Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Impaq Speed by Melasys LLC, malware running in background


  • This topic is locked This topic is locked
9 replies to this topic

#1 Myrciel

Myrciel

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 25 May 2018 - 06:25 PM

Hi, I received a virus that, before I booted my computer in safe mode, was doing lots of things that I don't know the meaning of. One of the visible aspects was multiple windows popping up of folders in my User/AppData/Temp. The folders had names that were a mixture of letters and numbers, and each had several applications in them with names that were mixtures of letters and numbers. These folders were being created before my eyes and popping up and a lot of nonsense-named processes were popping up in task manager. I turned off my computer as quickly as I could once I couldn't do anything anymore. I booted in Safe mode (which is what I'm in now) and ran Malwarebytes Anti-Malware scan and 101 pieces of malware were present. I quarantined them through Malwarebytes. I hope that wasn't the wrong thing to do. I ran Malwarebytes again just a few minutes ago and another piece of malware was found had either the title of "Machine Learning" something or was under the category of "Machine Learning" something; I can't remember and I don't know if I can access the information/logs. I'm thinking if I run Malwarebytes again I'll encounter another piece of malware. I run Malwarebytes regularly and there aren't any threats, here they all came at once. I also can't uninstall any programs (in safe mode, I haven't tried in regular mode). One Program that magically appeared was something called Impaq Speed by Melasys LLC, and when I wasn't running safe mode, txt files with Impaq in their name were appearing at the same rate as the jumble-named folders in the previously mentioned temp folder. I'm not sure what the malware has gotten from me (maybe personal data, for example).

 

Here is the FRST Log (didn't appear on desktop, but was in C://):

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Masum (administrator) on OMEGASANCTUM (25-05-2018 17:48:46)
Running from C:\Users\Masum\Downloads
Loaded Profiles: Masum &  (Available Profiles: Masum & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-13] (AVAST Software)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-07-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-07-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173859352\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NIS2250215-SHPD-FSD51083}\FSDUI_Custom.exe /m
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174241573\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NIS2250215-SHPD-FSD51083}\FSDUI_Custom.exe /m
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Run: [Blogger] => C:\ProgramData\Blogger\Blogger.exe [602624 2018-05-24] ()
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\MountPoints2: {0f22391c-3793-11e6-a7b5-38607712ae2b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Run: [Blogger] => C:\ProgramData\Blogger\Blogger.exe [602624 2018-05-24] ()
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\MountPoints2: {0f22391c-3793-11e6-a7b5-38607712ae2b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Run: [Blogger] => C:\ProgramData\Blogger\Blogger.exe [602624 2018-05-24] ()
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\MountPoints2: {0f22391c-3793-11e6-a7b5-38607712ae2b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680\...\Run: [AvastBrowserAutoLaunch_2DBFB5352485E0EB9E898B77FB41B75B] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1563056 2018-05-10] (AVAST Software)
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680\...\MountPoints2: E - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096\...\Run: [AvastBrowserAutoLaunch_2DBFB5352485E0EB9E898B77FB41B75B] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1563056 2018-05-10] (AVAST Software)
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096\...\MountPoints2: E - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-18\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NIS2250215-SHPD-FSD51083}\FSDUI_Custom.exe /m

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{51F6769C-12CA-428D-9226-9FC257F2210C}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {B9F5F633-FC77-40A9-9A0C-D650A123A1B5} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {B9F5F633-FC77-40A9-9A0C-D650A123A1B5} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {E637D689-D844-4495-8381-657613F53CF2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E637D689-D844-4495-8381-657613F53CF2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000 -> DefaultScope {2CC9E97C-4E72-4740-A15B-1B9A469F6B9A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000 -> {2CC9E97C-4E72-4740-A15B-1B9A469F6B9A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000 -> {B9F5F633-FC77-40A9-9A0C-D650A123A1B5} URL =
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000 -> {E637D689-D844-4495-8381-657613F53CF2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485 -> DefaultScope {2CC9E97C-4E72-4740-A15B-1B9A469F6B9A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485 -> {2CC9E97C-4E72-4740-A15B-1B9A469F6B9A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485 -> {B9F5F633-FC77-40A9-9A0C-D650A123A1B5} URL =
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485 -> {E637D689-D844-4495-8381-657613F53CF2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240 -> DefaultScope {2CC9E97C-4E72-4740-A15B-1B9A469F6B9A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240 -> {2CC9E97C-4E72-4740-A15B-1B9A469F6B9A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240 -> {B9F5F633-FC77-40A9-9A0C-D650A123A1B5} URL =
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240 -> {E637D689-D844-4495-8381-657613F53CF2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> DefaultScope {D9C69E07-2949-4418-B3D6-0804592D99DB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> {B9F5F633-FC77-40A9-9A0C-D650A123A1B5} URL =
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> {D9C69E07-2949-4418-B3D6-0804592D99DB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> {E637D689-D844-4495-8381-657613F53CF2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> DefaultScope {D9C69E07-2949-4418-B3D6-0804592D99DB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> {B9F5F633-FC77-40A9-9A0C-D650A123A1B5} URL =
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> {D9C69E07-2949-4418-B3D6-0804592D99DB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS449
SearchScopes: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> {E637D689-D844-4495-8381-657613F53CF2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-20] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-04-13] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-05-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-20] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-01-19] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-13] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-01-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-01-19] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default [2018-05-25]
FF NetworkProxy: Mozilla\Firefox\Profiles\s0wabcj3.default -> http", "24.1.196.123"
FF Extension: (ADB Helper) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\adbhelper@mozilla.org.xpi [2018-02-24] [Legacy]
FF Extension: (Valence) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\fxdevtools-adapters@mozilla.org [2017-08-05] [Legacy]
FF Extension: (One Click Proxy) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2017-07-24] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\sp@avast.com.xpi [2018-05-16]
FF Extension: (uBlock Origin) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\uBlock0@raymondhill.net.xpi [2018-05-15]
FF Extension: (Avast Online Security) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\wrc@avast.com.xpi [2017-10-24]
FF Extension: (UltraSurf Firefox Tool) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi [2013-06-24] [Legacy] [not signed]
FF Extension: (CacheViewer) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2016-08-19] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Extension: (Adblock Plus) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-16]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Masum\AppData\Roaming\Mozilla\Firefox\Profiles\s0wabcj3.default\features\{82baeee0-d909-4a5d-9bda-c75a0ae1f56d}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-05-24] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-01-20] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2902018265-2691646341-252654193-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Masum\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485: @citrixonline.com/appdetectorplugin -> C:\Users\Masum\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240: @citrixonline.com/appdetectorplugin -> C:\Users\Masum\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-14] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://start.toshiba.com/g/
CHR StartupUrls: Default -> "hxxp://start.toshiba.com/g/"
CHR Profile: C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default [2018-05-25]
CHR Extension: (YouTube) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
CHR Extension: (Google Search) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2018-04-25]
CHR Extension: (Avast SafePrice) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-05-19]
CHR Extension: (Avast Online Security) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-25]
CHR Extension: (Skype) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-25]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-03-08]
CHR Extension: (Gmail) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-25]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-13] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-16] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-13] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-16] (AVAST Software)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2018-04-27] (Microsoft Corporation)
S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [674768 2018-03-08] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-04-24] (Alcatel-Lucent) [File not signed]
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-04-24] (Alcatel-Lucent) [File not signed]
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [135608 2011-12-10] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2123584 2011-12-14] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196640 2018-04-13] (AVAST Software)
S1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-04-13] (AVAST Software)
S0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-04-13] (AVAST Software)
S0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-04-13] (AVAST Software)
S0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-04-13] (AVAST Software)
S1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [227784 2018-04-13] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-04-13] (AVAST Software)
S2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [147224 2018-04-13] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111352 2018-04-13] (AVAST Software)
S0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-04-13] (AVAST Software)
S1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-04-13] (AVAST Software)
S1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-05-12] (AVAST Software)
S2 aswStm; C:\windows\System32\drivers\aswStm.sys [205976 2018-04-13] (AVAST Software)
S0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-04-13] (AVAST Software)
S3 bcm; C:\windows\System32\DRIVERS\drxvi314_64.sys [389408 2011-04-05] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\windows\System32\DRIVERS\BcmBusCtr_64.sys [67360 2011-04-05] (Beceem communications pvt ltd.)
S3 connctfy; C:\windows\System32\DRIVERS\connctfy.sys [34880 2011-03-07] (Connectify)
S3 connctfyMP; C:\windows\System32\DRIVERS\connctfy.sys [34880 2011-03-07] (Connectify)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-25] (Malwarebytes)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S1 VBoxUSBMon; C:\windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S1 XQHDrv; C:\windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
S1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-25 17:48 - 2018-05-25 17:53 - 000038061 _____ C:\Users\Masum\Downloads\FRST.txt
2018-05-25 17:47 - 2018-05-25 17:48 - 000000000 ____D C:\FRST
2018-05-25 17:47 - 2018-05-25 17:47 - 002413056 _____ (Farbar) C:\Users\Masum\Downloads\FRST64.exe
2018-05-25 17:33 - 2018-05-25 17:34 - 000002429 _____ C:\Users\Guest\Desktop\Avast Secure Browser.lnk
2018-05-25 17:33 - 2018-05-25 17:33 - 000000000 ____D C:\Users\Guest\AppData\Local\AVAST Software
2018-05-25 17:31 - 2018-05-25 17:37 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-05-25 16:45 - 2018-05-25 16:45 - 000000000 ____D C:\Users\Masum\AppData\Local\AdvinstAnalytics
2018-05-25 16:44 - 2018-05-25 16:44 - 000002070 _____ C:\Users\Masum\Desktop\ImpaqSpeed.lnk
2018-05-25 16:44 - 2018-05-25 16:44 - 000000000 ____D C:\Users\Masum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImpaqSpeed
2018-05-25 16:44 - 2018-05-25 16:44 - 000000000 ____D C:\Users\Masum\AppData\Local\ImpaqSpeed
2018-05-25 16:44 - 2018-05-25 16:44 - 000000000 ____D C:\ProgramData\Blogger
2018-05-25 16:43 - 2018-05-25 16:43 - 000000000 ____D C:\windows\SysWOW64\SSL
2018-05-25 16:39 - 2018-05-25 16:39 - 000001155 _____ C:\Users\Public\Desktop\Screen Recorder.lnk
2018-05-25 16:39 - 2018-05-25 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZD Soft
2018-05-25 16:39 - 2018-05-25 16:39 - 000000000 ____D C:\Program Files (x86)\ZD Soft
2018-05-25 14:21 - 2018-05-25 15:03 - 000000000 ____D C:\Users\Masum\AppData\Roaming\Apowersoft
2018-05-25 14:21 - 2018-05-25 14:21 - 000000000 ____D C:\Users\Masum\AppData\Local\Apowersoft
2018-05-25 14:20 - 2018-05-25 14:20 - 001721368 _____ (Apowersoft Ltd. ) C:\Users\Masum\Downloads\apowersoft-online-launcher.exe
2018-05-25 06:05 - 2018-05-25 06:05 - 002031104 _____ C:\windows\cd4f18d77a63604be8f8afa1fb622d66.exe
2018-05-25 06:05 - 2018-05-25 06:05 - 000047245 _____ C:\windows\uninstaller.dat
2018-05-24 16:10 - 2018-05-24 16:11 - 000000000 ____D C:\Users\Masum\Downloads\David.Copperfield.1999.BBC.Daniel.Radcliffe.WEBRip
2018-05-24 16:01 - 2018-05-24 16:01 - 000000000 ____D C:\Users\Masum\Downloads\Great.Expectations.2012.720p.BluRay.X264-7SinS [PublicHD]
2018-05-24 15:57 - 2018-05-25 12:55 - 000000000 ____D C:\Users\Masum\Downloads\Nicholas.Nickleby.2002.1080p.BluRay.H264.AAC-RARBG
2018-05-24 15:55 - 2018-05-24 16:10 - 000000000 ____D C:\Users\Masum\Downloads\Oliver Twist (2005) [1080p]
2018-05-21 01:54 - 2018-05-21 01:54 - 000000000 ____D C:\Users\Masum\AppData\Local\UnrealEngine
2018-05-21 01:54 - 2018-05-21 01:54 - 000000000 ____D C:\Users\Masum\AppData\Local\MagicalGirlDF
2018-05-21 00:15 - 2018-05-21 00:15 - 000000000 ____D C:\Users\Masum\AppData\LocalLow\Tentakero
2018-05-20 21:57 - 2018-05-21 02:27 - 000000000 ____D C:\Users\Masum\AppData\Roaming\RenPy
2018-05-20 21:55 - 2018-05-21 00:20 - 000000000 ____D C:\Users\Masum\Downloads\The Games
2018-05-16 12:41 - 2018-05-16 12:41 - 000087701 _____ C:\Users\Masum\Documents\PublicInformationRequestFo.pdf
2018-05-16 09:16 - 2018-05-16 09:16 - 000001470 _____ C:\Users\Masum\.recently-used.xbel
2018-05-16 08:39 - 2018-05-16 08:39 - 000002472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-05-16 08:38 - 2018-05-16 08:38 - 000003374 _____ C:\windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-05-16 08:38 - 2018-05-16 08:38 - 000003246 _____ C:\windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-05-16 08:38 - 2018-05-16 08:38 - 000000000 ____D C:\Users\Masum\AppData\Local\AVAST Software
2018-05-16 08:38 - 2018-05-16 08:38 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-05-14 13:28 - 2018-05-14 13:31 - 004749824 _____ C:\Users\Masum\Downloads\An_Introduction_to_Mechanics__Kleppner_Kolenkow_2e.pdf
2018-05-14 13:28 - 2018-05-14 13:28 - 000000000 ____D C:\Users\Masum\Downloads\University Physics with Modern Physics 14ed [2015]
2018-05-14 12:01 - 2018-05-14 12:01 - 000000180 _____ C:\Users\Masum\Documents\Stanford Physics.txt
2018-05-10 08:37 - 2018-05-10 08:37 - 000001838 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-10 08:37 - 2018-05-10 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-25 17:46 - 2017-09-13 02:20 - 000000000 ____D C:\Users\Masum\AppData\Roaming\qBittorrent
2018-05-25 17:38 - 2016-11-17 18:51 - 000000000 ____D C:\Users\Masum\AppData\LocalLow\Mozilla
2018-05-25 17:37 - 2014-11-11 19:27 - 001623986 _____ C:\windows\ntbtlog.txt
2018-05-25 17:33 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-05-25 17:03 - 2011-09-24 10:57 - 000000000 ____D C:\Users\Masum\AppData\Roaming\vlc
2018-05-25 16:44 - 2015-11-09 03:18 - 000000000 ____D C:\Users\Masum\AppData\Local\Package Cache
2018-05-25 16:38 - 2016-01-19 22:38 - 000000911 _____ C:\windows\Tasks\EPSON WF-3640 Series Update {497F3B43-20F3-449D-8999-C2F8A6E6A833}.job
2018-05-25 16:38 - 2016-01-19 22:38 - 000000725 _____ C:\windows\Tasks\EPSON WF-3640 Series Invitation {497F3B43-20F3-449D-8999-C2F8A6E6A833}.job
2018-05-25 15:06 - 2011-09-24 19:56 - 000000000 ____D C:\Users\Masum\AppData\Local\CrashDumps
2018-05-25 06:46 - 2009-07-13 23:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-25 06:46 - 2009-07-13 23:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-25 05:28 - 2014-11-04 00:12 - 000003942 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{1E0910A2-99E1-4BBC-AC29-3C951899F2ED}
2018-05-22 21:20 - 2017-08-12 00:08 - 000000000 _____ C:\windows\SysWOW64\last.dump
2018-05-20 10:53 - 2015-11-26 22:01 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-20 10:49 - 2011-03-28 02:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-20 10:31 - 2016-11-17 16:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-20 10:31 - 2012-05-12 22:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-19 03:06 - 2017-05-18 11:56 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-05-18 16:13 - 2011-09-17 09:32 - 000000000 ____D C:\Users\Masum\AppData\Roaming\Skype
2018-05-17 17:17 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\NDF
2018-05-17 15:42 - 2011-07-27 20:34 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 10:34 - 2011-07-27 20:33 - 000003332 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 10:34 - 2011-07-27 20:33 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 11:02 - 2014-12-29 11:31 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-16 11:01 - 2015-11-11 23:21 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-16 09:18 - 2011-11-12 09:06 - 000000000 ____D C:\Users\Masum\.gimp-2.6
2018-05-16 09:16 - 2012-03-30 21:26 - 000000000 ____D C:\Users\Masum\AppData\Roaming\gtk-2.0
2018-05-16 09:16 - 2011-09-12 16:51 - 000000000 ____D C:\Users\Masum
2018-05-16 08:39 - 2011-11-09 18:25 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-12 11:06 - 2011-11-09 18:26 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-05-11 12:14 - 2018-04-19 10:22 - 000000000 ____D C:\Users\Masum\Downloads\Fundamentals of Physics Extended (10th Ed)
2018-05-10 22:39 - 2016-01-19 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-05-09 14:31 - 2018-03-18 20:02 - 000004482 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-09 14:31 - 2012-05-05 07:28 - 000804864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-05-09 14:31 - 2012-05-05 07:28 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-05-09 14:31 - 2011-10-10 18:12 - 000000000 ____D C:\windows\system32\Macromed
2018-05-09 14:31 - 2011-10-01 11:16 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-09 14:31 - 2011-03-28 02:11 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-05-09 13:31 - 2018-03-14 04:31 - 000004470 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-07 07:45 - 2009-07-14 00:08 - 000032624 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-05-04 04:20 - 2011-09-24 17:33 - 000000000 ____D C:\Users\Masum\AppData\Roaming\SoftGrid Client
2018-05-02 19:32 - 2013-09-29 21:12 - 000000000 ____D C:\Users\Masum\Documents\Art History Summaries
2018-04-26 05:36 - 2018-04-09 11:37 - 000152184 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2013-01-11 15:13 - 2013-01-11 15:13 - 000022464 _____ (Intel Corporation) C:\Users\Masum\AppData\Roaming\JomCap.dll
2011-11-13 11:16 - 2015-12-10 06:12 - 000007597 _____ () C:\Users\Masum\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-05-18 15:51 - 2018-05-18 15:51 - 058834376 _____ (Skype Technologies S.A.) C:\Users\Masum\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-18 13:00

==================== End of FRST.txt ============================

 

Here is the Addition txt (also not on desktop, but in C://):

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Masum (25-05-2018 17:54:09)
Running from C:\Users\Masum\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-12 21:51:25)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2902018265-2691646341-252654193-500 - Administrator - Disabled)
Guest (S-1-5-21-2902018265-2691646341-252654193-501 - Limited - Enabled) => C:\Users\Guest
Masum (S-1-5-21-2902018265-2691646341-252654193-1000 - Administrator - Enabled) => C:\Users\Masum

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
AutoHotkey 1.1.24.00 (HKLM\...\AutoHotkey) (Version: 1.1.24.00 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 65.2.491.182 - AVAST Software)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.1005 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.1005 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.20.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{29F4F2C2-CB73-418D-BA99-7BB5ECD9F7BF}) (Version: 4.4.6 - Seiko Epson Corporation)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FINAL FANTASY IV (HKLM-x32\...\RklOQUxGQU5UQVNZSVY=_is1) (Version: 1 - )
FINAL FANTASY IV: THE AFTER YEARS (HKLM-x32\...\RklOQUxGQU5UQVNZSVZUSEVBRlRFUllFQVJT_is1) (Version: 1 - )
FINAL FANTASY IX (HKLM-x32\...\FINAL FANTASY IX_is1) (Version:  - )
Final Fantasy X X-2 HD Remaster (HKLM-x32\...\Final Fantasy X X-2 HD Remaster_is1) (Version:  - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Impaq Speed (HKLM-x32\...\{A748B732-CE3E-4DB7-BB04-B618F51D4ADB}) (Version: 1.0.2.0 - Melasys LLC)
Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Intel® Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Magic ISO Maker v5.5 (build 0272) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0272)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2250 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{F1F2C3CF-BE57-4C12-951E-2F0A01C173F4}) (Version: 2.23.1 - The Pokémon Company International)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Python 3.5.0 (64-bit) (HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 (64-bit) (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 (64-bit) (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 Core Interpreter (64-bit) (HKLM\...\{9D059C5B-80A5-46AA-BC8A-FD41E89D0A49}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Development Libraries (64-bit) (HKLM\...\{6EA6724A-71C6-43EE-BE9F-80E3C0DC8A4F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Documentation (64-bit) (HKLM\...\{3B016F3B-917E-477F-920A-BBBA12E09F8B}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Executables (64-bit) (HKLM\...\{9C67D7CC-26D3-4535-9D0A-F4591AD9B11F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Launcher (32-bit) (HKLM-x32\...\{A095BD6B-4F39-46A4-9AA1-8F7296492974}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Standard Library (64-bit) (HKLM\...\{5741118B-D61A-4F27-BB80-0CAED22FE20B}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Tcl/Tk Support (64-bit) (HKLM\...\{47483182-8783-45CB-9120-77FDB241E2FF}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Test Suite (64-bit) (HKLM\...\{B2AB1292-01D1-4972-BF56-43531A2AA3BA}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Utility Scripts (64-bit) (HKLM\...\{2B5129D0-C4C1-4322-8888-D0B6CDA6DCD2}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6289 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.3.3.64M - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0010 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0006 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.13 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TuneUp Utilities 2012 (HKLM-x32\...\{32364CEA-7855-4A3C-B674-53D8E9B97936}) (Version: 12.0.2160.13 - TuneUp Software) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.2160.13 - TuneUp Software)
TuneUp Utilities Language Pack (en-US) (HKLM-x32\...\{A95A76C9-6F65-477E-83A0-9F884B6DC21B}) (Version: 12.0.2160.13 - TuneUp Software) Hidden
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
ZD Soft Screen Recorder 11.0.5 (HKLM-x32\...\{865AF987-0FCC-41FC-853C-B01880AED19C}) (Version: 11.0.5.0 - ZD Soft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Masum\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Masum\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Masum\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902018265-2691646341-252654193-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Masum\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-13] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-13] (AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1-x32: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-13] (AVAST Software)
ContextMenuHandlers1-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1-x32: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-x64.dll [2011-12-14] (TuneUp Software)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-13] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4-x32: [TuneUp Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x64.dll [2011-12-14] (TuneUp Software)
ContextMenuHandlers4-x32: [TuneUp Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-x64.dll [2011-12-14] (TuneUp Software)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-04-04] (Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-13] (AVAST Software)
ContextMenuHandlers6-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2902018265-2691646341-252654193-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masum\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2902018265-2691646341-252654193-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masum\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2902018265-2691646341-252654193-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masum\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0861C621-E917-46D8-823C-1A8F4E733DDF} - System32\Tasks\EPSON WF-3640 Series Update {497F3B43-20F3-449D-8999-C2F8A6E6A833} => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {17D97CB2-E70F-434E-BBD6-DF31F890E75D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1D232D92-4ACA-4623-92F6-9654191F9926} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {218B44F4-FBE2-4E92-808A-2751373F4FBF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-02] (AVAST Software)
Task: {23E176EB-58EA-4C24-84C5-98823588DDE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-20] (Microsoft Corporation)
Task: {2E2D2C02-A855-4205-8C72-84012DB019FC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-20] (Microsoft Corporation)
Task: {425261A0-BC73-4B98-A8B5-664D32211130} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-27] (Microsoft Corporation)
Task: {4DA4A302-C9F4-4255-BAF4-6E52FAE737A2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {5F52DFDB-A2D2-4487-9096-3BFA4F411C67} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-14] (AVAST Software)
Task: {704940E3-8039-4610-885E-6B280BDC5459} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {736C02E6-FEED-49DF-A758-8CB7A6F4D9F2} - System32\Tasks\{1B9EEE3D-3452-48B0-86E6-238472A45526} => C:\windows\system32\pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {7ECCD91F-7A22-4E76-A943-113C29600860} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software)
Task: {8698E03C-8F89-417B-BF36-C4D15A97DB96} - System32\Tasks\{F13F891B-C546-489A-8536-E4606B0970E2} => C:\Users\Masum\Downloads\AQ\Dark Mystic 3.3\Dark Mystic v3.3.exe [2012-04-23] (Mystical Networks )
Task: {8B633971-2C48-4536-8CAF-929C51ED8604} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-16] (AVAST Software)
Task: {91108181-9C27-47BF-9BBD-15F2B97F369B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {A7BE7EB8-6180-48B5-94D9-5ED05550475A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
Task: {AEDDF037-D3AA-40F8-AF2C-A6715938A6E2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-13] (AVAST Software)
Task: {B608B507-AA68-462E-B76A-76B87C984425} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {B7E0A873-BB52-4607-A731-550E20A71C05} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-27] (Microsoft Corporation)
Task: {B992C75B-B94E-4706-8FA9-7C445E92C943} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-16] (AVAST Software)
Task: {BA6DE1D8-A207-4F72-A2DF-077B4D80C1B9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {CB9D2EC0-E755-4ED9-81B4-ED223265B179} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D57B77FA-663E-41D8-899F-037BDF34AB95} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-20] (Microsoft Corporation)
Task: {E30B3C81-9A48-4F02-8868-2389BEA58B20} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {E568EBC2-DD09-41DC-B89A-F675BEC8F06E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {F3B81C85-7CF2-4751-9FEB-5DF1E5422975} - System32\Tasks\EPSON WF-3640 Series Invitation {497F3B43-20F3-449D-8999-C2F8A6E6A833} => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\EPSON WF-3640 Series Invitation {497F3B43-20F3-449D-8999-C2F8A6E6A833}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\windows\Tasks\EPSON WF-3640 Series Update {497F3B43-20F3-449D-8999-C2F8A6E6A833}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{497F3B43-20F3-449D-8999-C2F8A6E6A833} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-10 08:37 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-05-05 13:47 - 2018-01-19 22:24 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\$talisma_url$ -> hxxps://$talisma_url$
IE trusted site: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\$talisma_url$ -> hxxps://$talisma_url$
IE trusted site: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\$talisma_url$ -> hxxps://$talisma_url$

