Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searchscopes - Win 7 - Sign in PW hijacked, disabled programs


  • This topic is locked This topic is locked
48 replies to this topic

#1 AhhhLeah

AhhhLeah

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 PM

Posted 24 February 2018 - 10:16 PM

Was referred to this thread by one of your members from the 'Am I Infected?' thread.
 
Windows 7 Problem:
 
Date of incident:  2/21.  Was suddenly asked for a PW to sign in even though that setting was disabled.  Didn't remember the PW so went in through the back door and disabled PW again.  Immediately noticed some programs no longer worked and settings of other programs had been changed.  Was told I don't have permission to do certain things even though I am the Admin.  Two user ID's vanished from the sign on screen.  Avast and Malwarebytes seemed to be locked.  Printer settings were changed and was disabled.  Prob other issues I haven't yet run across.
 
Tried repeatedly to do a system restore in and out of safe mode.  Each time was told it did not complete...a file was missing or my antivirus was running.  Could confirm Avast and the firewall were disabled but still couldn't get into Malwarebytes so finally ended up uninstalling it although their icon remains on my desktop.  (Edit added 2/24...Ha...I just now looked and it appears it never uninstalled.  It's still sitting in my C drive Program Files but it won't open from my desktop and is not listed in the program list where I uninstalled it.  I won't mess with it any further at this time.)  Tried system restore again and was told it did not work for the same reason but nothing was running. Now Malwarebytes won't download at all (edit added 2/24...and Avast keeps turning off.  Tried again to install Malwarebytes 2/24 with no success.)
 
Thank you in advance.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by Gail (administrator) on GAIL-PC (24-02-2018 20:28:28)
Running from C:\Users\Gail\Desktop
Loaded Profiles: Gail & lmiremote (Available Profiles: Gail & lmiremote)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Sonix) C:\Windows\vsnp2std.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5004592 2012-10-19] (Intel® Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [286632 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-02-22] (AVAST Software)
HKLM\...\Run: [snp2std] => C:\windows\vsnp2std.exe [348160 2005-08-13] (Sonix)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\Policies\system: [DisableLockWorkstation] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4098365070-926832710-3877579155-1000] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{27D64C42-8088-4377-848D-754CB40B3C8B}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {2F898CF3-770C-4649-9661-579EBF3B4B36} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2F898CF3-770C-4649-9661-579EBF3B4B36} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2F898CF3-770C-4649-9661-579EBF3B4B36} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-22] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
IE Session Restore: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> is enabled.
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)

