It was recommended that I post here from the "Am I Infected" section. (https://www.bleepingcomputer.com/forums/t/648901/tool-is-blocking-ie-re-directions-but-av-scans-come-out-clean/)
I was having issues with IE not working, then having an internet security tool tell me it was blocking redirection. There was also an issue with an unusually high frequency of IP's blocked by Malwarebytes alongside a few established, unknown inbound connections to SVChost
I saw that Internet Security Essentials was listed as Comodo software and it appeared legitimate. During the IE redirect warnings I accepted a "continue anyway" option, but it did nothing and I removed the tool- IE didn't redirect afterwards. I changed my IP address and stealth-ed my ports using my firewall and there have been no notifications from Malwarebytes these past 14 hours.
I ran scans with several AV and security programs while Cleaning Essentials was installed and nothing came out funky. I used BItdefender, Avast, EEMK, Super AntiSpyware, Malwarebytes. (I am only set up with 1 AV, Free Avast, Malwarebytes Premium, and Free Comodo Suite set to Fireewall only.)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017
Ran by -- (administrator) on ---PC (12-06-2017 07:26:14)
Running from C:\Users\--\Desktop
Loaded Profiles: -- (Available Profiles: --)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Flux Software LLC) C:\Users\--\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Comodo Inc.) C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1487552 2017-04-22] (COMODO)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-06-27] (Logitech Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2016-07-14] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-09-30] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2016-12-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2016-12-18] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-08] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2155871709-899169398-2161320827-1000\...\Run: [f.lux] => C:\Users\--\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2155871709-899169398-2161320827-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2155871709-899169398-2161320827-1000\...\Run: [Google Update] => C:\Users\--\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [179952 2016-09-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [157464 2016-09-30] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-08] (AVAST Software)
Startup: C:\Users\--\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-05-27]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{DDF3B741-24E9-4F6A-BFFA-93EEA0A9460D}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: ditobvsl.default
FF ProfilePath: C:\Users\--\AppData\Roaming\Mozilla\Firefox\Profiles\cu6b082q.default-1490221692241 [2017-06-11]
FF Extension: (Disconnect) - C:\Users\--\AppData\Roaming\Mozilla\Firefox\Profiles\cu6b082q.default-1490221692241\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (HTTPS Everywhere) - C:\Users\--\AppData\Roaming\Mozilla\Firefox\Profiles\cu6b082q.default-1490221692241\Extensions\https-everywhere@eff.org.xpi [2017-06-06]
FF Extension: (Self-Destructing Cookies) - C:\Users\--\AppData\Roaming\Mozilla\Firefox\Profiles\cu6b082q.default-1490221692241\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-04-13]
FF Extension: (uBlock Origin) - C:\Users\--\AppData\Roaming\Mozilla\Firefox\Profiles\cu6b082q.default-1490221692241\Extensions\uBlock0@raymondhill.net.xpi [2017-05-14]
FF Extension: (NoScript) - C:\Users\--\AppData\Roaming\Mozilla\Firefox\Profiles\cu6b082q.default-1490221692241\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-05-30]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\--\AppData\Roaming\Mozilla\Firefox\Profiles\cu6b082q.default-1490221692241\features\{b5c396df-a541-4634-9876-a263213f91ab}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\--\AppData\Roaming\Mozilla\Firefox\Profiles\cu6b082q.default-1490221692241\features\{b5c396df-a541-4634-9876-a263213f91ab}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF ProfilePath: C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default [2017-06-12]
FF DefaultSearchEngine: Comodo\IceDragon\Profiles\ditobvsl.default -> Yahoo! US
FF DefaultSearchEngine.US: Comodo\IceDragon\Profiles\ditobvsl.default -> Yahoo! US
FF NetworkProxy: Comodo\IceDragon\Profiles\ditobvsl.default -> gopher", ""
FF NetworkProxy: Comodo\IceDragon\Profiles\ditobvsl.default -> gopher_port", 0