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2902018265-2691646341-252654193-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Masum\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\Control Panel\Desktop\\Wallpaper -> C:\Users\Masum\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\Control Panel\Desktop\\Wallpaper -> C:\Users\Masum\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Masum^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: YouCam Service => "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0CACB0EE-BB4D-4134-8CE1-73919490528B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4E44CD93-2E68-4A6D-B43A-73E8731514C0}] => (Allow) LPort=2869
FirewallRules: [{2FAA2C9A-03A5-4E4F-B510-559E0E9F6375}] => (Allow) LPort=1900
FirewallRules: [{530DD31A-F7C4-455B-8B86-3FEBF1689542}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B3B9FEB9-6324-40CF-BAD9-3C52C781125B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0A5C2EBF-F00A-47BD-A97C-8B9593C1240C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{8E7D65A6-C593-4E34-B28D-91FA5DF68D62}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E79F1050-0E86-4480-B26C-E7BF052CC5EE}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{DF7A8E8A-FB8B-4BDE-96B3-C26BBA9E930A}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{4A50BFDB-D994-4014-8C52-F30A8C98CAF3}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2011\UpdateWizard.exe
FirewallRules: [{1A1D1223-63D7-4F9C-992C-9E29880AAD2A}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2011\UpdateWizard.exe
FirewallRules: [{CFE3657E-BB4C-4942-A507-C065B66D1449}] => (Block) %ProgramFiles% (x86)\RegClean Pro\RegCleanPro.exe
FirewallRules: [{01763A03-A9D7-4FFA-91CB-481737FA4D5E}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2012\UpdateWizard.exe
FirewallRules: [{8F23EB8E-270C-4FAD-B5D1-64A777F15DC3}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2012\UpdateWizard.exe
FirewallRules: [{63892BEF-C7C3-4EC3-BAD2-622AD00F5592}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2012\UpdateWizard.exe
FirewallRules: [{7702B13E-0E32-4046-B55E-F1B707922A0A}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2012\UpdateWizard.exe
FirewallRules: [{4CC6169A-D3D6-4E2F-BD39-1FCC3AE023E0}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2012\Integrator.exe
FirewallRules: [{9E9C7B4D-83AD-4F55-8DDC-2AD48E1C7964}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2012\Integrator.exe
FirewallRules: [{75653563-BD97-4FAD-BEB1-1F7F91B631FD}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2012\Integrator.exe
FirewallRules: [{06D13670-5457-4F9E-9E5F-2EC7C18CE0D3}] => (Block) C:\Program Files (x86)\TuneUp Utilities 2012\Integrator.exe
FirewallRules: [{26E6F9A9-551C-456D-B019-B6BB19748F38}] => (Block) %ProgramFiles% (x86)\TuneUp Utilities 2012\SilentUpdater.exe
FirewallRules: [{71596CC5-B4C5-446B-84E5-2231E3BF3030}] => (Block) %ProgramFiles% (x86)\TuneUp Utilities 2012\UpdateWizard.exe
FirewallRules: [{2C4A1316-4401-4F94-A964-FBAFA753BEF3}] => (Block) %ProgramFiles% (x86)\Advanced System Optimizer 3\CheckUpdate.exe
FirewallRules: [{C9BD0E98-E3FF-4F0A-A3F3-5690CDDFE8C4}] => (Block) %ProgramFiles% (x86)\Advanced System Optimizer 3\ASO3.exe
FirewallRules: [{B7DB7A1F-3690-4E69-8594-AB2102E98497}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{28EE9FAC-8165-48CD-A521-12FFD69A6C0D}] => (Allow) C:\Users\Masum\Downloads\AQ\le bot 3.3_mpgh.net\Le Bot 7.8_mpgh.net\Le Bot 7.8.exe
FirewallRules: [{E9F14060-CD3E-4DD1-BE33-D71AC1CFA37D}] => (Allow) C:\Users\Masum\Downloads\AQ\le bot 3.3_mpgh.net\Le Bot 7.8_mpgh.net\Le Bot 7.8.exe
FirewallRules: [{53808F3C-1DAF-41C0-B1D3-75D6DF730791}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{8D09680A-3456-42FA-835D-A7AB10725907}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6C5726E-E2CD-46DF-A317-50CB908A6770}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7EDD37BB-1117-457C-94AA-3027C06AE9AC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C5DB3779-DCBD-4B34-BDD4-E3C8322CB92F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E07E5398-56F5-403A-865B-FA84AB1BE9AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BE55724-362E-491C-B6F1-B68F0D7F7FC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A34130DC-1065-4AF0-BE07-AC12D4756063}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F4626024-B994-49A1-A57D-8ADBA78621AF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{33EB1FBC-30CF-4080-81B3-05AFEEFE12DD}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{6D162BB3-8AFB-4BB9-B000-E6E41F54140E}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{7318B721-0A17-49F5-A123-512673C16ACB}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{90A4FE95-D859-40A2-A93D-F5CD2683062E}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{27A06287-B911-468F-A835-0CB849BD0B66}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{06468701-1602-441F-AFCE-82672EA4F55F}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{C0CA67F7-FD63-4A80-AC6D-86487BF440AA}] => (Allow) C:\Users\Masum\AppData\Roaming\Pokémon Trading Card Game Online\PokemonTradingCardGameOnline\Pokemon Trading Card Game Online.exe
FirewallRules: [{332B0FCF-9446-4E75-A0CC-F863095E6F43}] => (Allow) C:\Users\Masum\AppData\Roaming\Pokémon Trading Card Game Online\PokemonTradingCardGameOnline\Pokemon Trading Card Game Online.exe
FirewallRules: [{1729DF66-1283-4B88-A26F-79A2F87D4F14}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{59456896-D246-4D14-913D-A3593FA6E04A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{22BEC531-CC93-4E17-B4A6-75C23949D9A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C121AD83-B001-47CB-BC2B-CB9E2EFE960E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0065607A-75F4-4B60-9C20-EDFCE32950BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{880396E3-EB27-447E-8CC5-194C04D713D8}C:\program files (x86)\final fantasy iv\ff4_launcher.exe] => (Block) C:\program files (x86)\final fantasy iv\ff4_launcher.exe
FirewallRules: [UDP Query User{033AA6F0-A4F5-4A42-B5F5-9A2812266178}C:\program files (x86)\final fantasy iv\ff4_launcher.exe] => (Block) C:\program files (x86)\final fantasy iv\ff4_launcher.exe
FirewallRules: [TCP Query User{7B49E8BF-721D-467F-AEA8-A46BEA43C6B5}C:\program files (x86)\final fantasy iv\ff4.exe] => (Block) C:\program files (x86)\final fantasy iv\ff4.exe
FirewallRules: [UDP Query User{E46D6574-B834-41BF-96E2-1F58390867F2}C:\program files (x86)\final fantasy iv\ff4.exe] => (Block) C:\program files (x86)\final fantasy iv\ff4.exe
FirewallRules: [TCP Query User{381421C3-DEC5-4739-BFA6-914693CCF02B}C:\program files (x86)\final fantasy iv the after years\ff4a_launcher.exe] => (Block) C:\program files (x86)\final fantasy iv the after years\ff4a_launcher.exe
FirewallRules: [UDP Query User{C6CCF0CE-54B3-42A4-B023-BCCAAB0C5B23}C:\program files (x86)\final fantasy iv the after years\ff4a_launcher.exe] => (Block) C:\program files (x86)\final fantasy iv the after years\ff4a_launcher.exe
FirewallRules: [TCP Query User{03F13F29-AFF1-4A65-BCA8-0C5C710EB70C}C:\program files (x86)\final fantasy iv the after years\ff4a.exe] => (Block) C:\program files (x86)\final fantasy iv the after years\ff4a.exe
FirewallRules: [UDP Query User{BCEB9A5A-9D10-452E-AC98-4229C092DC9E}C:\program files (x86)\final fantasy iv the after years\ff4a.exe] => (Block) C:\program files (x86)\final fantasy iv the after years\ff4a.exe
FirewallRules: [{4853CD3F-794F-4543-B6FC-483F30D2B134}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{956CAC33-3461-4EE8-9323-4016B3E52D95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C0A07061-BC90-4C65-AB5D-ACDD6E2B7CE5}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{C8543F5F-5F90-42D0-B019-477DACD4270F}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe

==================== Restore Points =========================

18-05-2018 13:07:58 Scheduled Checkpoint
25-05-2018 16:39:07 Installed ZD Soft Screen Recorder 11.0.5

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2018 05:38:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/25/2018 05:34:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/25/2018 05:31:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Failed to Start the CVH service 1063

Error: (05/25/2018 05:23:38 PM) (Source: Application Virtualization Client) (EventID: 2010) (User: )
Description: The Application Virtualization Core Service could not start because a driver failed to respond.

Error: (05/25/2018 05:23:37 PM) (Source: Application Virtualization Client) (EventID: 3030) (User: )
Description: {tid=A80}
Client core could not be initialized (rc 10302504-00000A17)

Error: (05/25/2018 05:10:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2018 05:10:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2018 04:55:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (05/25/2018 05:39:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (05/25/2018 05:38:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/25/2018 05:37:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/25/2018 05:37:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/25/2018 05:37:50 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/25/2018 05:37:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/25/2018 05:37:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 21

Error: (05/25/2018 05:37:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswArPot
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswHdsKe
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
VBoxUSBMon
Wanarpv6
XQHDrv


Windows Defender:
===================================
Date: 2014-11-09 08:40:07.319
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 30%
Total physical RAM: 6055.98 MB
Available physical RAM: 4196.17 MB
Total Virtual: 12110.14 MB
Available Virtual: 10486.31 MB

==================== Drives ================================

Drive c: (TI106130W0F) (Fixed) (Total:580.94 GB) (Free:111.42 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{c98096f6-b8b2-11e0-ad42-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: E62CE38D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.8 GB) - (Type=17)

==================== End of Addition.txt ============================

 

Thank you very much for your help!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:16 AM

Posted 26 May 2018 - 07:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Impaq Speed (HKLM-x32\...\{A748B732-CE3E-4DB7-BB04-B618F51D4ADB}) (Version: 1.0.2.0 - Melasys LLC)

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680\...\MountPoints2: E - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096\...\MountPoints2: E - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR Extension: (Avast SafePrice) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-05-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Task: {736C02E6-FEED-49DF-A758-8CB7A6F4D9F2} - System32\Tasks\{1B9EEE3D-3452-48B0-86E6-238472A45526} => C:\windows\system32\pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
FirewallRules: [{CFE3657E-BB4C-4942-A507-C065B66D1449}] => (Block) %ProgramFiles% (x86)\RegClean Pro\RegCleanPro.exe

C:\Users\Masum\AppData\Local\ImpaqSpeed
E:\startup\hollyhood.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please run the Malwarebytes's program in Normal mode.
Remove every items found.

Restart the computer normally.

Let me know what problem persists.

Please let me know what problem persists with this computer.

#3 Myrciel

Myrciel
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 26 May 2018 - 10:53 AM

Thanks for helping me again, Nasdaq.

 

Before receiving your reply, I was able to uninstall Impaq in Normal Windows Boot Mode. I hope doing that didn't affect anything negatively. The only visible problems after that two processes appearing in Task Manager named "Blogger.exe" and "conhost.exe". I don't recall seeing either before, but conhost.exe seemed to be legitimate, based on Googling. Blogger.exe was created on May 25th, 2018, and it started on startup, so I think it was malware. After deleting the file from the location listed in the process' properties (C:\ProgramData), the process didn't start up anymore. I did what you requested after that. Malwarebytes didn't detect anything. No problems seem to be persisting currently from what I can tell.

