Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTML:RedirME-inf [trg] infection on Chrome and Firefox


  • This topic is locked This topic is locked
21 replies to this topic

#1 Nebbiolo_07

Nebbiolo_07

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 18 December 2017 - 09:35 AM

I use both Chrome and Firefox when browsing. I appear to have an infection(s) that is affecting both browsers in slightly different ways.

 

Chrome:

The page redirects and brings up an invite to take part in a Google Chrome survey, with the offer of being entered into a free draw to win an Apple iPhone 8. The page address is as follows: "http://game1492.share4-dc54-storage5.faith/default.aspx?u=v45w2kk&o=dmkp5ze&f=1". Once it has happened and I have closed the tab, it doesn't seem to happen again until I close and reopen the browser.

 

Firefox:

A few seconds after opening firefox Avast gives a threat warning and brings up a threat message which reads the following: "We've safely aborted connection on xml.plaimedia.com because it was infected with HTML:RedirME-inf [trg]". Following this, firefox normally brings up the "The connection was reset" page. Once I have closed the avast threat message, it doesn't seem to happen again until I close and reopen the browser.

 

The problem isn't bothering me that much, but I'm concerned that the infection is more sinister than I realise. 

 

Often (possibly always), the problem seems to occur when I'm using yahoo.

 

I have run a number of programs to try and solve the problem, but to no avail: Avast, Malwarebytes, Sophos, Norton Power Eraser, Zumana, Hitmanpro.

 

Thanks very much in anticipation for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by David (administrator) on DAVID-PC (18-12-2017 15:27:16)
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IM-history) C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-15] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-16] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-16] (Spotify Ltd)
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\MountPoints2: {54dac566-74c7-11e6-a4e5-ac7289134dda} - E:\LGAutoRun.exe
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\MountPoints2: {5b6e38a7-3863-11e5-9a5d-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{1B7C8E64-7A39-44CF-87FC-F5D77687482E}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{4AF8C3FC-A6B5-4823-BE6C-57716D47B260}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
 
Internet Explorer:
==================
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.dell.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-16] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-08] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-08] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-08] (Oracle Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1474963403489
 