FireFox:
========
FF DefaultProfile: g9ta1qns.default-1386716159493-1506477114844
FF ProfilePath: C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844 [2018-02-24]
FF Homepage: Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844 -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844 -> is enabled.
FF Extension: (Name) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\firefox@ghostery.com.xpi [2018-02-22]
FF Extension: (PlugIn-Checker) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi [2017-10-19]
FF Extension: (Notifier for Gmail™) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2018-01-24]
FF Extension: (AdBlocker for YouTube™) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2017-11-08]
FF Extension: (Avast Passwords) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-02-07]
FF Extension: (FindFlix: Netflix Secret Category Finder) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\njgopmododdceghkcgbmgfffamnjbjno@chrome-store-foxified-unsigned.xpi [2017-10-19]
FF Extension: (Avast SafePrice) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\sp@avast.com.xpi [2018-02-22]
FF Extension: (uBlock Origin) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\uBlock0@raymondhill.net.xpi [2018-02-22]
FF Extension: (Avast Online Security) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\wrc@avast.com.xpi [2017-10-14]
FF Extension: (NoScript) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-08]
FF Extension: (__MSG_appName__) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-11-11]
FF Extension: (Zoom Image) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\{b14f4076-e80d-4baa-8c7d-8c65dfd2519c}.xpi [2017-12-06]
FF Extension: (Docs Online Viewer) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\{bfb54675-2fd9-4e22-949d-c36333aff6b5}.xpi [2017-10-14]
FF SearchPlugin: C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\searchplugins\yahoo-avast.xml [2017-11-23]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 => not found
FF HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - C:\Users\Gail\AppData\Local\Giant Savings\Chrome\Giant Savings.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7564512 2018-02-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [300600 2018-02-22] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-06] (Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2018-02-08] (Dropbox, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [192944 2018-02-20] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-04] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199448 2018-01-04] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343768 2018-01-04] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57696 2018-01-04] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [190440 2018-02-20] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-02-20] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146648 2018-02-20] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-02-20] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-02-20] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-02-20] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [459952 2018-02-20] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [205464 2018-02-20] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [379448 2018-02-20] (AVAST Software)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S4 LMIRfsClientNP; no ImagePath
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-05-10] (CACE Technologies, Inc.)
R3 radpms; C:\windows\System32\DRIVERS\radpms.sys [14944 2010-12-08] (LogMeIn, Inc.)
S3 SNP2STD; C:\windows\System32\DRIVERS\snp2sxp.sys [12582272 2007-08-17] ()
S3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12274432 2007-08-17] ()
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-24 20:28 - 2018-02-24 20:32 - 000024272 _____ C:\Users\Gail\Desktop\FRST.txt
2018-02-24 20:24 - 2018-02-24 20:24 - 002403328 _____ (Farbar) C:\Users\Gail\Desktop\FRST64.exe
2018-02-24 10:41 - 2018-02-24 10:41 - 000000423 _____ C:\Users\Gail\Desktop\Runme.bat
2018-02-23 14:14 - 2018-02-23 14:14 - 000000000 ____D C:\Users\Gail\Downloads\Calendar Pages
2018-02-23 11:26 - 2018-02-23 11:26 - 000000000 ____D C:\Users\Gail\Downloads\LogMeIn
2018-02-22 23:56 - 2018-02-22 23:56 - 000000000 ____D C:\Users\Gail\Desktop\FRST-OlderVersion
2018-02-22 23:37 - 2018-02-22 23:37 - 000001088 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2018-02-22 23:37 - 2018-02-22 23:37 - 000000000 ____D C:\Users\Gail\AppData\Local\VS Revo Group
2018-02-22 23:37 - 2018-02-22 23:37 - 000000000 ____D C:\ProgramData\VS Revo Group
2018-02-22 23:37 - 2018-02-22 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2018-02-22 23:37 - 2018-02-22 23:37 - 000000000 ____D C:\Program Files\VS Revo Group
2018-02-22 23:37 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2018-02-22 23:30 - 2018-02-22 23:36 - 000000000 ____D C:\Users\Gail\Downloads\Revo Uninstaller
2018-02-22 23:11 - 2018-02-22 23:11 - 011217568 _____ (Piriform Ltd) C:\Users\Gail\Downloads\ccsetup540.exe
2018-02-22 22:22 - 2018-02-22 22:46 - 000000000 ____D C:\Users\Gail\Brother
2018-02-22 15:21 - 2018-02-22 15:21 - 000000000 ____D C:\Program Files (x86)\New folder
2018-02-22 15:18 - 2018-02-22 15:19 - 000000000 ____D C:\Users\Gail\Downloads\Malwarebytes
2018-02-22 15:15 - 2018-02-22 15:15 - 000000000 ____D C:\Program Files\Malwarebytes2
2018-02-22 14:31 - 2018-02-20 22:58 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-02-22 13:45 - 2018-02-22 13:45 - 000003288 ____N C:\bootsqm.dat
2018-02-22 13:44 - 2018-02-22 13:44 - 000000000 __SHD C:\found.001
2018-02-21 22:47 - 2016-10-17 11:11 - 000363520 _____ (Brother Industries, Ltd.) C:\windows\system32\BRCOM13A.DLL
2018-02-21 22:22 - 2018-02-22 14:21 - 000000000 ____D C:\Users\Gail\BrUtilitiesHL-L2340D
2018-02-21 22:14 - 2018-02-21 22:15 - 046950016 _____ (A.I.SOFT,INC.) C:\Users\Gail\Downloads\HL-L2340DW-inst-D1-US3.EXE
2018-02-21 19:00 - 2018-02-22 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-19 19:22 - 2018-02-19 19:22 - 000110016 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-02-19 11:02 - 2018-02-19 11:03 - 000000000 ____D C:\Users\Gail\Desktop\Pics
2018-02-14 08:57 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2018-02-14 08:57 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2018-02-14 08:57 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2018-02-08 15:10 - 2018-02-08 15:10 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2018-02-08 15:10 - 2018-02-08 15:10 - 000045672 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2018-02-08 15:10 - 2018-02-08 15:10 - 000045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2018-02-08 15:10 - 2018-02-08 15:10 - 000045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2018-02-07 00:48 - 2018-02-07 00:48 - 000415172 _____ C:\Users\Gail\Desktop\BazookaRelist your listing.htm
2018-02-07 00:48 - 2018-02-07 00:48 - 000000000 ____D C:\Users\Gail\Desktop\BazookaRelist your listing_files
2018-02-07 00:47 - 2018-02-07 00:47 - 000416588 _____ C:\Users\Gail\Desktop\CrushSell similar.htm
2018-02-07 00:47 - 2018-02-07 00:47 - 000000000 ____D C:\Users\Gail\Desktop\CrushSell similar_files
2018-01-26 20:38 - 2018-02-22 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-01-26 20:38 - 2018-01-26 20:38 - 000002156 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2018-01-26 20:38 - 2018-01-26 20:38 - 000000049 _____ C:\Users\Public\Documents\pre_fileassoc.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-24 20:28 - 2017-02-02 07:33 - 000000000 ____D C:\FRST
2018-02-24 20:00 - 2017-05-06 06:55 - 000000904 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-02-24 10:43 - 2017-01-26 23:00 - 000000000 ____D C:\Users\Gail\AppData\LocalLow\Mozilla
2018-02-24 10:41 - 2009-07-13 23:45 - 000025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-24 10:41 - 2009-07-13 23:45 - 000025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-24 10:36 - 2009-07-14 00:13 - 000799890 _____ C:\windows\system32\PerfStringBackup.INI
2018-02-24 10:36 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-02-24 10:28 - 2017-05-06 06:55 - 000000900 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-02-24 10:28 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-02-24 10:17 - 2017-02-07 15:00 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-02-22 23:14 - 2017-10-26 09:00 - 000003870 _____ C:\windows\System32\Tasks\CCleaner Update
2018-02-22 23:14 - 2017-10-26 09:00 - 000000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-22 22:57 - 2017-11-23 22:44 - 000002151 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2018-02-22 22:22 - 2012-07-01 14:02 - 000000000 ____D C:\Users\Gail
2018-02-22 22:12 - 2009-07-14 00:08 - 000032544 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-02-22 16:58 - 2012-09-01 08:50 - 000000000 ____D C:\Users\lmiremote
2018-02-22 16:58 - 2012-07-01 16:18 - 000000000 ____D C:\Users\LogMeInRemoteUser
2018-02-22 14:34 - 2017-02-07 15:00 - 000001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-02-22 14:21 - 2018-01-15 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-22 14:21 - 2017-10-25 14:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2018-02-22 14:21 - 2017-10-25 14:14 - 000000000 ____D C:\ProgramData\Brother
2018-02-22 14:21 - 2017-02-07 15:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-02-22 14:21 - 2012-02-23 09:36 - 000000000 ____D C:\ProgramData\Norton
2018-02-22 14:21 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-02-22 14:20 - 2017-01-27 21:44 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2018-02-22 14:20 - 2014-12-24 08:42 - 000000000 ____D C:\windows\system32\appraiser
2018-02-22 14:20 - 2009-07-13 22:20 - 000000000 ____D C:\windows\SysWOW64\Setup
2018-02-22 14:20 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\Setup
2018-02-22 14:20 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\NDF
2018-02-22 14:20 - 2009-07-13 22:20 - 000000000 ____D C:\windows\servicing
2018-02-22 14:19 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2018-02-21 22:57 - 2017-11-23 22:43 - 000002066 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2018-02-21 21:52 - 2010-11-21 02:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2018-02-21 20:11 - 2017-10-27 09:44 - 000069400 _____ C:\Users\Gail\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-21 19:00 - 2017-05-06 06:55 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-02-21 12:12 - 2017-10-26 08:14 - 000316304 _____ C:\windows\system32\FNTCACHE.DAT
2018-02-20 22:58 - 2017-11-11 08:37 - 000192944 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-02-20 22:58 - 2017-11-11 08:37 - 000192944 _____ (AVAST Software) C:\windows\system32\Drivers\asw1fc64020495f8d43.tmp
2018-02-20 22:58 - 2017-02-07 15:00 - 000459952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-02-20 22:58 - 2017-02-07 15:00 - 000459952 _____ (AVAST Software) C:\windows\system32\Drivers\asw655b1ad96788cf9b.tmp
2018-02-20 22:58 - 2017-02-07 15:00 - 000379448 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-02-20 22:58 - 2017-02-07 15:00 - 000379448 _____ (AVAST Software) C:\windows\system32\Drivers\asw cf10d3b0606b690.tmp
2018-02-20 22:58 - 2017-02-07 15:00 - 000205464 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-02-20 22:58 - 2017-02-07 15:00 - 000205464 _____ (AVAST Software) C:\windows\system32\Drivers\asw6ab8957bac04e9d0.tmp
2018-02-20 22:58 - 2017-02-07 15:00 - 000146648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-02-20 22:58 - 2017-02-07 15:00 - 000146648 _____ (AVAST Software) C:\windows\system32\Drivers\asw1184838bd144bdd4.tmp
2018-02-20 22:58 - 2017-02-07 15:00 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-02-20 22:58 - 2017-02-07 15:00 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\asw 30c600b037ddbea.tmp
2018-02-20 22:58 - 2017-02-07 15:00 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-02-20 22:58 - 2017-02-07 15:00 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\asw9f82b6a3af2c8f74.tmp
2018-02-20 22:58 - 2017-02-07 15:00 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-02-20 22:58 - 2017-02-07 15:00 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswc9284ec7c5513924.tmp
2018-02-20 22:57 - 2018-01-04 16:56 - 000190440 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-02-20 22:57 - 2018-01-04 16:56 - 000190440 _____ (AVAST Software) C:\windows\system32\Drivers\asw9c8899ff2b1b0aec.tmp
2018-02-20 22:57 - 2017-02-07 15:00 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-02-20 22:57 - 2017-02-07 15:00 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\asw811ad6acf73d0f98.tmp
2018-02-20 18:50 - 2013-03-26 07:05 - 000003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6C7BE393-087F-40C8-A413-EE4E449807E9}
2018-02-20 18:49 - 2018-01-24 17:49 - 000084256 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-02-20 03:11 - 2014-01-29 19:10 - 000775108 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2018-02-19 19:23 - 2018-01-15 13:21 - 000046008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2018-02-19 19:22 - 2018-01-15 13:19 - 000253880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-02-08 20:36 - 2017-05-06 07:00 - 000000000 ___RD C:\Users\Gail\Dropbox
2018-01-31 23:00 - 2017-09-07 23:05 - 000000000 _____ C:\windows\SysWOW64\last.dump
2018-01-26 20:39 - 2017-10-14 18:21 - 000000000 ____D C:\ProgramData\Foxit Software