FF Extension: (Disconnect) - C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (Firebug) - C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01]
FF Extension: (Ghostery) - C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default\Extensions\firefox@ghostery.com.xpi [2017-05-06]
FF Extension: (HTTPS Everywhere) - C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default\Extensions\https-everywhere@eff.org.xpi [2017-05-22]
FF Extension: (Self-Destructing Cookies) - C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-05-01]
FF Extension: (Privacy Badger) - C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-05-11]
FF Extension: (uBlock Origin) - C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-15]
FF Extension: (uMatrix) - C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default\Extensions\uMatrix@raymondhill.net.xpi [2017-06-11]
FF Extension: (NoScript) - C:\Users\--\AppData\Roaming\Comodo\IceDragon\Profiles\ditobvsl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-05-11]
FF Extension: (DragAndDrop) - C:\Program Files (x86)\Comodo\IceDragon\browser\features\DnD@comodo.com [2017-05-30] [not signed]
FF Extension: (COMODO SecureBox) - C:\Program Files (x86)\Comodo\IceDragon\browser\features\@csb [2017-05-30] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2155871709-899169398-2161320827-1000: @citrixonline.com/appdetectorplugin -> C:\Users\--\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-2155871709-899169398-2161320827-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\--\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2155871709-899169398-2161320827-1000: @talk.google.com/O1DPlugin -> C:\Users\--\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2155871709-899169398-2161320827-1000: @tools.google.com/Google Update;version=3 -> C:\Users\--\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2155871709-899169398-2161320827-1000: @tools.google.com/Google Update;version=9 -> C:\Users\--\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\--\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\--\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/yhs/search?p={searchTerms}&hspart=comodo&hsimp=yhs-ccs&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\--\AppData\Local\Google\Chrome\User Data\Default [2017-06-11]
CHR Extension: (Google Slides) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-12]
CHR Extension: (Google Docs) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-12]
CHR Extension: (YouTube) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-29]
CHR Extension: (Adblock Plus) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Sheets) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-29]
CHR Extension: (Yahoo Partner) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm [2016-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\--\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR HKU\S-1-5-21-2155871709-899169398-2161320827-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2155871709-899169398-2161320827-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-08] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10512032 2017-04-22] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-22] (COMODO)
R2 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [4295328 2017-05-24] ()
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-06-27] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-06-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-06-08] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-06-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-06-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-06-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-06-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-06-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-06-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-06-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-06-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-06-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-06-08] (AVAST Software)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-03-28] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [848736 2017-03-28] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-03-28] (COMODO)