FireFox:
========
FF DefaultProfile: i33es8km.default-1512643936929
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i33es8km.default-1512643936929 [2017-12-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-21] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3459912657-3031662703-3452388855-1000: @citrixonline.com/appdetectorplugin -> C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-3459912657-3031662703-3452388855-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\David\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi.dll [2016-02-26] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3459912657-3031662703-3452388855-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\David\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi-x64.dll [2016-02-26] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2017-12-18]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16]
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-06]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-16] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-09] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2016-03-09] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [135168 2012-06-29] (Nalpeiron Ltd.) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-06-29] (Nalpeiron Ltd.) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] () [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-16] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-16] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-16] (AVAST Software)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-18] (Malwarebytes)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-12-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-12-07] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-18 15:27 - 2017-12-18 15:28 - 000021608 _____ C:\Users\David\Downloads\FRST.txt
2017-12-18 15:26 - 2017-12-18 15:26 - 000000000 ____D C:\Users\David\Downloads\FRST-OlderVersion
2017-12-18 07:43 - 2017-12-18 07:43 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-15 09:04 - 2017-12-18 07:45 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-12 17:13 - 2017-12-15 23:29 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2017-12-12 14:37 - 2017-12-12 14:37 - 016168904 _____ C:\Users\David\Downloads\archive (2).zip
2017-12-12 14:36 - 2017-12-12 14:36 - 015308808 _____ C:\Users\David\Downloads\archive (1).zip
2017-12-11 11:57 - 2017-12-18 15:27 - 000000000 ____D C:\FRST
2017-12-11 11:52 - 2017-12-18 15:26 - 002392064 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2017-12-08 18:14 - 2017-12-16 21:35 - 000000000 ____D C:\Users\David\AppData\Local\Spotify
2017-12-08 18:14 - 2017-12-08 18:14 - 000001805 _____ C:\Users\David\Desktop\Spotify.lnk
2017-12-08 18:12 - 2017-12-16 21:33 - 000000000 ____D C:\Users\David\AppData\Roaming\Spotify
2017-12-08 18:12 - 2017-12-08 18:12 - 000725488 _____ (Spotify Ltd) C:\Users\David\Downloads\SpotifySetup (2).exe
2017-12-08 17:59 - 2017-12-08 17:59 - 007189760 _____ (VS Revo Group ) C:\Users\David\Downloads\revosetup.exe
2017-12-08 17:59 - 2017-12-08 17:59 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-12-08 17:59 - 2017-12-08 17:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-12-08 17:59 - 2017-12-08 17:59 - 000000000 ____D C:\Program Files\VS Revo Group
2017-12-08 17:55 - 2017-12-08 17:55 - 000078724 _____ C:\Users\David\Downloads\SpotifySetup.zip
2017-12-07 12:07 - 2017-12-07 12:07 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-12-07 11:52 - 2017-12-07 11:52 - 000000000 ____D C:\Users\David\Desktop\Old Firefox Data
2017-12-07 11:34 - 2017-12-07 11:35 - 015808656 _____ (Copyright 2017.) C:\Users\David\Downloads\Zemana.AntiMalware.Portable (2).exe
2017-12-07 09:46 - 2017-12-07 12:08 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-07 09:46 - 2017-12-07 09:46 - 011584088 _____ (SurfRight B.V.) C:\Users\David\Downloads\hitmanpro_x64.exe
2017-12-07 08:42 - 2017-12-07 08:42 - 015808656 _____ (Copyright 2017.) C:\Users\David\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-12-07 08:16 - 2017-12-18 15:27 - 000100249 _____ C:\Windows\ZAM.krnl.trace
2017-12-07 08:16 - 2017-12-18 15:27 - 000071898 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-07 08:16 - 2017-12-07 08:16 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-12-07 08:16 - 2017-12-07 08:16 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-12-07 08:16 - 2017-12-07 08:16 - 000000000 ____D C:\Users\David\AppData\Local\Zemana
2017-12-07 08:15 - 2017-12-07 08:16 - 015808656 _____ (Copyright 2017.) C:\Users\David\Downloads\Zemana.AntiMalware.Portable.exe
2017-12-06 22:26 - 2017-12-06 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-06 21:05 - 2017-12-06 21:05 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-06 09:37 - 2017-12-06 09:37 - 000000000 ____D C:\ProgramData\Sophos
2017-12-06 08:46 - 2017-12-06 08:47 - 000000000 ____D C:\NPE
2017-12-06 08:43 - 2017-12-06 09:23 - 000000000 ____D C:\Users\David\AppData\Local\NPE
2017-12-06 08:43 - 2017-12-06 08:43 - 000000000 ____D C:\ProgramData\Norton
2017-12-06 08:32 - 2017-12-06 08:32 - 003422944 _____ (Symantec Corporation) C:\Users\David\Downloads\NPE.exe
2017-12-05 02:06 - 2017-12-05 02:06 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-12-05 02:06 - 2017-12-05 02:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-12-04 22:23 - 2017-12-04 22:23 - 000033981 _____ C:\Users\David\Downloads\result.pdf
2017-12-02 12:13 - 2017-12-02 12:13 - 000723152 _____ (Spotify Ltd) C:\Users\David\Downloads\SpotifySetup (1).exe
2017-11-30 09:59 - 2017-11-30 09:59 - 000003943 _____ C:\Users\David\Downloads\L1304 1 043 20171120 (1).PDF
2017-11-30 09:58 - 2017-11-30 09:58 - 000003943 _____ C:\Users\David\Downloads\L1304 1 043 20171120.PDF
2017-11-30 09:35 - 2017-12-09 17:20 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-30 09:35 - 2017-11-30 09:35 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-30 09:35 - 2017-11-30 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-30 09:34 - 2017-11-30 09:34 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-30 09:32 - 2017-11-30 09:33 - 078346672 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-21 18:38 - 2017-11-21 18:38 - 000006524 _____ C:\Users\David\Downloads\SRT - Detailed results (6).pdf
2017-11-21 17:27 - 2017-11-21 17:27 - 000006226 _____ C:\Users\David\Downloads\SRT - Detailed results (5).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-18 15:25 - 2015-08-03 08:07 - 000000000 ____D C:\Users\David\AppData\Roaming\Skype
2017-12-18 15:20 - 2016-03-09 09:58 - 000001106 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-12-18 15:03 - 2016-11-24 15:15 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2017-12-18 14:52 - 2017-01-05 14:54 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job
2017-12-18 14:19 - 2017-01-05 14:54 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job
2017-12-18 12:52 - 2017-07-08 10:49 - 000000000 ____D C:\Users\David\AppData\Local\GoToMeeting
2017-12-18 08:02 - 2009-07-14 05:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-18 08:02 - 2009-07-14 05:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-18 07:43 - 2016-03-09 09:58 - 000001102 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-12-18 07:42 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-17 01:00 - 2015-08-01 21:27 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2017-12-16 14:24 - 2015-08-06 11:03 - 000000000 ____D C:\Users\David\AppData\Local\Adobe
2017-12-16 14:17 - 2017-08-06 10:57 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-16 14:17 - 2015-08-06 11:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-16 14:17 - 2015-08-06 11:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-16 14:17 - 2015-08-06 11:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-16 14:17 - 2015-08-06 11:05 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-16 09:02 - 2015-08-01 15:54 - 000000000 ____D C:\Users\David
2017-12-15 18:51 - 2017-01-05 14:54 - 000003656 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000
2017-12-15 18:51 - 2017-01-05 14:54 - 000003560 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000
2017-12-15 18:51 - 2016-03-22 21:57 - 000003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458680219
2017-12-15 18:51 - 2016-03-09 09:58 - 000004112 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-12-15 18:51 - 2016-03-09 09:58 - 000003860 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-12-15 18:51 - 2015-12-16 09:09 - 000003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-15 18:51 - 2015-12-16 09:09 - 000003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-15 18:51 - 2015-12-03 22:11 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-12-15 18:51 - 2015-08-07 09:58 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-15 18:51 - 2015-08-01 17:36 - 000003066 _____ C:\Windows\System32\Tasks\{63425FEB-6378-4EC6-97B2-025AE9FCBA72}
2017-12-12 08:00 - 2015-12-16 09:09 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-12 08:00 - 2015-12-16 09:09 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-09 08:45 - 2016-11-23 22:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-09 08:45 - 2015-08-01 18:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-08 22:58 - 2016-07-23 21:51 - 000000000 ____D C:\Users\David\AppData\Roaming\5kplayer
2017-12-08 18:14 - 2015-10-01 13:44 - 000001791 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-12-07 12:07 - 2016-06-24 05:52 - 000000000 ____D C:\Users\David\Documents\ABBYY PDF Transformer 3.0.100.399
2017-12-06 22:26 - 2016-03-09 09:58 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-06 12:46 - 2009-07-14 06:13 - 000752560 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-06 12:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-05 11:01 - 2017-02-07 13:38 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-30 23:02 - 2015-08-07 09:57 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 09:34 - 2015-08-01 18:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-26 05:17 - 2009-07-14 06:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-24 17:25 - 2015-11-28 20:09 - 000000000 ____D C:\Users\David\AppData\Roaming\dvdcss
 
==================== Files in the root of some directories =======
 
2016-12-12 11:05 - 2016-12-12 11:06 - 000004608 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 17:34 - 2015-08-01 17:34 - 000001696 _____ () C:\Users\David\AppData\Local\FastClean.20150801.183443.txt
2015-08-01 17:36 - 2015-08-01 17:36 - 000001696 _____ () C:\Users\David\AppData\Local\FastClean.20150801.183631.txt
 
Some files in TEMP:
====================
2015-08-06 10:58 - 2015-08-06 11:08 - 000003584 _____ () C:\Users\David\AppData\Local\Temp\2qvjzt6j.dll
2017-03-08 08:52 - 2017-03-08 08:52 - 000009728 _____ () C:\Users\David\AppData\Local\Temp\7unolm8u.dll
2017-03-05 11:38 - 2017-03-05 11:39 - 000003584 _____ () C:\Users\David\AppData\Local\Temp\adpmoyau.dll
2017-02-26 22:21 - 2017-02-26 22:21 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\afwniocp.dll
2015-08-06 09:54 - 2015-08-06 10:09 - 000003584 _____ () C:\Users\David\AppData\Local\Temp\b40nygsk.dll
2015-08-06 10:13 - 2015-08-06 10:53 - 000009728 _____ () C:\Users\David\AppData\Local\Temp\bassmod.dll
2017-02-20 11:43 - 2017-02-20 11:43 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\c4zdnkdl.dll
2017-04-20 17:17 - 2017-04-20 17:17 - 000032768 _____ () C:\Users\David\AppData\Local\Temp\ebonghc6.dll
2017-03-10 07:53 - 2017-03-10 07:53 - 000011264 _____ () C:\Users\David\AppData\Local\Temp\fdnuin9y.dll
2017-03-14 14:42 - 2017-03-14 14:42 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\fir3ap9m.dll
2017-04-05 15:07 - 2017-10-18 21:10 - 000079904 _____ () C:\Users\David\AppData\Local\Temp\i4jdel0.exe
2016-06-15 15:07 - 2016-06-15 15:07 - 000035680 _____ () C:\Users\David\AppData\Local\Temp\i4jdel1.exe
2017-03-02 10:38 - 2017-03-02 10:38 - 000011264 _____ () C:\Users\David\AppData\Local\Temp\iekhfool.dll
2016-08-23 10:58 - 2016-08-23 10:58 - 000741440 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u101-windows-au.exe
2015-12-16 08:29 - 2015-12-16 08:29 - 000585824 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-03-08 00:12 - 2016-03-08 00:12 - 000736352 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-04-12 07:15 - 2016-04-12 07:15 - 000736320 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-03 21:34 - 2016-05-03 21:34 - 000739904 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-08-10 13:21 - 2015-08-10 13:22 - 050067152 _____ (Microsoft Corporation) C:\Users\David\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
2017-03-27 07:00 - 2017-03-27 07:00 - 000009728 _____ () C:\Users\David\AppData\Local\Temp\o2lujxz9.dll
2017-02-14 09:22 - 2017-02-14 09:22 - 000032768 _____ () C:\Users\David\AppData\Local\Temp\qjeepedz.dll
2017-03-01 11:11 - 2017-03-01 11:11 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\r-gbq2b4.dll
2017-03-02 10:38 - 2017-03-02 10:38 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\r8axgbp3.dll
2017-02-28 12:39 - 2017-02-28 12:39 - 000005632 _____ () C:\Users\David\AppData\Local\Temp\rne4epda.dll
2017-03-14 07:15 - 2017-03-14 07:15 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\rwvbpyn0.dll
2015-08-06 10:43 - 2015-08-06 10:52 - 000003584 _____ () C:\Users\David\AppData\Local\Temp\sdb-bvru.dll
2016-05-10 08:46 - 2016-05-17 09:15 - 045196928 _____ (Skype Technologies S.A.) C:\Users\David\AppData\Local\Temp\SkypeSetup.exe
2017-02-23 10:29 - 2017-02-23 10:29 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\sosronlf.dll
2017-02-14 06:33 - 2017-02-14 06:33 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\toldlhxj.dll
2016-08-16 21:37 - 2016-08-16 21:37 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\txyo69ku.dll
2015-08-06 10:34 - 2015-08-06 10:34 - 000004096 _____ () C:\Users\David\AppData\Local\Temp\uh8f-w_i.dll
2017-04-27 06:53 - 2017-04-27 06:53 - 000011264 _____ () C:\Users\David\AppData\Local\Temp\vlvxigcv.dll
2017-03-23 14:08 - 2017-03-23 14:08 - 000032768 _____ () C:\Users\David\AppData\Local\Temp\xfvri8fn.dll
2017-02-17 07:36 - 2017-02-17 07:36 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\xh3qz_qf.dll
2006-05-24 18:10 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\David\AppData\Local\Temp\_is6F4.exe
2006-05-24 18:10 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\David\AppData\Local\Temp\_isF23C.exe
2016-12-15 19:19 - 2016-12-15 19:22 - 074853056 _____ (Dropbox, Inc.) C:\Users\David\AppData\Local\Temp\{1AAC8C7B-7C67-474B-B733-896C58A72D34}-DropboxClient_16.4.29.exe
2016-12-08 19:21 - 2016-12-08 19:21 - 013983608 _____ (Google Inc.) C:\Users\David\AppData\Local\Temp\{E26A012A-0752-4D6E-8339-B9CB8DF0FC2B}-55.0.2883.87_54.0.2840.99_chrome_updater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-09 17:38
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by David (18-12-2017 15:29:44)
Running from C:\Users\David\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-08-01 14:54:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3459912657-3031662703-3452388855-500 - Administrator - Disabled)
David (S-1-5-21-3459912657-3031662703-3452388855-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-3459912657-3031662703-3452388855-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3459912657-3031662703-3452388855-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
5KPlayer 4.0 (HKLM-x32\...\5KPlayer_is1) (Version:  - DearMob, Inc.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.21 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Adobe Connect 9 Add-in) (Version: 11.9.979.366 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5AF0B1A8-1EF7-0FF7-5504-4983FB76F914}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 3.5 - Power Software Ltd)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.24.2 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EclipseCrossword (HKLM-x32\...\{F389DB8F-0716-4FC6-82B2-02B2FA2B4F24}) (Version: 1.2.61 - Green Eclipse)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
ExpressVPN (HKLM-x32\...\{7689678D-6332-45FA-BE84-11057A21B348}) (Version: 5.0.1.551 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{7e9357d8-8bdd-4e72-88ac-1b3acedd2b32}) (Version: 5.0.1.551 - ExpressVPN)
ExpressVPN Compatibility Checks (HKLM-x32\...\{F29EAC42-41E5-47B9-8B75-DFD1B1979DB7}) (Version: 1.0.0.0 - ExpressVPN) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Football Manager 2011 (HKLM-x32\...\Football Manager 2011) (Version: 11.0.0.0 - Sports Interactive)
Free2X Webcam Recorder 1.0.0.1 (HKLM-x32\...\Free2X Webcam Recorder_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToMeeting 8.18.0.8034 (HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\GoToMeeting) (Version: 8.18.0.8034 - LogMeIn, Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Hazon clic (HKLM-x32\...\{4514501C-A3CF-456D-B2AD-508EDE42C61A}) (Version:  - )
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024F0}) (Version: 6.0.240 - Oracle)
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Loquendo TTS: Elizabeth (British English) (HKLM-x32\...\LoqTTS-Elizabeth_is1) (Version:  - )
Loquendo TTS: Simon (British English) (HKLM-x32\...\LoqTTS-Simon_is1) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 57.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-GB)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MultiSkypeLauncher (remove only) (HKLM-x32\...\MultiSkypeLauncher) (Version: 1.8 - MultiSkypeLauncher)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
SDL MultiTerm 2011 SP2 - Remove suite of products (HKLM-x32\...\Multiterm2011) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Convert (HKLM-x32\...\{212062FE-9FEF-457F-980F-6B25270CC99D}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Core (HKLM-x32\...\{6664CA13-C9B1-4488-881E-4AC14CE0F260}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Desktop (HKLM-x32\...\{777BE1C2-F665-42E2-90DD-157A67715710}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Extract (HKLM-x32\...\{7071528D-59E2-412D-8EA4-272C87F7027C}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Word Integration (HKLM-x32\...\{7C21542D-7618-42D4-990D-9B458DCDE71E}) (Version: 9.2.361 - SDL)
SDL Passolo Essential 2011 SP6 (HKLM-x32\...\{627163CD-8116-4982-9AC1-8C6DE4A499A0}) (Version: 11.6.0.0 - SDL)
SDL Trados 2011 SP2 - Remove suite of products (HKLM-x32\...\TranslationStudio2011) (Version: 2.2.3001 - SDL)
SDL Trados Compatibility module (HKLM-x32\...\{7230BA04-AE1B-4C17-91A0-E7DF6DF6E05C}) (Version: 1.0.72 - SDL)
SDL Trados Studio 2011 SP2 (HKLM-x32\...\{7205B6D1-2975-4DDC-85D4-30AECFBFC138}) (Version: 2.2.3001 - SDL)
Skype Meetings App (HKLM-x32\...\{240D565E-3537-4048-8920-FAAB2A136A84}) (Version: 16.2.0.23 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless WiFi (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Software Intel® PROSet/Wireless WiMAX (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
Spotify (HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Validity Sensors DDK (HKLM\...\{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}) (Version: 4.3.108.0 - Validity Sensors, Inc.)
Vidyo Desktop 3.6.3 - (David) (HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Vidyo Desktop) (Version: 3.6.3 - Vidyo Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\GatewayActiveX-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\David\AppData\Local\Citrix\GoToMeeting\6140\G2MOutlookAddin64.dll => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [TranslationStudioShlExt2011] -> {F6C08E19-DCE1-45B5-A225-E94FADB585DD} => C:\Program Files (x86)\SDL\SDL Trados Studio\Studio2\TranslationStudioExt.dll [2012-07-05] (TODO: <Company name>)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-15] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {17A0212C-84A3-479D-9736-DAC173FC9EE2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-09] (Dropbox, Inc.)
Task: {1CEB3D0D-C619-4C9F-A251-6C839C1BE188} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-16] (AVAST Software)
Task: {3A57F3EF-6938-47C6-994C-BE15B24FCA2E} - System32\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000 => C:\Users\David\AppData\Local\GoToMeeting\8034\g2mupload.exe [2017-12-06] (LogMeIn, Inc.)
Task: {43749702-9ABF-4EE3-B829-44CB5F2D4D94} - System32\Tasks\{63425FEB-6378-4EC6-97B2-025AE9FCBA72} => C:\Windows\system32\pcalua.exe -a F:\drivers\R314281.exe -d F:\drivers
Task: {51FC791C-1198-4ABC-93EA-A6D0E59A32A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {5C8545BF-DE5A-4913-BE04-24E95AC28B2E} - System32\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000 => C:\Users\David\AppData\Local\GoToMeeting\8034\g2mupdate.exe [2017-12-06] (LogMeIn, Inc.)
Task: {66B1F354-7FB9-48EA-A251-299426E975FB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-06] (AVAST Software)
Task: {A9A5E45D-12B4-40E9-9797-16421D7E14D9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-12-08] (AVAST Software)
Task: {BAB0A7A8-4AA8-426E-AE96-0329ED6C1865} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {BCED2FE1-EED2-45A8-AD9D-7732246AF78C} - System32\Tasks\SafeZone scheduled Autoupdate 1458680219 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {F390E493-19B4-42C2-8283-ED139D6DE8EB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-09] (Dropbox, Inc.)
Task: {F7A28853-4D4B-44DC-8570-951CD47C00ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {F904EEF1-204C-42A6-9FBE-7A0A591B6968} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-16] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job => C:\Users\David\AppData\Local\GoToMeeting\8034\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job => C:\Users\David\AppData\Local\GoToMeeting\8034\g2mupload.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-01 16:17 - 2010-12-15 09:46 - 000686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2015-08-01 17:26 - 2012-11-15 01:03 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 19:07 - 2011-07-27 19:07 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2016-03-09 14:56 - 2016-03-09 14:56 - 000331264 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2016-03-10 15:56 - 2016-03-10 15:56 - 009641976 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2015-08-04 13:18 - 2005-04-22 12:36 - 000143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-02-18 07:18 - 2011-02-18 07:18 - 000245760 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2017-11-30 09:35 - 2017-12-09 17:20 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-11-16 10:58 - 2017-11-16 10:58 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000281536 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2017-12-12 08:00 - 2017-12-06 05:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-12 08:00 - 2017-12-06 05:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-12-17 21:33 - 2017-12-17 21:33 - 005766800 _____ () C:\Program Files\AVAST Software\Avast\defs\17121700\algo.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-12-18 11:45 - 2017-12-18 11:45 - 005766800 _____ () C:\Program Files\AVAST Software\Avast\defs\17121800\algo.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-07-10 21:16 - 2017-07-10 21:16 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-16 10:58 - 2017-11-16 10:58 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-03-10 15:56 - 2016-03-10 15:56 - 000379384 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2017-12-06 22:25 - 2017-12-05 02:06 - 000725312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-12-06 22:25 - 2017-12-05 02:06 - 002075456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-12-06 22:26 - 2017-12-05 02:06 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-12-06 22:26 - 2017-12-05 02:06 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-12-06 22:26 - 2017-12-05 02:08 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-12-06 22:25 - 2017-12-05 02:07 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-12-06 22:26 - 2017-12-05 02:08 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-12-06 22:25 - 2017-12-05 02:07 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-12-06 22:26 - 2017-12-05 02:09 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-06-28 11:20 - 2016-10-08 15:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-06-28 11:20 - 2016-07-21 09:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-08-23 08:32 - 2017-08-23 08:32 - 000169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e02990982d5c841556f4bc4041a38de0\IsdiInterop.ni.dll
2015-08-01 16:37 - 2010-11-05 22:50 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2006-10-26 20:30 - 2006-10-26 20:30 - 000065312 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 14:35 - 2006-10-27 14:35 - 000436512 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2006-10-26 12:56 - 2006-10-26 12:56 - 000757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:netNLSPreferences [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 62.101.93.101
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: PDFProFiltSrvPP => 2
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MultiSkypeLauncher.lnk => C:\Windows\pss\MultiSkypeLauncher.lnk.Startup
MSCONFIG\startupreg: 5KPlayer.exe => "C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe" -auto
MSCONFIG\startupreg: ABBYY Screenshot Reader Bonus => "C:\Program Files (x86)\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe" -autorun
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: Hazon clic => "C:\Program Files (x86)\Garzanti Linguistica\Hazon clic\HAZON.EXE" -I
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => C:\Users\David\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Vidyo Desktop => C:\Users\David\AppData\Local\Vidyo\Vidyo Desktop\VidyoDesktop.exe
MSCONFIG\startupreg: WirelessManager => "C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{428DDB47-AC87-4A54-9A47-95E67A72E1C1}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{4547EC1C-006F-4303-8B68-9D38E2E5E905}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{2598580E-BA54-4673-A015-824D2F119838}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{3334636A-8AF0-4230-BD57-801BE7C1FE31}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{938AAD73-1C06-4271-BEFC-0949BE9FFA93}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{295DCE28-70DB-4BBC-8569-0879DC5D9D5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21F6B83E-CEA0-4BC2-BC96-6C7E16A1A769}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2174D44E-D99D-453C-8FBA-3353D7195644}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{86476E60-9747-4E31-BC45-77E9DC585FE5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{190BE4F1-1F96-43A2-B103-D2B25E811D74}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B12EB9A5-AB89-415C-8516-1733C016802A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{FE914B56-310D-4A3A-9E19-D45489A4C954}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{4EDEF5E2-9739-4D62-9861-C35711DB6208}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{A2065ED3-3C9A-44E9-A551-FD0F1D7A5B32}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{663CE241-8BD9-4752-922C-A11ABEE823AE}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{266C0B80-925E-4BD1-9A5B-0F76DBEC0B74}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{B4A6FC6A-894F-4B77-9127-51D7B438BD04}] => (Allow) LPort=54925
FirewallRules: [{E792E51A-1BC5-43FD-9F40-BE7A27759E35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD636760-C5E5-41DC-B741-6A4BAE21E80C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3BF0BA81-96CD-46C5-88A4-8342930D6A97}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{39C68351-BDF6-44EA-A852-3A855A4144B7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{45FD30DC-B1D6-4D17-A904-D272843DE272}C:\users\david\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.23\pluginhost.exe] => (Allow) C:\users\david\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.23\pluginhost.exe
FirewallRules: [UDP Query User{114F1D19-D218-47E4-9D3E-93DBDA17E933}C:\users\david\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.23\pluginhost.exe] => (Allow) C:\users\david\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.23\pluginhost.exe
FirewallRules: [{C69C13DC-6AF7-4ECB-8D8B-EB43684EEF6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8243FE03-2D16-4C16-B723-94D9E43CDE11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6D46AFFB-900D-49B7-963F-D09DBADF7921}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{442777D0-1FA8-4127-B404-6A2594578E0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{02B91C3A-C689-453D-B2C2-41317A9E6F65}C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe] => (Allow) C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe
FirewallRules: [UDP Query User{42E378B8-2CBE-4698-85ED-0F415A26737A}C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe] => (Allow) C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe
FirewallRules: [TCP Query User{23800015-ED8B-4C0F-A3A6-A3CDC6409B95}C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe] => (Allow) C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe
FirewallRules: [UDP Query User{AECB1A54-F21D-40BF-8108-1A31671C8DDC}C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe] => (Allow) C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe
FirewallRules: [{5259567C-0511-416D-8805-9A433E702F87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{66AEE627-B372-4760-8773-9C1C76461A83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD4BC11B-027D-4638-9B5D-F49C9E4AECDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{58EA8238-64EE-4449-ABA8-001B0B2DA8BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{653E83C0-4FA2-40A9-B01F-297929AF1C3F}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{AB07A73E-D901-4A9F-B171-DCA53A7F6A69}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{9A8AD6EF-AF8F-4B6E-80CD-17F164DF0B34}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{C627E0DE-2DDD-41F7-9C6D-274138850DAC}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{75AD68DC-705F-45D8-A74B-112F67C9502E}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
FirewallRules: [{F0F11B36-0219-4081-A591-70E33BF6B1A5}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
FirewallRules: [{D38A1C17-DECC-4292-A0DB-24A75A481E30}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
FirewallRules: [{55D4BAEB-B1DA-4141-A1D8-DA5B50AAA2A4}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
FirewallRules: [{16585130-547C-46CE-93B8-D1C3652094B9}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{980D763B-6201-474C-BCB5-6C6850738F03}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F9311C75-9F50-41D0-91BF-F2BB3C652B00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{05F3B00E-F426-4AD5-BF51-2CE65264BFFB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E1FD54BA-620D-4F31-ACEB-57ED53EAA2C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6CDAD8BE-859F-4AA2-AD3B-5161B48F9E53}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{945379EE-976C-4230-8BD3-2F167036FBC8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{449C9150-DCC0-40BF-B652-A6BC44DE04E8}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{ECDA228C-6ADB-4667-9C40-56860D12F3E2}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{3270D585-44CD-4E9B-A49C-58D78394A178}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{EAF85D70-9554-4F33-BFC7-B5C990A93AA8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{3F3A5123-9E6C-4A36-BACA-10333C80517C}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FE2E74A2-0A0D-42FB-96D6-60F42C2AAD74}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3CD45308-0172-45D7-AC76-D54B5953E962}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DD2C8E17-54D2-4998-A607-99E425CC8593}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [{61B6FD58-D4B3-4723-BBFB-72CC15AF2B5C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
06-12-2017 09:10:27 Norton_Power_Eraser_20171206091020080
06-12-2017 09:34:33 Installed Sophos Virus Removal Tool.
07-12-2017 08:37:32 Removed Sophos Virus Removal Tool.
07-12-2017 12:06:06 Punto di controllo di HitmanPro
07-12-2017 12:07:18 Punto di controllo di HitmanPro
08-12-2017 18:00:38 Revo Uninstaller's restore point - Spotify
16-12-2017 09:42:07 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/18/2017 07:44:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/18/2017 07:43:02 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
 
Error: (12/17/2017 09:29:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 09:29:11 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
 
Error: (12/17/2017 09:22:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/17/2017 09:20:58 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
 
Error: (12/17/2017 12:56:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4306
 
Error: (12/17/2017 12:56:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4306
 
Error: (12/17/2017 12:56:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/16/2017 06:13:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (12/18/2017 07:44:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/18/2017 07:44:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (12/18/2017 07:43:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/18/2017 07:43:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 258
 
Error: (12/17/2017 09:41:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/17/2017 09:30:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/17/2017 09:30:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/17/2017 09:29:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (12/17/2017 01:08:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (12/17/2017 01:08:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 79%
Total physical RAM: 4003.19 MB
Available physical RAM: 831.65 MB
Total Virtual: 8004.56 MB
Available Virtual: 3237.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:293.3 GB) NTFS
Drive d: (FM2011) (CDROM) (Total:2.53 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0DF3601D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 19 December 2017 - 10:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-06]
CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
C:\Program Files (x86)\Skype\Browser
CustomCLSID: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\David\AppData\Local\Citrix\GoToMeeting\6140\G2MOutlookAddin64.dll => No File
AlternateDataStreams: C:\Windows:netNLSPreferences [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024F0}) (Version: 6.0.240 - Oracle)
===

Please let me know what problem persists with this computer.

#3 Nebbiolo_07

Nebbiolo_07
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 21 December 2017 - 06:43 AM

Hi Nasdaq,

 

Thank you very much for your response and help, it's much appreciated.

 

I have carried out all of the steps you suggested, expect one. I use some software (about 6 years old) which in the past has encountered problems, i.e. it doesn't work, when Java 6 Update 24 is not installed, and this software it vital for my work.  So, for now, I have done everything except uninstall this version of Java.  If you tell me that it is essential in order to resolve this problem, I will give it a go and see what happens to my software, I suppose I can always reinstall that version if necessary. Please let me know.

 

The text from the fixlog is copied below.

 

Regarding the problems, the problem has recurred exactly as it did before in Firefox, thus far I haven't seen anything happen in Chrome, but it is early days I guess since I only completed all the steps about 30 mins ago.  I use Chrome most of the time, so if anything happens I'll let you know.

 

I await your response, thanks again.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by David (21-12-2017 09:48:59) Run:1
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-06]
CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
C:\Program Files (x86)\Skype\Browser
CustomCLSID: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\David\AppData\Local\Citrix\GoToMeeting\6140\G2MOutlookAddin64.dll => No File
AlternateDataStreams: C:\Windows:netNLSPreferences [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe => No running process found
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe => No running process found
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe => No running process found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-06] => Error: No automatic fix found for this entry.
CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-07] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => key could not remove, key could be protected
"HKLM\System\CurrentControlSet\Services\WsDrvInst" => removed successfully
WsDrvInst => service removed successfully
C:\Program Files (x86)\Skype\Browser => moved successfully
"HKU\S-1-5-21-3459912657-3031662703-3452388855-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => removed successfully
C:\Windows => ":netNLSPreferences" ADS removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54204392 B
Java, Flash, Steam htmlcache => 43522 B
Windows/system/drivers => 1099532184 B
Edge => 0 B
Chrome => 780276645 B
Firefox => 216884152 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 481442 B
David => 2642915527 B
 
RecycleBin => 24885725470 B
EmptyTemp: => 27.6 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-12-2017 10:03:26)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => key could not remove, key could be protected
 
==== End of Fixlog 10:03:26 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 21 December 2017 - 08:44 AM

Hi,

Java 6 Update 24 is not installed, and this software it vital for my work.

Leave it alone..

---

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

If the problem persists and you are Syncing Firefox with other devices it may be the cause.
Disable it.
https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer

Keep me posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 27 December 2017 - 09:11 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#6 Nebbiolo_07

Nebbiolo_07
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 27 December 2017 - 05:00 PM

Hi Nasdaq,

 

Sorry for the delay in coming back, Christmas and all that...

 

The problem is certainly still persisting in Firefox, but as far as I can tell Chrome is OK.  I did the firefox refresh as you suggested (in the first set of instructions) and I'm not syncing with other devices, is there anything else I can do?

 

Thanks in advance.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 28 December 2017 - 08:00 AM

Remove and reinstall FireFox.

Before proceeding save your Bookmarks. (Export)
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Firefox Password manager - Import your passwords.
Password Manager - Remember, delete, change and import saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Restart the computer normallhy.

Install the latest version of the application.
https://www.mozilla.org/en-US/firefox/new/

Import your Bookmarks. Same link as the Export function above.

---

How is it now?

Edited by nasdaq, 28 December 2017 - 08:03 AM.


#8 Nebbiolo_07

Nebbiolo_07
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 31 December 2017 - 07:25 AM

Hi Nasdaq,

 

I've done that, and the early signs look good. Normally the problem in Firefox happens almost immediately, and 5 mins of using the browser hasn't reproduced it.

 

Even though Chrome seems OK, I do sometimes get something strange happen when opening pages, but it doesn't happen all the time. Before bringing up the page I clicked through to, the browser goes completely blank (often with a colour like red or purple), it's very fleeting (half a second) and then the page appears. I'm not sure if it's connected, it might be nothing, but I was thinking that perhaps uninstalling and reinstalling Chrome might be worth doing, what do you think?

 

Thanks very much for all your help with this.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 31 December 2017 - 08:31 AM

Hi,

When you fell sure that Firefox is working well take care of Chrome.

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data
https://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/


:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en


:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

#10 Nebbiolo_07

Nebbiolo_07
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 04 January 2018 - 06:27 AM

Hi Nasdaq,

 

Things are looking good on Firefox so I went ahead and uninstalled/installed Chrome.  I'll give it a couple of days and let you know how it looks.

 

Thanks.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 04 January 2018 - 08:42 AM

Keep me posted.

#12 Nebbiolo_07

Nebbiolo_07
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 08 January 2018 - 04:43 AM

Hi there,

 

OK, Firefox still seems to be OK as far as I can tell.

 

However, Chrome does still have issues. Today I got a new warning from Avast: "We’ve safely aborted connection on coinhive.com because it was infected with JS:Miner-C [Trj]". In addition, the behaviour I reported before where a web page will go momentarily and colourfully blank before loading is still happening.

 

I'll await your thoughts.

 

Thanks.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 08 January 2018 - 07:49 AM

Hi,

If not already done please update Malwarebytes and clean everything that will be found.

---

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Delete your current version of the FABAR program

Download the latest version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Post the logs for my review.

p.s.
Did you reset the Syncing on Chrome, or are you not using it.

#14 Nebbiolo_07

Nebbiolo_07
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 12 January 2018 - 02:50 AM

Hi Nasdaq,

 

A couple of things before I copy in the reports. 1. Malwarebytes came back with no threats.  2. I am not using syncing on Chrome (not to my knowledge anyway).  The logs are posted as requested.  Thanks again.

 

# AdwCleaner 7.0.6.0 - Logfile created on Fri Jan 12 07:28:35 2018
# Updated on 2017/21/12 by Malwarebytes
# Database: 01-10-2018.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by David (administrator) on DAVID-PC (12-01-2018 08:35:48)
Running from C:\Users\David\Desktop\FARBAR
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-15] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-09] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2018-01-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-09-27] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-16] (Spotify Ltd)
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446856 2018-01-09] (Skype Technologies S.A.)
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\MountPoints2: {54dac566-74c7-11e6-a4e5-ac7289134dda} - E:\LGAutoRun.exe
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\MountPoints2: {5b6e38a7-3863-11e5-9a5d-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{1B7C8E64-7A39-44CF-87FC-F5D77687482E}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{4AF8C3FC-A6B5-4823-BE6C-57716D47B260}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

Internet Explorer:
==================
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.dell.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.1\bin\ssv.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-16] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9.0.1\bin\jp2ssv.dll [2017-12-21] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_24\bin\ssv.dll [2015-08-06] (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_24\bin\jp2ssv.dll [2015-08-06] (Sun Microsystems, Inc.)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1474963403489

FireFox:
========
FF DefaultProfile: 4qmkgdvt.default-1514716501323
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4qmkgdvt.default-1514716501323 [2018-01-12]
FF Extension: (Avast Online Security) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4qmkgdvt.default-1514716501323\Extensions\wrc@avast.com.xpi [2017-11-16]
FF Extension: (Disable JavaScript Shared Memory) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4qmkgdvt.default-1514716501323\features\{4ef6a7f0-344e-4ddc-a53e-a9009ae097c5}\disable-js-shared-memory@mozilla.org.xpi [2018-01-06] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-21] ()
FF Plugin: @java.com/DTPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\dtplugin\npDeployJava1.dll [2017-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\plugin2\npjp2.dll [2017-12-21] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-21] ()
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre1.6.0_24\bin\npDeployJava1.dll [2015-08-06] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll [2015-08-06] (Sun Microsystems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3459912657-3031662703-3452388855-1000: @citrixonline.com/appdetectorplugin -> C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-3459912657-3031662703-3452388855-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\David\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi.dll [2016-02-26] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3459912657-3031662703-3452388855-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\David\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi-x64.dll [2016-02-26] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2018-01-12]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-04]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-04]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-04]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-04]
CHR Extension: (Adobe Acrobat) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-01-04]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-05]
CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-04]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-09] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-09] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2018-01-08] (Dropbox, Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2016-03-09] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [135168 2012-06-29] (Nalpeiron Ltd.) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-06-29] (Nalpeiron Ltd.) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] () [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-09] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-09] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-11] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-09] (AVAST Software)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-12] (Malwarebytes)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-12-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-12-07] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-12 08:34 - 2018-01-12 08:35 - 000000000 ____D C:\Users\David\Desktop\FARBAR
2018-01-12 08:33 - 2018-01-12 08:33 - 000000952 _____ C:\Users\David\Desktop\AdwCleaner[S0].txt
2018-01-12 08:24 - 2018-01-12 08:28 - 000000000 ____D C:\AdwCleaner
2018-01-12 08:16 - 2018-01-12 08:17 - 008198432 _____ (Malwarebytes) C:\Users\David\Desktop\adwcleaner_7.0.6.0.exe
2018-01-12 07:41 - 2018-01-12 07:41 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-12 07:40 - 2018-01-12 07:40 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-11 19:25 - 2018-01-11 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-09 14:35 - 2018-01-09 14:33 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-09 14:34 - 2018-01-09 14:34 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-08 22:15 - 2018-01-08 22:15 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-01-08 22:15 - 2018-01-08 22:15 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-01-08 22:15 - 2018-01-08 22:15 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-01-08 22:15 - 2018-01-08 22:15 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-01-07 22:59 - 2018-01-07 22:59 - 001508627 _____ C:\Users\David\Downloads\stephen_hawking_a_brief_history_of_time.pdf
2018-01-04 12:21 - 2018-01-06 08:51 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-04 12:21 - 2018-01-06 08:51 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-04 12:20 - 2018-01-04 12:20 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-04 12:20 - 2018-01-04 12:20 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-04 12:19 - 2018-01-04 12:19 - 001129816 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup(1).exe
2018-01-04 11:38 - 2018-01-04 11:38 - 000149319 _____ C:\Users\David\Desktop\bookmarks_1_4_18 chrome.html
2018-01-03 09:50 - 2018-01-03 09:50 - 001221121 _____ C:\Users\David\Downloads\Files_Online2PDF (2).zip
2018-01-03 09:47 - 2018-01-03 09:47 - 001134980 _____ C:\Users\David\Downloads\Files_Online2PDF (1).zip
2018-01-03 09:43 - 2018-01-03 09:43 - 001178399 _____ C:\Users\David\Downloads\Files_Online2PDF.zip
2017-12-31 11:34 - 2017-12-31 11:34 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-31 11:34 - 2017-12-31 11:34 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-31 11:33 - 2018-01-06 08:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-31 11:32 - 2017-12-31 11:32 - 000311232 _____ (Mozilla) C:\Users\David\Downloads\Firefox Installer.exe
2017-12-31 11:19 - 2017-12-31 11:19 - 000608266 _____ C:\Users\David\Desktop\Firefox bookmarks.html
2017-12-28 15:59 - 2017-12-28 15:59 - 000257131 _____ C:\Users\David\Downloads\Datasheet_RWS1062EDW.pdf
2017-12-21 22:58 - 2018-01-12 07:43 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2017-12-21 22:58 - 2018-01-12 07:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-21 22:56 - 2017-12-21 22:57 - 059165632 _____ (Skype Technologies S.A.) C:\Users\David\Downloads\Skype-8.12.0.14.exe
2017-12-21 21:33 - 2017-12-21 21:33 - 000000000 ____D C:\Users\David\AppData\LocalLow\Temp
2017-12-21 11:34 - 2017-12-22 14:50 - 000003668 _____ C:\Windows\System32\Tasks\JavaUpdateSched
2017-12-21 10:39 - 2017-12-21 10:41 - 101280832 _____ (Oracle Corporation) C:\Users\David\Downloads\jre-9.0.1_windows-x64_bin.exe
2017-12-21 09:48 - 2017-12-21 10:03 - 000005178 _____ C:\Users\David\Downloads\Fixlog.txt
2017-12-20 09:35 - 2017-12-20 09:36 - 000004139 _____ C:\Users\David\Downloads\L1304 1 044 20171219.PDF
2017-12-19 07:53 - 2017-12-19 07:54 - 000000000 ____D C:\Users\David\Desktop\IM November project
2017-12-18 15:26 - 2017-12-18 15:26 - 000000000 ____D C:\Users\David\Downloads\FRST-OlderVersion