==================== Files in the root of some directories =======

2013-06-27 07:59 - 2014-06-22 21:08 - 000003736 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-01-11 15:13 - 2013-01-11 15:13 - 000022464 _____ (Intel Corporation) C:\Users\Gail\AppData\Roaming\JomCap.dll
2012-11-12 19:30 - 2012-11-12 19:30 - 000027520 _____ () C:\Users\Gail\AppData\Local\dt.dat
2012-11-03 17:22 - 2012-11-03 17:22 - 000000017 _____ () C:\Users\Gail\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-02-22 22:06 - 2006-05-24 12:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Gail\AppData\Local\Temp\_isCCC8.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-03 19:54

==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 PM

Posted 24 February 2018 - 10:18 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Gail (24-02-2018 20:33:52)
Running from C:\Users\Gail\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-01 19:02:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4098365070-926832710-3877579155-500 - Administrator - Disabled)
Gail (S-1-5-21-4098365070-926832710-3877579155-1000 - Administrator - Enabled) => C:\Users\Gail
Guest (S-1-5-21-4098365070-926832710-3877579155-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4098365070-926832710-3877579155-1002 - Limited - Enabled)
lmiremote (S-1-5-21-4098365070-926832710-3877579155-1004 - Administrator - Enabled) => C:\Users\lmiremote

