11 21:50 - 2009-07-14 04:45 - 000020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-11 21:50 - 2009-07-14 04:45 - 000020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-11 21:47 - 2009-07-14 05:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-11 21:47 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf 2017-11-11 21:42 - 2016-11-04 15:56 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-11-11 21:42 - 2016-10-31 20:05 - 000003590 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2017-11-11 21:42 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-11 15:55 - 2016-11-04 13:22 - 000000000 ____D C:\Users\User\Documents\JEFF 2017-11-11 13:18 - 2016-11-04 15:56 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-11-10 21:50 - 2017-07-07 01:03 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2017-11-10 21:50 - 2017-03-25 07:10 - 000004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update 2017-11-06 17:43 - 2017-04-04 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-11-06 17:43 - 2016-10-31 20:07 - 000000874 _____ C:\Users\Public\Desktop\AVG.lnk 2017-11-04 17:32 - 2017-06-25 09:40 - 000000000 ____D C:\Program Files (x86)\Comodo 2017-10-26 18:47 - 2017-03-25 07:10 - 001022288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000579584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000355856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000193768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000140192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys 2017-10-20 17:35 - 2017-03-25 07:10 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys 2017-10-20 17:35 - 2016-10-31 20:05 - 000000000 ____D C:\ProgramData\Avg 2017-10-17 18:30 - 2017-07-21 16:15 - 000000000 _____ C:\Windows\SysWOW64\last.dump Some files in TEMP: ==================== 2010-02-24 08:39 - 2010-02-24 08:39 - 006891472 _____ (Acresso Software Inc. ) C:\Users\User\AppData\Local\Temp\CP210x.exe 2017-06-30 19:18 - 2017-07-07 01:03 - 004113960 _____ (COMODO) C:\Users\User\AppData\Local\Temp\ise_installer.exe 2016-11-04 13:35 - 2014-03-12 13:40 - 001122384 ____N (CANON INC.) C:\Users\User\AppData\Local\Temp\MSETUP4.EXE 2017-01-11 11:21 - 2017-01-11 11:21 - 048843976 _____ (Sony) C:\Users\User\AppData\Local\Temp\xcs1BEB.tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-30 01:11 ==================== End of FRST.txt ============================ Malwarebytes.docx Link to post Share on other sites More sharing options...
Aura Posted November 11, 2017 ID:1181617 Share Posted November 11, 2017 Uninstall the Map Beast extension in Google Chrome, then run a new scan with Malwarebytes and the threats should be gone. Link to post Share on other sites More sharing options...
jeffreyjr Posted November 11, 2017 Author ID:1181619 Share Posted November 11, 2017 Hi Aura, Sorry for my stupidity, how do I Uninstall the Map Beast extension in Google Chrome Link to post Share on other sites More sharing options...
Aura Posted November 11, 2017 ID:1181621 Share Posted November 11, 2017 Google Chrome - Remove Extension/App In Google Chrome, enter chrome://extensions in the address bar and press on Enter In the Extensions page, uninstall these (by clicking on the little garbage can icon on their right)Map Beast If you don't see the extension listed, it means that it's installed as an App. So enter chrome://apps in the address bar and press on Enter From the Apps page, look for the app, right-click on it and select Remove from Chrome Link to post Share on other sites More sharing options...
jeffreyjr Posted November 11, 2017 Author ID:1181622 Share Posted November 11, 2017 many thanks removed the Map Beast and presently running scan Link to post Share on other sites More sharing options...
jeffreyjr Posted November 11, 2017 Author ID:1181623 Share Posted November 11, 2017 PU: x64 File System: NTFS User: User-PC\User -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 326382 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 1 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Aura Posted November 11, 2017 ID:1181624 Share Posted November 11, 2017 Good, looks like that took care of it Is there anything else I can assist you with (malware-related), or that was it? Link to post Share on other sites More sharing options...
jeffreyjr Posted November 11, 2017 Author ID:1181626 Share Posted November 11, 2017 Many thanks, for your help. From the logs do you know how the adware got through my firewall and antivirus software? Link to post Share on other sites More sharing options...
Aura Posted November 11, 2017 ID:1181629 Share Posted November 11, 2017 You most likely installed it by mistake. It might have come with a bundled installer, or you were tricking by it when trying to leave a malicious website. And no problem jeffrey, you're welcome Link to post Share on other sites More sharing options...
Aura Posted November 14, 2017 ID:1182662 Share Posted November 14, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts