Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Nyetya Trojan which came with the hacked CCleaner Update

Started by Channeal , Sep 19 2017 11:33 AM
Nyetya trojan

  • This topic is locked This topic is locked

#1
Channeal
Posted 19 September 2017 - 11:33 AM

Channeal

    Member

  • Member
  • PipPipPip
  • 879 posts

I am running Windows 7 Home Premium SP1 on an 11-year-old Dell Dimension 9150 computer

I was away from home from the 16th August until late last Friday and therefore was not using my computer - although my son came here a few times while I was away and most probably used it while he was here. Just before I went away, I believe that CCleaner did an update. I read last night - on a 'How-To Geek' post on Facebook - that there was recently a problem with CCleaner and that it was hacked and malware distributed during an update (version 5.33.6162) released on the 15th August. (See https://www.howtogee...ou-need-to-know)

I have not actually used the computer very much since returning home as some health problems affecting a family member have been taking my time and attention. However, after reading about the CCleaner problems I checked which version I was running and found it to be 5.33.6163 which I believe to be a clean version of the previous update. I ran Malwarebytes and it found a trojan called Nyetya in a CCleaner folder and quarantined it.

In addition to the Malwarebytes scan, I have run an Avast antivirus scan, a SuperAntiSpyware scan and also an online scan with Eset, none of which have found any further malware. I also attempted to restore my computer back to the 10th August: it told me the restoration was not completed fully, although I have not identified any problems. I have also now deleted CCleaner altogether for the time being.

I am not aware of any problems with the computer - but my attempts at running FRST with a view to posting the log here have all been unsuccessful. When I click on scan, I get the following message: 'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.' Can't work out what the problem is. But anyway...... should everything be okay now that the Nyetya trojan has been quarantined by Malwarebytes?

 

EDIT Did some more research on this (Bleeping Computer has a very helpful page on it) and read about the Floxif Malware. I checked the registry and it was present on my comp! :( Turns out that when I did my Malwarebytes scan last night it must have been literally only just before they added Floxif to their database. I ran another scan this evening - and this time it picked it up and quarantined it. So that's a good thing!

 

After deleting Floxif, I can now run FRST okay. Please see results below.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2017
Ran by channeal (administrator) on NEAL1-DELL (19-09-2017 23:42:47)
Running from C:\Users\channeal\Desktop
Loaded Profiles: channeal (Available Profiles: channeal)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Dell Inc.) C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe
() C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDFViewer\PdfPro7Hook.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTSched.exe
(Sony) C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Spotify Ltd) C:\Users\channeal\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-15] (AVAST Software)
HKLM\...\Run: [StatusAutoRunC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe [3024360 2013-02-06] (Dell Inc.)
HKLM\...\Run: [ReminderApp] => C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe [144672 2009-10-20] ()
HKLM\...\Run: [PPort14reminder] => "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
HKLM\...\Run: [PDFProHook] => C:\Program Files\Nuance\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [36168 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [LauncherC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe [2471928 2013-08-13] (Dell Inc.)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [26112 2014-03-01] (Creative Technology Ltd)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [261432 2017-09-11] (Apple Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\Run: [Touro Cloud Backup] => C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe [2063968 2014-10-24] ()
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844320 2017-09-16] (SUPERAntiSpyware)
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\Run: [CreativeTaskScheduler] => C:\Program Files\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-05-31] (Sony)
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\Run: [Spotify Web Helper] => C:\Users\channeal\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-09] (Spotify Ltd)
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\MountPoints2: {d748d1e9-fded-11e6-855c-00137216c65c} - L:\startme.exe
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{3D72390A-BFE7-41C9-A155-E7BED6B3E286}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://my.yahoo.com/
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2012-11-26] (Yahoo! Inc.)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files\Ghostery\bin\ghostery.dll [2015-10-30] (Ghostery, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-09-15] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-02-05] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-02-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-02-05] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8qr829pg.2017-02-05
FF ProfilePath: C:\Users\channeal\AppData\Roaming\Mozilla\Firefox\Profiles\8qr829pg.2017-02-05 [2017-09-19]
FF Homepage: Mozilla\Firefox\Profiles\8qr829pg.2017-02-05 -> my.yahoo.com
FF Extension: (F.B. Purity - Cleans Up Facebook) - C:\Users\channeal\AppData\Roaming\Mozilla\Firefox\Profiles\8qr829pg.2017-02-05\Extensions\[email protected] [2017-08-02]
FF Extension: (Ghostery) - C:\Users\channeal\AppData\Roaming\Mozilla\Firefox\Profiles\8qr829pg.2017-02-05\Extensions\[email protected] [2017-09-12]
FF Extension: (youtubetmadblock) - C:\Users\channeal\AppData\Roaming\Mozilla\Firefox\Profiles\8qr829pg.2017-02-05\Extensions\[email protected] [2017-06-15]
FF Extension: (New Tab Override) - C:\Users\channeal\AppData\Roaming\Mozilla\Firefox\Profiles\8qr829pg.2017-02-05\Extensions\[email protected] [2017-09-12]
FF Extension: (Avast Online Security) - C:\Users\channeal\AppData\Roaming\Mozilla\Firefox\Profiles\8qr829pg.2017-02-05\Extensions\[email protected] [2017-09-12]
FF Extension: (Yahoo Toolbar and New Tab) - C:\Users\channeal\AppData\Roaming\Mozilla\Firefox\Profiles\8qr829pg.2017-02-05\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}.xpi [2017-05-05]
FF Extension: (Adblock Plus) - C:\Users\channeal\AppData\Roaming\Mozilla\Firefox\Profiles\8qr829pg.2017-02-05\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-08]
FF Extension: (Share Button for Facebook™) - C:\Users\channeal\AppData\Roaming\Mozilla\Firefox\Profiles\8qr829pg.2017-02-05\Extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d}.xpi [2017-09-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2559438547-1515831249-1651957702-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2016-10-24] (Sony Network Entertainment International LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://my.yahoo.com/
CHR StartupUrls: Default -> "hxxps://my.yahoo.com/"
CHR Profile: C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default [2017-09-17]
CHR Extension: (Google Docs) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-05]
CHR Extension: (Google Drive) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-05]
CHR Extension: (Rapport) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2017-03-23]
CHR Extension: (YouTube) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-05]
CHR Extension: (Adblock Plus) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Adobe Acrobat) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-05]
CHR Extension: (Avast Online Security) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-16]
CHR Extension: (Ghostery) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-16]
CHR Extension: (Gmail) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\channeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" <not found>
CHR HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5830352 2017-09-15] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-15] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [322976 2017-09-15] (AVAST Software)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2017-02-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DLNBDB; C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [191464 2013-02-06] ()
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3126496 2017-02-21] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-29] (Nuance Communications, Inc.)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-08-25] (IBM Corp.)
R2 Touro Cloud Backup Crawler; C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe [2370656 2014-10-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [1431424 2017-05-31] (Sony)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267520 2017-09-15] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-09-15] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-09-15] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-09-15] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-09-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-09-15] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-11] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [408072 2017-09-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99568 2017-09-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-09-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [773800 2017-09-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [500136 2017-09-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [148232 2017-09-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296824 2017-09-15] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59936 2017-07-01] ()
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-09-19] (Malwarebytes)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows ® Win 7 DDK provider)
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [203072 2017-08-25] (IBM Corp.)
R1 RapportCerberus_1804073; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804073.sys [846472 2017-09-12] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [334912 2017-08-25] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [102888 2017-08-25] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [263744 2017-08-25] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [414432 2017-08-25] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-19 23:42 - 2017-09-19 23:44 - 000018979 _____ C:\Users\channeal\Desktop\FRST.txt
2017-09-19 23:42 - 2017-09-19 23:42 - 000000000 ____D C:\Users\channeal\Desktop\FRST-OlderVersion
2017-09-19 23:41 - 2017-09-19 23:42 - 001795584 _____ (Farbar) C:\Users\channeal\Desktop\FRST.exe
2017-09-19 09:44 - 2017-09-19 23:42 - 000000000 ____D C:\FRST
2017-09-18 22:03 - 2017-09-18 22:03 - 000001048 _____ C:\Users\channeal\Desktop\Eset.txt
2017-09-18 17:35 - 2017-09-19 18:36 - 000002000 _____ C:\Users\channeal\Desktop\CCleaner.txt
2017-09-18 17:33 - 2017-09-18 17:33 - 006754944 _____ (ESET spol. s r.o.) C:\Users\channeal\Downloads\esetonlinescanner_enu(1).exe
2017-09-17 14:21 - 2017-09-17 14:21 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-17 14:21 - 2017-09-17 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-17 14:21 - 2017-09-17 14:21 - 000000000 ____D C:\Program Files\iPod
2017-09-17 14:19 - 2017-09-17 14:21 - 000000000 ____D C:\Program Files\iTunes
2017-09-17 14:08 - 2017-09-17 14:08 - 000000000 ____D C:\Program Files\Apple Software Update
2017-09-17 13:43 - 2017-09-17 13:43 - 000483824 _____ (IBM Corp.) C:\Users\channeal\Downloads\RapportSetup (3).exe
2017-09-15 23:54 - 2017-08-15 14:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-15 23:54 - 2017-08-13 17:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-15 23:53 - 2017-08-19 16:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-15 23:53 - 2017-08-16 16:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-15 23:53 - 2017-08-16 15:50 - 002403328 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-15 23:53 - 2017-08-16 01:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-15 23:53 - 2017-08-15 16:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-15 23:53 - 2017-08-15 16:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-15 23:53 - 2017-08-15 15:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-15 23:53 - 2017-08-15 15:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-15 23:53 - 2017-08-15 15:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-15 23:53 - 2017-08-14 18:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-15 23:53 - 2017-08-14 18:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-15 23:53 - 2017-08-14 18:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-15 23:53 - 2017-08-14 18:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-15 23:53 - 2017-08-13 22:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-15 23:53 - 2017-08-13 17:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-15 23:53 - 2017-08-13 17:45 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-15 23:53 - 2017-08-13 17:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-15 23:53 - 2017-08-13 17:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-15 23:53 - 2017-08-13 17:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-15 23:53 - 2017-08-13 17:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-15 23:53 - 2017-08-13 17:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-15 23:53 - 2017-08-13 17:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-15 23:53 - 2017-08-13 17:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-15 23:53 - 2017-08-13 17:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-15 23:53 - 2017-08-13 17:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-15 23:53 - 2017-08-13 17:18 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-15 23:53 - 2017-08-13 17:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-15 23:53 - 2017-08-13 17:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-15 23:53 - 2017-08-13 17:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-15 23:53 - 2017-08-13 17:10 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-15 23:53 - 2017-08-13 17:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-15 23:53 - 2017-08-13 17:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-15 23:53 - 2017-08-13 17:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-15 23:53 - 2017-08-13 16:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-15 23:53 - 2017-08-13 16:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-15 23:53 - 2017-08-13 16:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-15 23:53 - 2017-08-13 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-15 23:53 - 2017-08-13 16:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-15 23:53 - 2017-08-13 16:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-15 23:53 - 2017-08-13 16:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-15 23:53 - 2017-08-13 16:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-15 23:53 - 2017-08-13 16:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-15 23:53 - 2017-08-13 16:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-15 23:53 - 2017-08-13 16:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-15 23:53 - 2017-08-11 07:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-09-15 23:53 - 2017-08-11 07:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-15 23:53 - 2017-08-11 07:24 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-15 23:53 - 2017-08-11 07:24 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-15 23:53 - 2017-08-11 07:21 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000781824 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 07:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-15 23:53 - 2017-08-11 07:09 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-15 23:53 - 2017-08-11 07:09 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-15 23:53 - 2017-08-11 07:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-15 23:53 - 2017-08-11 07:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-15 23:53 - 2017-08-11 07:00 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-15 23:53 - 2017-08-11 07:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-15 23:53 - 2017-08-11 07:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-15 23:53 - 2017-08-11 07:00 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-15 23:53 - 2017-08-11 07:00 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-15 23:53 - 2017-08-11 06:58 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-15 23:53 - 2017-08-11 06:58 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-15 23:53 - 2017-08-11 06:56 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-15 23:53 - 2017-08-11 06:56 - 000311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-15 23:53 - 2017-08-11 06:56 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-15 23:53 - 2017-08-11 06:56 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-15 23:53 - 2017-08-11 06:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-15 23:53 - 2017-08-11 06:56 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-15 23:53 - 2017-08-11 06:55 - 000188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-15 23:53 - 2017-08-11 06:55 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-15 23:53 - 2017-08-11 06:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-15 23:53 - 2017-08-11 06:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-15 23:53 - 2017-08-11 06:55 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-15 23:53 - 2017-08-11 06:55 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-15 23:53 - 2017-08-11 06:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 06:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 06:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-15 23:53 - 2017-08-11 06:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-15 23:53 - 2017-07-07 16:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-15 23:38 - 2017-09-15 23:36 - 000304816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-08-25 23:09 - 2017-08-25 23:09 - 000263744 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2017-08-25 23:09 - 2017-08-25 23:09 - 000102888 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-19 23:34 - 2009-07-14 05:34 - 000024272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-19 23:34 - 2009-07-14 05:34 - 000024272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-19 23:29 - 2017-05-28 20:04 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-19 23:28 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-19 23:27 - 2017-02-05 21:22 - 000055468 _____ C:\Windows\system32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2017-09-19 23:27 - 2017-02-05 21:22 - 000055468 _____ C:\Windows\system32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2017-09-19 23:27 - 2017-02-05 21:22 - 000000788 _____ C:\Windows\system32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2017-09-19 18:01 - 2009-07-14 05:53 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-19 13:52 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2017-09-18 16:45 - 2017-02-05 19:35 - 000148232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-09-18 16:36 - 2017-02-05 20:07 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2017-09-18 16:36 - 2017-02-05 19:51 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-17 22:20 - 2017-02-05 19:52 - 000000000 ____D C:\Users\channeal\AppData\LocalLow\Mozilla
2017-09-17 14:09 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2017-09-17 14:08 - 2017-02-05 22:21 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-16 11:47 - 2017-04-23 14:41 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-09-16 10:31 - 2010-11-20 22:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-16 10:26 - 2009-07-14 05:33 - 000453840 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-16 00:56 - 2017-02-06 20:41 - 000000000 ____D C:\Windows\system32\MRT
2017-09-16 00:50 - 2017-02-06 20:39 - 135337392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-15 23:37 - 2017-02-05 19:35 - 000500136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-09-15 23:37 - 2017-02-05 19:35 - 000296824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-09-15 23:37 - 2017-02-05 19:35 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-09-15 23:37 - 2017-02-05 19:35 - 000099568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-09-15 23:37 - 2017-02-05 19:35 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-09-15 23:37 - 2017-02-05 19:35 - 000042856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-09-15 23:35 - 2017-02-05 19:35 - 000773800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-09-15 23:34 - 2017-02-08 11:36 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-09-15 23:34 - 2017-02-08 11:36 - 000267520 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-09-15 23:34 - 2017-02-08 11:36 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-09-15 23:34 - 2017-02-08 11:36 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-09-15 23:34 - 2017-02-05 19:35 - 000408072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-09-15 23:26 - 2017-02-05 19:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-12 13:29 - 2017-02-07 20:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-09-12 13:29 - 2017-02-07 20:20 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-09-12 13:29 - 2017-02-07 20:20 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-12 13:29 - 2017-02-05 19:38 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-12 13:29 - 2017-02-05 19:38 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-12 13:12 - 2017-03-23 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-09-04 16:33 - 2017-02-06 11:59 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-20 21:36 - 2017-02-25 15:13 - 000000000 ____D C:\Program Files\Opera

==================== Files in the root of some directories =======

2017-07-19 13:10 - 2017-07-19 13:10 - 000002095 _____ () C:\Users\channeal\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-16 11:08

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-09-2017
Ran by channeal (19-09-2017 23:44:50)
Running from C:\Users\channeal\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2017-02-05 18:24:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2559438547-1515831249-1651957702-500 - Administrator - Disabled)
channeal (S-1-5-21-2559438547-1515831249-1651957702-1000 - Administrator - Enabled) => C:\Users\channeal
Guest (S-1-5-21-2559438547-1515831249-1651957702-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2559438547-1515831249-1651957702-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA476373-DAE7-4E51-957A-F43F01D9FACD}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.1.5.0 - Auslogics Labs Pty Ltd)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
BlackBox ISO Burner v2.0 (HKLM\...\BlackBox ISO Burner v2.0) (Version:  - )
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited)
Dell C1765 Color MFP (HKLM\...\{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.) Hidden
Dell C1765 Color MFP (HKLM\...\InstallShield_{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Fotor 2.0.3 (HKLM\...\Fotor) (Version: 2.0.3 - Everimaging Co., Ltd.)
Ghostery (HKLM\...\Ghostery) (Version:  - Ghostery Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Greeting Card Factory Deluxe 8.0 (HKLM\...\{30A4DD1D-FD55-4CE4-BA01-758E00BC0228}) (Version: 8.0.2.1 - Nova Development)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{5D7E7C4A-FA18-4A83-8FBC-D31B115306B2}) (Version: 12.7.0.166 - Apple Inc.)
Macrium Reflect Free Edition (HKLM\...\{94572F25-AB01-4EF7-A1FB-60A35C984F4F}) (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Media Go (HKLM\...\{60CDD65B-61AD-4BE4-BEA8-BB2D15534D4B}) (Version: 3.2.191 - Sony)
Media Go Video Playback Engine 2.20.109.05220 (HKLM\...\{B48AA269-C017-875E-AE23-CE1DCEE07626}) (Version: 2.20.109.05220 - Sony)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 55.0.3 (x86 en-GB)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Mozilla Thunderbird 52.3.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 52.3.0 (x86 en-GB)) (Version: 52.3.0 - Mozilla)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
Nuance PaperPort 14 (HKLM\...\{08BCE67B-6305-4D8A-B749-F381E7E3DDA2}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera Stable 47.0.2631.55 (HKLM\...\Opera 47.0.2631.55) (Version: 47.0.2631.55 - Opera Software)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PCWinISOBurn (HKLM\...\{FB41FAC0-C8B4-4E24-B657-141E55862F78}) (Version: 1.3.0.0 - )
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.152 - Trusteer) Hidden
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Scansoft PDF Professional (HKLM\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)
Switch Sound File Converter (HKLM\...\Switch) (Version: 5.12 - NCH Software)
TomTom Sports Connect (HKLM\...\TomTom Sports Connect) (Version: 3.2.9.0 - TomTom International B.V.)
Touro Cloud Backup (HKLM\...\Touro Cloud Backup) (Version: 4.0.0 - Touro Cloud Backup)
TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1804.152 - Trusteer)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.31 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Xperia Companion (HKLM\...\{058506CE-4E1C-4087-878E-61D8B5F8F47A}) (Version: 1.7.2.0 - Sony) Hidden
Xperia Companion (HKLM\...\{65415473-2761-4ee3-85c1-5fdf086444c6}) (Version: 1.7.2.0 - Sony)
Xperia Companion Service (HKLM\...\{86C9336F-6376-4E86-A09A-EA7177DEC3D5}) (Version: 1.7.2.0 - Sony) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-09-15] (AVAST Software)
ShellIconOverlayIdentifiers: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
ShellIconOverlayIdentifiers: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
ShellIconOverlayIdentifiers: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