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.1.2326 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-2110fc4c-4037-4a5b-af43-be712cf62699) (Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 43.4.50 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
FATE - The Traitor Soul (HKLM-x32\...\WTA-db9d8e2d-9df9-4257-9d48-372581eedfc0) (Version: 2.2.0.95 - WildTangent) Hidden
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
HL-L2340D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HUE HD Webcam (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19.121 - Clique)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
Intel® My WiFi Dashboard (HKLM\...\{6FF4DB88-3E54-468C-A0C6-208766A45C52}) (Version: 15.06.0000.0226 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Letters from Nowhere 2 (HKLM-x32\...\WTA-5f386be9-ade2-4e63-9eaf-40d8d0e26be3) (Version: 2.2.0.97 - WildTangent) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Overlook Fing (HKLM-x32\...\Overlook Fing 1.4) (Version: 1.4 - Overlook)
PeaZip 6.4.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.4.0 - Giorgio Tani)
Penguins! (HKLM-x32\...\WTA-be387e9d-b298-4c5f-879f-75c0f7484983) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-970e7584-ee8f-47b8-8953-2d1ddc32b13b) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WTA-4ff1326b-93fa-4c70-bec7-4e24b1c94aed) (Version: 2.2.0.97 - WildTangent) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS5520FWUpdateAlert (HKLM-x32\...\{1A5A71DF-E108-4557-9C56-C03A549F9257}) (Version: 1.00.0000 - HP) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
RollerCoaster Tycoon 3: Platinum (HKLM-x32\...\WTA-73772bb3-c5c3-441a-8052-ca4168f00611) (Version: 2.2.0.98 - WildTangent) Hidden
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-cf9d024e-c532-4f05-8f12-522e9a7621ff) (Version: 2.2.0.98 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0130.640204 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
winpcap-overlook 4.02 (HKLM-x32\...\winpcap-overlook) (Version:  - )
Zuma's Revenge (HKLM-x32\...\WTA-53f21a22-f4e2-4324-a128-423f30e3c088) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-22] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-22] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-06-27] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-22] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05A36955-89B9-4791-9C1F-3C127D7901EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {125B81CB-FC34-4845-A050-B926EC476F6C} - System32\Tasks\SafeZone scheduled Autoupdate 1485571635 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {127A3FA6-30A0-43F1-9082-256ADE937E90} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-20] (AVAST Software)
Task: {12DADA82-E8B1-449D-8083-EF776882F73F} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-10-19] (Intel® Corporation)
Task: {307238F7-EDBB-44D1-A44E-324BFBEAD6F1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {501DAA20-E0A1-460D-8F90-3A94FC804E06} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-24] (TOSHIBA CORPORATION)
Task: {519218C6-CE59-4030-9B80-464B46843414} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {641BF80B-BD26-49C8-93E8-A6D710A6E6D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {65C8C5F5-B2C2-4131-88CB-14000B668C2B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-06] (Dropbox, Inc.)
Task: {7669033B-D15B-4E21-B116-69F0E896ECC3} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {C2E29816-0906-4A59-BFE0-19FD126E11BF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {D2FE7AF9-3EEA-4E49-9F6B-F989DACFB0A5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-06] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-05-31 20:32 - 2011-05-31 20:32 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-07-03 15:14 - 2009-12-20 20:42 - 000090624 _____ () C:\windows\System32\Primomonnt.dll
2014-08-11 16:45 - 2014-08-11 16:44 - 000159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2011-06-27 12:16 - 2011-06-27 12:16 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-02-03 22:56 - 2011-02-03 22:56 - 000057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-06-10 00:09 - 2011-06-10 00:09 - 000079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000721112 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000326360 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-02-24 10:23 - 2018-02-24 10:23 - 005822096 _____ () C:\Program Files\AVAST Software\Avast\defs\18022400\algo.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000172248 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000963288 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000468696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000339160 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2014-08-11 16:45 - 2014-08-11 16:44 - 000519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2017-07-11 17:13 - 2017-07-11 17:13 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-02-22 14:30 - 2018-02-22 14:30 - 000275672 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-02-21 18:59 - 2018-02-08 15:10 - 000740168 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-02-21 18:59 - 2018-02-08 15:10 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-02-21 18:59 - 2018-02-08 15:10 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-02-21 18:59 - 2018-02-08 15:10 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000116184 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-02-21 18:59 - 2018-02-08 15:12 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 001796416 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 001956672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 003859272 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000521032 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-02-21 18:59 - 2018-02-08 15:13 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-02-21 18:59 - 2018-02-08 15:10 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-02-21 18:59 - 2018-02-08 15:13 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-02-21 18:59 - 2018-02-08 15:12 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-02-21 18:59 - 2018-02-08 15:12 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-02-21 18:59 - 2018-02-08 15:13 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000545096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000359232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-02-21 18:59 - 2018-02-08 15:12 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-10-25 14:28 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\Gail\Documents\2017-09-10 13.36.58.jpg:com.dropbox.attributes [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7927 more sites.

IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12744 more sites.

IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1004\...\123simsen.com -> www.123simsen.com

There are 7927 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-02-19 19:21 - 000455197 _____ C:\windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 15617 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gail\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: Winstep Xtreme Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Gail^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - .lnk => C:\windows\pss\Monitor Ink Alerts - .lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gail^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Nexus => C:\Program Files (x86)\Winstep\Nexus.exe autostart
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: TOSDCR => %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C872428A-EEC0-4859-981B-44A990B4821D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5908E83F-A67E-4D95-B275-37A845D908C0}] => (Allow) LPort=2869
FirewallRules: [{5450716C-A89B-49DA-A7EB-39BCE09ABC90}] => (Allow) LPort=1900
FirewallRules: [{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{53C30A38-375B-4EAC-A4FC-7255FEE57685}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{5E159DD2-B8F1-43EE-94D2-52010C32A64E}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{04AEB885-5292-4CEE-AFF7-01D6B17162D4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F0E0E252-D721-481F-81D7-322C2A62BBAC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{6340CE53-5C9C-4E45-85EB-DADC8BA361B0}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{E51E34DC-86C1-4B75-8773-2C12EDD0737B}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{E066235B-981D-4959-B962-DCBA7AB0BA4C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{ABBBC5D8-BFA5-4F13-B60A-F525EF2448CB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{C5C8DFEB-CFEF-401D-8993-588E3DE923A3}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{C9B9C5A7-CC5F-45E5-941A-CC66491CE777}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{F05F7C02-8AB6-44D3-A85A-D948CD86E257}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{D504C3A1-7A76-4D04-A0DF-C99B9740F7BA}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{3BA2FD42-3122-4CA5-8BC9-2B49453D5678}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D65C8AD-2304-4056-8E23-B05138D88186}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34519860-45EB-48BE-8D8A-DDEED0F0B599}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{18999D43-2932-4B1A-8509-2B7173916CED}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{2C59F674-390C-467B-B670-D2AA3E6FCCD1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A78C81F2-5003-42DF-A46F-D68FDC828E3E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{01E80A2F-7754-43F1-8D9B-91B328EAD63C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