R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-06-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [119392 2017-03-28] (COMODO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-06-27] (Logitech Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-06-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-06-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-06-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-06-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-06-12] (Malwarebytes)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [307768 2016-09-30] (NVIDIA Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2016-08-05] (Panda Security, S.L.)
U1 aswbdisk; no ImagePath
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-12 07:18 - 2017-06-12 07:18 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-11 23:44 - 2017-06-11 23:44 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-06-11 23:37 - 2017-06-11 23:37 - 00080929 _____ C:\Users\--\Desktop\Addition.txt
2017-06-11 23:36 - 2017-06-12 07:26 - 00022726 _____ C:\Users\--\Desktop\FRST.txt
2017-06-11 20:57 - 2017-06-11 20:57 - 00000000 ___DL C:\Users\--\AppData\LocalLow\PlayReady
2017-06-11 16:52 - 2017-06-11 16:52 - 00132272 _____ C:\Users\--\Desktop\hosts.zip
2017-06-11 16:10 - 2017-04-27 15:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-11 16:10 - 2017-04-17 08:37 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-11 16:10 - 2017-04-17 08:37 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-11 16:10 - 2017-04-17 08:37 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-11 16:10 - 2017-04-17 08:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-11 16:10 - 2017-04-17 08:23 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-11 16:10 - 2017-04-17 08:22 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-11 16:10 - 2017-04-17 08:21 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-11 16:10 - 2017-04-17 08:21 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-11 16:10 - 2017-04-17 08:21 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-11 16:10 - 2017-04-17 08:21 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-11 16:10 - 2017-04-17 08:21 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-11 16:10 - 2017-04-17 08:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-11 16:10 - 2017-04-17 08:01 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-11 16:10 - 2017-04-17 08:01 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-11 16:10 - 2017-04-17 08:01 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-11 16:10 - 2017-04-17 08:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-11 16:10 - 2017-04-12 06:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-11 14:54 - 2017-05-03 08:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-11 14:54 - 2017-05-03 08:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-11 14:54 - 2017-05-03 06:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-11 14:54 - 2017-05-03 06:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-11 14:54 - 2017-05-03 06:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-11 14:54 - 2017-05-03 06:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-11 14:54 - 2017-05-03 06:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-06-11 14:54 - 2017-05-03 06:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-11 14:54 - 2017-05-03 06:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-11 14:54 - 2017-03-22 19:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-06-11 14:44 - 2017-06-11 14:44 - 00000000 ____D C:\SecurityCheck
2017-06-11 14:38 - 2017-06-11 14:38 - 00001912 _____ C:\Users\--\Desktop\JRT.txt
2017-06-11 09:51 - 2017-06-11 09:51 - 01663672 _____ (Malwarebytes) C:\Users\--\Downloads\JRT.exe
2017-06-11 09:51 - 2017-06-11 09:51 - 00513726 _____ (glax24 (safezone.cc)) C:\Users\--\Desktop\SecurityCheck.exe
2017-06-11 09:47 - 2017-06-11 09:47 - 04110280 _____ C:\Users\--\Downloads\AdwCleaner.exe
2017-06-09 13:29 - 2017-06-09 13:29 - 00892416 _____ (Farbar) C:\Users\--\Downloads\MiniToolBox.exe
2017-06-08 13:09 - 2017-06-08 13:09 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-06-08 13:09 - 2017-06-08 13:09 - 00000000 ____D C:\Users\--\AppData\Roaming\AVAST Software