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-12 08:35 - 2017-12-11 11:57 - 000000000 ____D C:\FRST
2018-01-12 08:35 - 2017-12-07 08:16 - 000067948 _____ C:\Windows\ZAM.krnl.trace
2018-01-12 08:35 - 2017-12-07 08:16 - 000037613 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-01-12 08:35 - 2016-11-24 15:15 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2018-01-12 08:21 - 2017-01-05 14:54 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job
2018-01-12 08:19 - 2016-03-09 09:58 - 000001106 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-01-12 07:59 - 2009-07-14 05:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-12 07:59 - 2009-07-14 05:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-12 07:44 - 2009-07-14 06:13 - 000752560 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-12 07:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-12 07:41 - 2016-03-09 09:58 - 000001102 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-01-12 07:40 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-11 22:47 - 2017-01-05 14:54 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job
2018-01-11 19:25 - 2016-03-09 09:58 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-01-11 08:51 - 2015-08-01 18:35 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-11 08:51 - 2015-08-01 18:35 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-09 14:35 - 2017-02-07 13:38 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-09 14:34 - 2017-11-16 11:01 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-09 14:34 - 2015-08-01 18:35 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-09 14:34 - 2015-08-01 18:35 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-09 14:34 - 2015-08-01 18:35 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-09 14:34 - 2015-08-01 18:35 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-09 14:34 - 2015-08-01 18:35 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-01-09 14:33 - 2017-02-07 13:38 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-01-09 14:33 - 2017-02-07 13:38 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-01-09 14:33 - 2017-02-07 13:38 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-01-09 14:33 - 2017-02-07 13:38 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-01-09 14:33 - 2015-08-01 18:35 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-07 23:01 - 2017-12-12 17:13 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2018-01-07 07:21 - 2016-07-23 21:51 - 000000000 ____D C:\Users\David\AppData\Roaming\5kplayer
2018-01-06 08:33 - 2015-08-01 18:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-04 12:21 - 2015-12-16 09:09 - 000000000 ____D C:\Users\David\AppData\Local\Google
2018-01-04 12:21 - 2015-12-16 09:09 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-03 01:47 - 2015-08-01 15:54 - 000000000 ____D C:\Users\David
2018-01-01 21:20 - 2017-07-08 10:49 - 000000000 ____D C:\Users\David\AppData\Local\GoToMeeting
2017-12-31 11:35 - 2017-12-07 11:52 - 000000000 ____D C:\Users\David\Desktop\Old Firefox Data
2017-12-31 02:04 - 2015-08-01 21:27 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2017-12-23 14:05 - 2017-12-08 18:14 - 000000000 ____D C:\Users\David\AppData\Local\Spotify
2017-12-23 14:05 - 2017-12-08 18:12 - 000000000 ____D C:\Users\David\AppData\Roaming\Spotify
2017-12-22 14:50 - 2017-08-06 10:57 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-22 14:50 - 2017-01-05 14:54 - 000003656 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000
2017-12-22 14:50 - 2017-01-05 14:54 - 000003560 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000
2017-12-22 14:50 - 2016-03-22 21:57 - 000003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458680219
2017-12-22 14:50 - 2016-03-09 09:58 - 000004112 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-12-22 14:50 - 2016-03-09 09:58 - 000003860 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-12-22 14:50 - 2015-12-03 22:11 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-12-22 14:50 - 2015-08-07 09:58 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-22 14:50 - 2015-08-01 17:36 - 000003066 _____ C:\Windows\System32\Tasks\{63425FEB-6378-4EC6-97B2-025AE9FCBA72}
2017-12-21 22:56 - 2017-03-05 21:20 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-12-21 22:56 - 2015-08-03 08:07 - 000000000 ____D C:\ProgramData\Skype
2017-12-21 22:52 - 2015-08-03 08:07 - 000000000 ____D C:\Users\David\AppData\Roaming\Skype
2017-12-21 12:04 - 2015-10-13 22:19 - 000000000 ____D C:\Program Files\Java
2017-12-21 12:00 - 2015-08-06 10:33 - 000000000 ____D C:\Windows\system32\appmgmt
2017-12-21 11:35 - 2015-10-13 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-21 11:35 - 2015-08-06 09:57 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-21 11:32 - 2015-10-13 22:20 - 000144448 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-12-21 09:57 - 2016-01-15 08:16 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-12-21 09:49 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-12-21 09:49 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-12-16 14:24 - 2015-08-06 11:03 - 000000000 ____D C:\Users\David\AppData\Local\Adobe
2017-12-16 14:17 - 2015-08-06 11:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-16 14:17 - 2015-08-06 11:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-16 14:17 - 2015-08-06 11:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-16 14:17 - 2015-08-06 11:05 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2016-12-12 11:05 - 2016-12-12 11:06 - 000004608 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 17:34 - 2015-08-01 17:34 - 000001696 _____ () C:\Users\David\AppData\Local\FastClean.20150801.183443.txt
2015-08-01 17:36 - 2015-08-01 17:36 - 000001696 _____ () C:\Users\David\AppData\Local\FastClean.20150801.183631.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-08 09:23

==================== End of FRST.txt ============================

Attached File  Addition.txt   56.83KB   1 downloads



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 12 January 2018 - 09:56 AM



Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.1\bin\ssv.dll => No File
CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2016-12-12 11:05 - 2016-12-12 11:06 - 000004608 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 17:34 - 2015-08-01 17:34 - 000001696 _____ () C:\Users\David\AppData\Local\FastClean.20150801.183443.txt
2015-08-01 17:36 - 2015-08-01 17:36 - 000001696 _____ () C:\Users\David\AppData\Local\FastClean.20150801.183631.txt

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

P.S.
I am not using syncing on Chrome (not to my knowledge anyway).

You have any other devices connected to the Wifi were this computer is connected please check Chrome Syncing on all devices.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users