20-02-2018 03:00:26 Windows Update
21-02-2018 17:26:29 Restore Operation
21-02-2018 22:54:42 Installed Brother Software Suite
22-02-2018 07:57:21 Windows Update
22-02-2018 14:31:53 Windows Update
22-02-2018 22:08:03 Removed Brother Software Suite
22-02-2018 22:55:51 Installed Brother Software Suite
22-02-2018 23:39:08 Revo Uninstaller Pro's restore point - HP Deskjet 1510 series Basic Device Software
23-02-2018 09:43:35 Windows Update

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2018 10:32:22 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/24/2018 10:32:01 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (02/24/2018 10:28:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (02/24/2018 10:28:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/24/2018 10:24:26 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070091. assembly interface: IAssemblyCacheItem, function: Commit, component: {A10BCC35-3E8D-32BA-A5E2-44CF2E572127}

Error: (02/24/2018 10:21:57 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (02/24/2018 10:21:23 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (02/23/2018 11:57:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 21.2.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1920

Start Time: 01d3acc709204336

Termination Time: 15

Application Path: C:\Users\Gail\Desktop\FRST64.exe

Report Id: a35189fe-18ba-11e8-b9a9-dc0ea14287ef


System errors:
=============
Error: (02/24/2018 10:34:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Toshiba Laptop Checkup Application Launcher service hung on starting.

Error: (02/24/2018 10:29:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswbIDSAgent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/24/2018 10:29:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the aswbIDSAgent service to connect.

Error: (02/24/2018 10:28:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/24/2018 10:28:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/24/2018 10:25:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (02/24/2018 10:09:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (02/24/2018 10:09:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.


CodeIntegrity:
===================================

Date: 2017-02-06 12:51:36.501
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-06 12:49:23.939
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-06 12:45:52.700
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-05 23:04:52.695
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-05 22:49:12.860
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-05 22:04:00.536
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-05 20:25:09.717
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 14:19:32.537
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 96%
Total physical RAM: 4002.69 MB
Available physical RAM: 137.47 MB
Total Virtual: 8003.57 MB
Available Virtual: 1744.1 MB

==================== Drives ================================

Drive c: (TI106332W0C) (Fixed) (Total:579.64 GB) (Free:513.6 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{802f3b36-5e27-11e1-b33f-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 27058636)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End of Addition.txt ============================



#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:23 PM

Posted 25 February 2018 - 06:05 AM

AhhhLeah:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs. That could take a day or two.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 PM

Posted 25 February 2018 - 06:34 AM

Hello Phil.  Please call me Leah.  Take your time.  I will be here waiting.  Thank you so much for your time.



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:23 PM

Posted 25 February 2018 - 06:39 AM

Leah:

 

Thank you for your post and for permission to address you by your first name.  :thumbup2:

 

I have started analyzing your FRST logs.  I am seeing remnants of security solutions that are no longer installed (AVG Secure Search, McAfee).  These can cause issues.  You should only have one dedicated anti-virus product active, so I will remove these remnants for you, unless you object.

 

I do hope to have an initial FRST "fixlist" script for you this afternoon.

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 PM

Posted 25 February 2018 - 07:45 AM

Absolutely.  Please feel free to remove anything unnecessary.  It belonged to my grandmother and she didn't quite understand the notion of not clicking on things so it was in bad shape when I got it.  I've cleaned it up a lot but know I have a ways to go.  Also, any indication where I might have picked up Searchscopes?  I have been so incredibly careful, have the paid version of Malwarebyes and free premium trial of Avast and still I get this?  Geesh.  So frustrating.

 

Thank you for your time Phil.  Much appreciated

 

~Leah~



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:23 PM

Posted 25 February 2018 - 08:12 AM

Leah:

 

Thank you for your post.  I am still making my way through your FRST logs, but i have to gone for awhile this morning, this being Sunday.

 

Don't get overly concerned about Searchscopes.  Yes, malware, adware, and other nuisances make use of the Searchscopes registry subkeys, but they are legitimate registry subkeys.  In your case, the laptop belonged to someone else (your grandmother), so it is probable that when you configured your defaults, her defaults were just migrated to the Searchscopes registry subkeys.  See this link and this link for more information.  I am not seeing any nefarious Searchscopes entries, so far.

 

When you "google" Searchscopes, of course, you get thousands of hits from all of the companies trying to sell you their protection software.  Searchscopes are a legitimate Windows feature that can be properly used; or, misused by malware.

 

 

 

SearchScopes: HKU\S-1-5-21-3201153541-2577965718-1018717780-1001 -> DefaultScope {ECB60532-C901-4DCC-99E2-D7400678780F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3201153541-2577965718-1018717780-1001 -> {ECB60532-C901-4DCC-99E2-D7400678780F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

 

 

 

I can assure you that my computer is NOT infected. :)

 

Many people mistakenly believe that all Searchscopes entries are bad, but that is understandable, because all of these companies are trying to convince you, and anyone else, that you have an infection and you need to pay for their product to remove this imaginary, or real, threat.  Searchscopes registry entries are only bad when they point to somewhere that is undesirable, like malware-hosting websites.

 

Still on schedule for an afternoon post.  Thank you for your patience.  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 PM

Posted 25 February 2018 - 10:26 AM

Gotcha.  So maybe Searchscopes isn't what started causing problems this week.  But there's definitely something going on.  The latest thing it's doing is disconnecting my wifi copier from my laptop and I am also running terribly slowly.

 

Anyway, here's something to think about...Something similar happened about a year ago.  I was running a trial version of a premium antivirus program.  A few days before the trial ran out I got slammed with all their pop ups reminding me it was expiring and giving me a million reasons why I should purchase their premium protection...which I ignored,  A couple days later I mysteriously had crap downloaded onto my computer.  I am 80% convinced that AV program I had last year intentionally downloaded those programs to scare me into paying for their premium protection. 

 

Consider this...Right now, I'm a couple days away from my trial period ending on my new AV program and BAM! it happens again.  Both times it started out the exact same way by locking me out with the sign in password and disabling my AV/malware programs.  Amazingly coincidental or intentional?  The things that were found last year were more scary looking and acting than dangerous.  It looks like this might turn out to be similar.

 

Things that make you go hmmmmm.

 

Will wait patiently for your return.  Thank you for your time.

 

~Leah~


Edited by AhhhLeah, 25 February 2018 - 10:26 AM.


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:23 PM

Posted 25 February 2018 - 10:32 AM

Leah:

 

I hear you!  You might want to check out this link by quietman7, one of the foremost computer security experts here at Bleeping Computer.  Draw your own conclusions.  Personally I use Bitdefender Total Security and Malwarebytes Premium.

 

I have started work on analyzing the "Addition.txt" log.

 

Have a great day.

 

Regards,

-Phil

 

 


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:23 PM

Posted 25 February 2018 - 11:46 AM

Leah:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I would suggest that you should consider uninstalling this Firefox extension from within Firefox.
 

FF Extension: (Avast SafePrice) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\sp@avast.com.xpi [2018-02-22]

 

Please see this link for information about this extension. Personally, I would not have it on my computer.

.

:step2: Are you familiar with this Firefox extension?

 

FF Extension: (Zoom Image) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\g9ta1qns.default-1386716159493-1506477114844\Extensions\{b14f4076-e80d-4baa-8c7d-8c65dfd2519c}.xpi [2017-12-06]

 

There is very little information on the web when one "googles" this extension, so I regard therefore as suspicious ... ? If you don't use it or know about it, I would suggest removing this extension as well from within Firefox.

.

:step3: Do you know about this enabled Administrator account and the LogMeIn files that are on this computer?
 

lmiremote (S-1-5-21-4098365070-926832710-3877579155-1004 - Administrator - Enabled) => C:\Users\lmiremote


R3 radpms; C:\windows\System32\DRIVERS\radpms.sys [14944 2010-12-08] (LogMeIn, Inc.)
C:\windows\System32\DRIVERS\radpms.sys
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
2018-02-23 11:26 - 2018-02-23 11:26 - 000000000 ____D C:\Users\Gail\Downloads\LogMeIn


I do not see LogMeIn listed as an installed program on this computer ... ? :scratchhead:

.

:step4: I see that you have this program installed on your computer. It could be responsible for many of your issues ... ? There are several programs by that name and they are all "snake oil."
 

Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )


Error: (02/24/2018 10:32:01 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error

Error: (02/24/2018 10:28:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Unspecified error


Please see this link and this link for more information on why the use of registry cleaners/optimizers is strongly discouraged. I personally had a computer "trashed" by one of those products, long before I knew better. The only way to "fix" the mess it made to Windows was for me to do a complete clean install of Windows.

I strongly recommend that you uninstall this program and avoid using registry/system optimizers in the future!

.

:step5: You have two copies of Revo Uninstaller installed on your computer.
 

Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)


I would recommend that you uninstall the outdated version 2.0.2.

.

:step6: Please run a FRST fix for me. Please don't be concerned about the length of the FRST "fixlist" script. Most of it is dedicated to just cleaning up your system. I am not seeing any really serious malware infections, ... so far, but we have some more scans to run yet, later, because FRST does not detect everything. :thumbup2:

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
2014-08-11 16:45 - 2014-08-11 16:44 - 000519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\windows\system32\drivers\avgtpx64.sys
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 => not found
FF HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - C:\Users\Gail\AppData\Local\Giant Savings\Chrome\Giant Savings.crx <not found>
S2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [X]
S4 LMIRfsClientNP; no ImagePath
2013-06-27 07:59 - 2014-06-22 21:08 - 000003736 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
VirusTotal: C:\Users\Gail\AppData\Local\Temp\_isCCC8.exe;C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
C;\Program Files (x86)\Spybot - Search & Destroy 2
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
C:\Program Files (x86)\AVG Secure Search
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 PM

Posted 25 February 2018 - 02:59 PM

Logmein--March 2017 I got a little too aggressive uninstalling what I felt were unnecessary programs.  I remember immediately after uninstalling thinking I probably should not have done that.  I downloaded it just this morning but decided not to open the file until either you told me to or after we get done with everything here.

 

WindowRegistryRepair--There were a lot of these types of programs on here when I got it.  I've never used one but the sheer number of "repair" type programs told me my grandmother had pretty much trashed her computer long before I got it.  After seeing what I saw, I guessed she had taken it to a computer repair place and they did some "repair type work" but, good grief, there was a lot they didn't clean up.  Viruses, trojans...you name it, it was on here.  Overall, it was a mess.  I thought I had uninstalled all these programs but after looking iat it, I believe I left it thinking it was a Microsoft program.  I have uninstalled all.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Gail (25-02-2018 13:37:53) Run:2
Running from C:\Users\Gail\Desktop
Loaded Profiles: Gail (Available Profiles: Gail & lmiremote)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
2014-08-11 16:45 - 2014-08-11 16:44 - 000519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\windows\system32\drivers\avgtpx64.sys
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 => not found
FF HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - C:\Users\Gail\AppData\Local\Giant Savings\Chrome\Giant Savings.crx <not found>
S2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [X]
S4 LMIRfsClientNP; no ImagePath
2013-06-27 07:59 - 2014-06-22 21:08 - 000003736 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
VirusTotal: C:\Users\Gail\AppData\Local\Temp\_isCCC8.exe;C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
C;\Program Files (x86)\Spybot - Search & Destroy 2
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
C:\Program Files (x86)\AVG Secure Search