2017-06-08 13:09 - 2017-06-08 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-06-08 13:08 - 2017-06-11 16:02 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-06-08 13:08 - 2017-06-08 13:09 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-06-08 13:08 - 2017-06-08 13:08 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-08 13:08 - 2017-06-08 13:08 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-08 13:08 - 2017-06-08 13:08 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-06-08 13:08 - 2017-06-08 13:08 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-08 13:08 - 2017-06-08 13:08 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-08 13:08 - 2017-06-08 13:08 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-08 13:08 - 2017-06-08 13:08 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-08 13:08 - 2017-06-08 13:07 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-08 13:08 - 2017-06-08 13:07 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-06-08 13:08 - 2017-06-08 13:07 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-06-08 13:08 - 2017-06-08 13:07 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-06-08 13:08 - 2017-06-08 13:07 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-06-08 13:04 - 2017-06-08 13:04 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-08 13:02 - 2017-06-08 13:37 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-08 13:02 - 2017-06-08 13:02 - 00029155 _____ C:\ProgramData\agent.1496952126.bdinstall.bin
2017-06-08 12:50 - 2017-06-08 12:50 - 00028750 _____ C:\ProgramData\agent.1496951394.bdinstall.bin
2017-06-08 12:32 - 2017-06-08 12:32 - 00046701 _____ C:\ProgramData\agent.1496950343.bdinstall.bin
2017-06-08 12:28 - 2017-06-08 12:28 - 00029157 _____ C:\ProgramData\agent.1496950096.bdinstall.bin
2017-06-08 12:23 - 2017-06-08 12:24 - 06654960 _____ (AVAST Software) C:\Users\--\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-06-08 12:22 - 2017-06-08 12:22 - 08465984 _____ C:\Users\--\Downloads\bitdefender_online(1).exe
2017-06-08 12:22 - 2017-06-08 12:22 - 00028751 _____ C:\ProgramData\agent.1496949750.bdinstall.bin
2017-06-08 12:19 - 2017-06-08 12:19 - 00028739 _____ C:\ProgramData\agent.1496949544.bdinstall.bin
2017-06-06 23:15 - 2017-06-06 23:15 - 00000998 _____ C:\Users\--\Desktop\Music - Shortcut.lnk
2017-06-06 20:15 - 2017-06-07 09:46 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-06 20:14 - 2017-06-12 07:19 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-06 20:14 - 2017-06-12 07:17 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-06 20:14 - 2017-06-12 07:17 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-06 20:14 - 2017-06-07 10:50 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-06 20:14 - 2017-06-06 20:14 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-06 20:14 - 2017-06-06 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-06 20:14 - 2017-06-06 20:14 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-06 19:56 - 2017-06-06 19:56 - 00290816 _____ (SUPERAntiSpyware.com) C:\Users\--\Downloads\SASUNINST64.EXE
2017-06-06 19:50 - 2017-06-06 19:52 - 30201264 _____ (SUPERAntiSpyware) C:\Users\--\Downloads\SUPERAntiSpyware(1).exe
2017-06-06 19:26 - 2017-06-07 09:48 - 00000000 ____D C:\Users\--\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-06 18:49 - 2017-06-06 18:49 - 00028739 _____ C:\ProgramData\agent.1496800161.bdinstall.bin
2017-06-06 18:48 - 2017-06-06 18:48 - 00028739 _____ C:\ProgramData\agent.1496800123.bdinstall.bin
2017-06-06 18:06 - 2017-06-06 18:06 - 00000222 _____ C:\Users\--\Desktop\Ghost in the Shell Stand Alone Complex - First Assault Online.url
2017-06-05 12:26 - 2017-06-05 12:26 - 00302964 _____ C:\Users\--\Desktop\cc_20170605_122555 (BACKUP).reg
2017-05-23 20:20 - 2017-05-23 20:20 - 00000000 ____H C:\Users\--\AppData\Local\BIT38BB.tmp
2017-05-23 20:20 - 2017-05-23 20:20 - 00000000 _____ C:\Users\--\AppData\Local\{EA3CA02A-A181-497B-BA47-146C4A0B533F}
2017-05-18 15:27 - 2017-05-18 15:34 - 00027312 _____ C:\WirelessDiagLog.csv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-12 07:26 - 2016-06-19 13:45 - 00000000 ____D C:\FRST
2017-06-12 07:19 - 2016-11-15 14:14 - 00000000 ____D C:\Users\--\AppData\LocalLow\Mozilla
2017-06-12 07:17 - 2017-04-25 21:46 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-12 07:17 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-12 07:16 - 2016-06-27 22:13 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-11 23:46 - 2017-02-04 21:46 - 00516746 _____ C:\Windows\system32\Drivers\fvstore.dat
2017-06-11 23:00 - 2016-06-19 13:44 - 02438656 _____ (Farbar) C:\Users\--\Desktop\FRST64.exe
2017-06-11 18:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-06-11 16:37 - 2016-06-07 06:46 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-06-11 16:29 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-11 16:29 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-11 16:17 - 2016-05-16 08:20 - 00000000 ____D C:\Users\--\AppData\Local\ElevatedDiagnostics