 

Here's the fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Masum (26-05-2018 10:19:07) Run:1
Running from C:\Users\Masum\Downloads
Loaded Profiles: Masum (Available Profiles: Masum & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys)
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680\...\MountPoints2: E - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096\...\MountPoints2: E - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR Extension: (Avast SafePrice) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-05-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Task: {736C02E6-FEED-49DF-A758-8CB7A6F4D9F2} - System32\Tasks\{1B9EEE3D-3452-48B0-86E6-238472A45526} => C:\windows\system32\pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
FirewallRules: [{CFE3657E-BB4C-4942-A507-C065B66D1449}] => (Block) %ProgramFiles% (x86)\RegClean Pro\RegCleanPro.exe

C:\Users\Masum\AppData\Local\ImpaqSpeed
E:\startup\hollyhood.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2902018265-2691646341-252654193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ImpaqSpeed" => not found
"HKU\S-1-5-21-2902018265-2691646341-252654193-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu" => removed successfully
"HKU\S-1-5-21-2902018265-2691646341-252654193-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogOff" => removed successfully
"HKU\S-1-5-21-2902018265-2691646341-252654193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b8e8113-77da-11e2-97a3-38607712ae2b}" => removed successfully
HKLM\Software\Classes\CLSID\{0b8e8113-77da-11e2-97a3-38607712ae2b} => not found
"HKU\S-1-5-21-2902018265-2691646341-252654193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6d3dfd5-fd7b-11e0-b307-38607712ae2b}" => removed successfully
HKLM\Software\Classes\CLSID\{f6d3dfd5-fd7b-11e0-b307-38607712ae2b} => not found
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Policies\Explorer: [NoChangeStartMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\Policies\Explorer: [NoLogOff] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Run: [ImpaqSpeed] => C:\Users\Masum\AppData\Local\ImpaqSpeed\qtspeedtest.exe [15219304 2018-05-21] (Melasys) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Policies\Explorer: [NoChangeStartMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\Policies\Explorer: [NoLogOff] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\MountPoints2: {0b8e8113-77da-11e2-97a3-38607712ae2b} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\MountPoints2: {f6d3dfd5-fd7b-11e0-b307-38607712ae2b} - E:\setup.exe => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680\...\MountPoints2: E - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096\...\MountPoints2: E - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\startup\hollyhood.exe => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => removed successfully
"HKU\S-1-5-21-2902018265-2691646341-252654193-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173914680 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2902018265-2691646341-252654193-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174257096 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File => Error: No automatic fix found for this entry.
CHR Extension: (Avast SafePrice) - C:\Users\Masum\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-05-19] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
"HKU\S-1-5-21-2902018265-2691646341-252654193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}\\SystemComponent" => removed successfully
Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018173904485\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden => Error: No automatic fix found for this entry.
Impaq Speed (HKU\S-1-5-21-2902018265-2691646341-252654193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05252018174247240\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{736C02E6-FEED-49DF-A758-8CB7A6F4D9F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{736C02E6-FEED-49DF-A758-8CB7A6F4D9F2}" => removed successfully
C:\windows\System32\Tasks\{1B9EEE3D-3452-48B0-86E6-238472A45526} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B9EEE3D-3452-48B0-86E6-238472A45526}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFE3657E-BB4C-4942-A507-C065B66D1449}" => removed successfully
"C:\Users\Masum\AppData\Local\ImpaqSpeed" => not found
"E:\startup\hollyhood.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44796302 B
Java, Flash, Steam htmlcache => 150693 B
Windows/system/drivers => 2396234 B
Edge => 0 B
Chrome => 917545714 B
Firefox => 384458856 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 101742 B
systemprofile32 => 45106133 B
LocalService => 66228 B
NetworkService => 971273 B
Masum => 764496679 B
Guest => 38717042 B

RecycleBin => 0 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:21:34 ====



#4 Myrciel

Myrciel
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 26 May 2018 - 12:55 PM

Conhost.exe still appears in the processes tab of task manager, though, if that's a problem.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:16 AM

Posted 26 May 2018 - 01:14 PM

Hi,

processes appearing in Task Manager named "Blogger.exe" and "conhost.exe". I don't recall seeing either before, but conhost.exe seemed to be legitimate, based on Googling. Blogger.exe was created on May 25th, 2018, and it started on startup, so I think it was malware. After deleting the file from the location listed in the process' properties (C:\ProgramData), the process didn't start up anymore.


If the Conhost.exe was in the ProgramData folder is was malware.

---

How is the computer running now?

#6 Myrciel

Myrciel
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 26 May 2018 - 02:20 PM

Oh okay, it's in the System32 folder. Thank you so much for helping me! If anything else comes up, I'll let you know in this post.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:16 AM

Posted 27 May 2018 - 06:03 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#8 Myrciel

Myrciel
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 28 May 2018 - 03:32 PM

Hi again, nasdaq.

 

I haven't noticed any problems since you helped me so far, but when I go to my installed programs list in the control panel, Impaq Speed by Melasys LLC is shown there, with installation date 5/26/2018. Right clicking it doesn't bring up the mini menu with the uninstall option like it does for all the other programs. Is this bad and is there a way I can remove it?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:16 AM

Posted 29 May 2018 - 06:16 AM

Hi,

It's an empty item buit still listed in the Registry.

Nothing can be run from that entry. The program has been deleted.

You can remove it from the registry Program List using this tool. It's your call.
https://www.howtogeek.com/314734/how-to-manually-remove-programs-from-the-windows-uninstall-program-list/

#10 Myrciel

Myrciel
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 29 May 2018 - 11:32 AM

Oh okay, that's pleasant to know. Thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users