*****************

Restore point was successfully created.
Processes closed successfully.
[2408] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => process closed successfully.
[2568] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => process closed successfully.
"HKLM\Software\Wow6432Node\Classes\PROTOCOLS\Handler\viprotocol" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => removed successfully
vToolbarUpdater18.1.9 => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\vToolbarUpdater18.1.9" => removed successfully
vToolbarUpdater18.1.9 => service removed successfully
avgtp => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\avgtp" => removed successfully
avgtp => service removed successfully
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll => moved successfully
C:\Program Files (x86)\Common Files\AVG Secure Search => moved successfully
C:\windows\system32\drivers\avgtpx64.sys => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found
"HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => removed successfully
HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found
"HKLM\Software\Classes\PROTOCOLS\Handler\linkscanner" => removed successfully
HKLM\Software\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar" => removed successfully
"HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}" => removed successfully
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj" => removed successfully
"HKLM\System\CurrentControlSet\Services\LMIGuardianSvc" => removed successfully
LMIGuardianSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\LMIRfsClientNP" => removed successfully
LMIRfsClientNP => service removed successfully
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => moved successfully
VirusTotal: C:\Users\Gail\AppData\Local\Temp\_isCCC8.exe => https://www.virustotal.com/file/15ff52f3a2d8f23241bf7f8f90095ee3741e66fa177fb5b6dc729decc82a4a99/analysis/1519317079/
VirusTotal: C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd => https://www.virustotal.com/file/dbe2e1a1ce45f385b56c835faca4df06b0f6d15db7767cb8e6893100a5191437/analysis/1519531632/
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" => removed successfully
C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => moved successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" => removed successfully
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" => not found
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall" => removed successfully
C:\Program Files\Common Files\AV\Spybot - Search and Destroy => moved successfully
C;\Program Files (x86)\Spybot - Search & Destroy 2 => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" => removed successfully
"C:\Program Files (x86)\AVG Secure Search" => not found


The system needed a reboot.

==== End of Fixlog 13:38:45 ====

 

Thank you again for your time.

 

~Leah~



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:23 PM

Posted 25 February 2018 - 03:28 PM

Leah:
 
Thank you for your post, the contents of the FRST "fixlog.txt" file, and for the update on your laptop.  I want to run some more standard anti-malware scans.
 
.
 
:step1: Did you uninstall Avast; or, do you still have it?  The reason that I ask is that it seldom uninstalls cleanly, so later on I will have to request another set of FRST logs to remove any remnants that might be lurking about, although generally Revo Uninstaller Pro does a pretty good job, if you used it.  I use that program myself on both of my computers! :thumbup2:

.

:step2: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step3: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

:step4: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

I am going offline for today. There is snow and ice pellets in our forecast for tonight. I have a large rural property so there will be "some" snow to shovel! I hope to be back online tomorrow afternoon. The ESET scan should take about an hour or so to run, so there is no rush.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 PM

Posted 25 February 2018 - 04:39 PM

Hi Phil,

 

I still have Avast but since my trail period ends in a couple days and since there's a strong possibility the malware installed on Tuesday was installed by them, I'd like to go to something else.  I used AVG before but had issues with them installing malware as well so I'd like to steer clear of them.  You said you use BitDefender.  Maybe that?  I pay for Malwarebytes so was trying to keep my AV Free but if I need to pay I will as long as it's in my budget.  Since that's the case I assume it's okay to uninstall Avast now.  I'll wait until I have confirmation from you first.

 

In the meantime I will disable and continue with the task above.

 

ESET got hung up at 74% on Wild Tangent games.  No threats were found in what it was able to scan. Uninstalled and moving on...

 

Malwarebytes was clean.  I cannot find the log.  I must be really tired.  I've already spent too much time looking for it so I will soldier on...

 

Will continue updating as I go including editing this comment post.  Hopefully I completed everything except for the MBAM log.  Can you add anything to help me?  I cannot find history or application folders and no other places where I can print out a report from the open program.

 

I hope you had a great day of snow and ice!  Hopefully we are done with that in Ohio this winter but I won't hold my breath.  We always seem to get one last big snow in March or even April.

 

I'm done for this evening.  I'll catch up with you tomorrow.  Thank you again for your time and brain cells spent on helping me.  The adwcleaner report follows...

 

~Leah~

 

# AdwCleaner 7.0.8.0 - Logfile created on Sun Feb 25 23:06:04 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\AVG Secure Search
Deleted: C:\ProgramData\Application Data\AVG Secure Search
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG Secure Search
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
Deleted: C:\Users\All Users\AVG Secure Search
Deleted: C:\Users\Gail\AppData\LocalLow\AVG Secure Search
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\Program Files (x86)\Auslogics
Deleted: C:\Users\Gail\AppData\Roaming\Auslogics
Deleted: C:\ProgramData\Avg_Update_0814tb


***** [ Files ] *****

Deleted: C:\\user.js
Deleted: C:\Users\Gail\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Auslogics Disk Defrag.lnk


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\ImInstaller
Deleted: [Key] - HKCU\Software\ImInstaller
Deleted: [Key] - HKLM\SOFTWARE\AVG Secure Search
Deleted: [Key] - HKU\.DEFAULT\Software\AVG Secure Search
Deleted: [Key] - HKU\S-1-5-18\Software\AVG Secure Search
Deleted: [Key] - HKLM\SOFTWARE\AVG Security Toolbar
Deleted: [Key] - HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\AVG Security Toolbar
Deleted: [Key] - HKCU\Software\AVG Security Toolbar
Deleted: [Key] - HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\IGearSettings
Deleted: [Key] - HKCU\Software\IGearSettings
Deleted: [Key] - HKLM\SOFTWARE\Web Assistant
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Deleted: [Key] - HKLM\SOFTWARE\OverLook
Deleted: [Key] - HKU\.DEFAULT\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-18\Software\Auslogics
Deleted: [Key] - HKCU\Software\Auslogics


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4909 B] - [2018/2/25 23:1:17]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


Edited by AhhhLeah, 25 February 2018 - 07:36 PM.


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:23 PM

Posted 26 February 2018 - 02:08 PM

Leah:
 
Thank you for your post and for your AdwCleaner log.
 
You can find the Malwarebytes scan log, by opening Malwarebyes, then "Reports", and then look for the most recent "Scan Report".  You can click the "Date and Time" column to have it sort chronologically.  Double-click the desired "Scan Report" and it will open.  At the bottom left, there is an option to "Export".  Click that button.  Select "Copy to Clipboard" and then paste it into your next reply, as I have done below with the latest MBP scan of my computer.


Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/23/18
Scan Time: 3:45 PM
Log File: 1421866a-18d2-11e8-8859-1c6f65ccc00f.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4074
License: Premium
 
-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: DESKTOP-AFS3I87\gario
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314590
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 26 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


Please don't use a quote box, like I did. I just did that to reduce the font of the MBP scan log so it didn't take up so much space.
 
.
 

I still have Avast but since my trail period ends in a couple days and since there's a strong possibility the malware installed on Tuesday was installed by them, I'd like to go to something else.  I used AVG before but had issues with them installing malware as well so I'd like to steer clear of them.  You said you use BitDefender.  Maybe that?  I pay for Malwarebytes so was trying to keep my AV Free but if I need to pay I will as long as it's in my budget.  Since that's the case I assume it's okay to uninstall Avast now.  I'll wait until I have confirmation from you first.

 
Yes, please go ahead and uninstall Avast.  You could just rely on Windows Security Essentials, which is free and is a very effective anti-virus product.  There is also Emsisoft Anti-Malware, which uses the Bitdefender anti-virus scanning engine, plus its own malware database and heuristics that target the types of malware detected by Malwarebytes, so you get both protection layers with one product and at one price.
 
I would recommend that you review this article and this article by quietman7, one of the foremost computer security experts here at Bleeping Computer.  Choosing computer protection is a very personal choice and there is no solution that is right for everyone.  Personally, if I was selecting computer protection today, I would take a long look at the Emsisoft Anti-Malware product, but that is just my personal opinion.   Bleeping Computer does not endorse any specific protection programs as being better than other programs, because there are so many factors to consider: cost, detection rates, computer resource consumption, etc.
 
.

:step1: I would really like to get an ESET scan to run to completion on your computer (note that there will NOT be a log if there are no detections).  Would you be so kind as to do a "power reset" of your computer and try again ... ?

Warm booting does not completely clear the computer and reset everything. See this article. It is amazing to me how many really weird problems are resolved by a power reset of your computer. Power resets are my first diagnostic step. If you launch the "Windows Repair (All In One)" tool by Tweaking.com, you will see that power resets is the first of their preliminary diagnostic steps. That tool is available for download here at Bleeping Computer.

With laptops, it also necessary not just to unplug them, but also to remove the battery to ensure that the motherboard loses power, causing components to reset to their default state. Press and hold the "Power" button down for 10 to 20 seconds, when all power sources have been unplugged from the computer/laptop. This ensures that the capacitors on the motherboard, and other boards, such as GPU, drive controllers, etc., also lose any residual electrical power and are reset back to default states. The only thing that doesn't lose power is the BIOS CMOS, because it has its own battery, and removing that is not usually desirable, since the BIOS loses any custom configuration information, as well as the date and time.

Once you have done the power reset, then reinsert the laptop battery, if you have a laptop, and plug the computer back in. Press the "Power" button and the computer should boot normally, with all memory and capacitors cleared by the power reset. This often solves a lot of computer issues by itself.

 

If that doesn't work, we will try another online anti-virus scanner, so don't be concerned if ESET stalls again.  We have other options.

.

We have been fortunate in that the temperature has risen here above zero Celsius (32 F) here in Port Hood so the forecast snow is melting on contact.  :clapping:

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#15 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:23 PM

Posted 26 February 2018 - 04:25 PM

Phil,

 

Malwarebytes --  I have posted the report below.  Thank you for the instructions.  So simple.  I was dead tired last night and losing my mind to old age doesn't help either but what are ya gonna do?

 

Avast --  I uninstalled it and searched to turn on MSE but didn't find it.  Then, I remembered uninstalling it about a year ago.  Would have been nice if I had remembered that prior to uninstalling Avast.  Lovely.  So I went to Microsoft to reinstall it but decided to wait for your approval since I had a couple of questions.  Microsoft wants me to install an anti-malware cleanup tool.  I don't want to be installing things willy nilly so I need your approval on that.

 

In addition, Microsoft wants me to make sure all my Windows updates are installed.  I went to do that and again decided to get your approval before starting.  There are 3 what I would call necessary updates.  The only one I question is the Windows Malicious Software Removal Tool.  Will wait your approval before updating.  All of this installing of stuff without an anti-malware program doesn't feel good.  Again, more proof I'm losing my mind.

 

Will await your response while I do a "power reset" and attempt to run ESET again.  Thank you again for your time.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/26/18
Scan Time: 1:35 PM
Log File: c8744c95-1b23-11e8-8842-dc0ea14287ef.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4114
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333689
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 35 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users