2017-06-11 16:14 - 2016-01-30 18:44 - 00904736 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-11 16:14 - 2009-07-13 22:13 - 00904736 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-11 15:53 - 2016-05-22 16:41 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-11 15:35 - 2016-06-07 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-11 15:35 - 2016-06-07 06:52 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-11 14:23 - 2016-06-21 10:14 - 00000000 ____D C:\AdwCleaner
2017-06-10 22:51 - 2016-09-16 20:54 - 00000000 ____D C:\ProgramData\Skype
2017-06-10 20:39 - 2016-09-07 16:49 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-08 13:49 - 2016-06-07 06:53 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-06-08 13:17 - 2016-09-07 17:18 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-08 13:10 - 2016-07-16 12:46 - 00000000 ____D C:\temp
2017-06-07 15:42 - 2016-08-26 14:07 - 00000000 ____D C:\EEK
2017-06-06 20:14 - 2016-08-04 15:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-06 19:43 - 2016-06-21 19:15 - 11584088 _____ (SurfRight B.V.) C:\Users\--\Downloads\hitmanpro_x64.exe
2017-06-06 19:39 - 2016-06-28 22:26 - 00000000 ____D C:\Users\--\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-06 17:17 - 2017-04-18 21:32 - 00000000 ____D C:\Users\--\AppData\Roaming\Anki2
2017-05-31 18:49 - 2017-03-10 14:53 - 00112119 _____ C:\Users\--\Desktop\TDEE 3.0.xlsx
2017-05-30 09:58 - 2016-10-19 21:59 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-30 09:52 - 2016-06-07 06:46 - 00001062 _____ C:\Users\Public\Desktop\Comodo IceDragon.lnk
2017-05-27 18:36 - 2016-08-03 18:12 - 00000000 ___RD C:\Users\--\Documents\Scanned Documents
2017-05-23 16:42 - 2017-04-20 09:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-22 23:03 - 2016-07-17 10:19 - 00000000 ____D C:\Windows\system32\MRT
2017-05-22 23:00 - 2016-07-17 10:15 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-22 15:39 - 2009-07-13 22:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-18 17:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-05-15 20:10 - 2017-01-12 22:35 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-15 20:10 - 2017-01-12 22:35 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2016-07-15 18:05 - 2016-07-16 09:58 - 0895346 _____ () C:\Users\--\AppData\Local\ars.cache
2017-05-23 20:20 - 2017-05-23 20:20 - 0000000 ____H () C:\Users\--\AppData\Local\BIT38BB.tmp
2016-07-15 18:06 - 2016-07-16 09:58 - 0780494 _____ () C:\Users\--\AppData\Local\census.cache
2016-06-21 11:43 - 2016-06-21 11:43 - 0000036 _____ () C:\Users\--\AppData\Local\housecall.guid.cache
2016-06-16 13:05 - 2016-06-16 13:05 - 0007607 _____ () C:\Users\--\AppData\Local\Resmon.ResmonCfg
2016-06-21 11:59 - 2016-07-16 09:17 - 0000010 _____ () C:\Users\--\AppData\Local\sponge.last.runtime.cache
2017-05-23 20:20 - 2017-05-23 20:20 - 0000000 _____ () C:\Users\--\AppData\Local\{EA3CA02A-A181-497B-BA47-146C4A0B533F}
2017-04-25 18:57 - 2017-04-25 18:57 - 0047255 _____ () C:\ProgramData\agent.1493171824.bdinstall.bin
2017-04-25 18:58 - 2017-04-25 18:58 - 0028739 _____ () C:\ProgramData\agent.1493171919.bdinstall.bin
2017-04-25 20:15 - 2017-04-25 20:15 - 0028738 _____ () C:\ProgramData\agent.1493176523.bdinstall.bin
2017-06-06 18:48 - 2017-06-06 18:48 - 0028739 _____ () C:\ProgramData\agent.1496800123.bdinstall.bin
2017-06-06 18:49 - 2017-06-06 18:49 - 0028739 _____ () C:\ProgramData\agent.1496800161.bdinstall.bin
2017-06-08 12:19 - 2017-06-08 12:19 - 0028739 _____ () C:\ProgramData\agent.1496949544.bdinstall.bin
2017-06-08 12:22 - 2017-06-08 12:22 - 0028751 _____ () C:\ProgramData\agent.1496949750.bdinstall.bin
2017-06-08 12:28 - 2017-06-08 12:28 - 0029157 _____ () C:\ProgramData\agent.1496950096.bdinstall.bin
2017-06-08 12:32 - 2017-06-08 12:32 - 0046701 _____ () C:\ProgramData\agent.1496950343.bdinstall.bin
2017-06-08 12:50 - 2017-06-08 12:50 - 0028750 _____ () C:\ProgramData\agent.1496951394.bdinstall.bin
2017-06-08 13:02 - 2017-06-08 13:02 - 0029155 _____ () C:\ProgramData\agent.1496952126.bdinstall.bin
2017-04-28 09:26 - 2017-04-28 09:26 - 0029369 _____ () C:\ProgramData\agent.update.1493396785.bdinstall.bin
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-05 09:11
==================== End of FRST.txt ============================
Edited by Carpentry, 12 June 2017 - 10:02 AM.