ShellIconOverlayIdentifiers: [04MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-09-15] (AVAST Software)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files\MagicISO\misosh.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [MemopalShell] -> {723F4F64-AB80-46AF-9FF3-09D8C46C0746} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-09-15] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files\MagicISO\misosh.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4: [MemopalShell] -> {723F4F64-AB80-46AF-9FF3-09D8C46C0746} => C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll [2014-10-24] ()
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-09-15] (AVAST Software)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files\MagicISO\misosh.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B63437C-2EF7-4276-8277-63382BBA82D6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {13F404AB-6ECA-4121-B03F-6D88DF729B14} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {1CFBF877-12D8-40F9-A859-C88C5272141E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-15] (AVAST Software)
Task: {5D5CCD43-BF1B-46C5-BD61-78498CDC5CFA} - System32\Tasks\{97ABC276-820A-4943-AA4D-A5754260C008} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {6335A02C-38B4-43A3-B335-1986DD12B5AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-05] (Google Inc.)
Task: {94964AC4-A6DF-4A8F-A107-1E69CB654378} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {94A85635-2691-4137-8AC4-A0329848A3CE} - System32\Tasks\Opera scheduled Autoupdate 1488032057 => C:\Program Files\Opera\launcher.exe [2017-08-14] (Opera Software)
Task: {AFF34689-5A44-4734-BE3E-643DD76AA4D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {C499EAD7-B44D-4391-B4C5-C966E56A71A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {F01AB67C-B66E-466D-A07B-8ADD70A06BF6} - System32\Tasks\{A2F08BBD-394A-4449-B8A8-3C0580409A9F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Maxthon5\Bin\Mx3Uninstall.exe"
Task: {F8E00B1C-4393-4253-A05B-974A3F636CA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-05] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\channeal\Favorites\Fotor for desktop.lnk -> hxxp://www.fotor.com/windows/review.htm
Shortcut: C:\Users\channeal\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-09-15 23:35 - 2017-09-15 23:35 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-09-15 23:35 - 2017-09-15 23:35 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-09-15 23:36 - 2017-09-15 23:36 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-09-15 23:36 - 2017-09-15 23:36 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-15 23:36 - 2017-09-15 23:36 - 000149568 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-09-19 16:24 - 2017-09-19 16:24 - 005902376 _____ () C:\Program Files\AVAST Software\Avast\defs\17091904\algo.dll
2017-09-15 23:36 - 2017-09-15 23:36 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-08 11:15 - 2012-06-07 18:48 - 000019968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dltfm1zPP.dll
2017-02-08 11:17 - 2013-02-01 16:54 - 012875264 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dlthm1zRC.DLL
2017-09-01 02:49 - 2017-09-01 02:49 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-02-06 18:37 - 2013-02-06 18:37 - 000191464 _____ () C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2014-10-24 17:06 - 2014-10-24 17:06 - 001745504 _____ () C:\Program Files\Touro Cloud Backup\ShellExtension\ShellExtension1.dll
2017-02-08 11:15 - 2012-08-16 20:33 - 000041984 _____ () C:\Windows\system32\dltsm1zwia.dll
2014-10-24 17:06 - 2014-10-24 17:06 - 002370656 _____ () C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe
2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2009-10-20 11:35 - 2009-10-20 11:35 - 000144672 _____ () C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
2009-10-20 11:36 - 2009-10-20 11:36 - 000086304 _____ () C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\AddressBookCore.dll
2009-10-20 11:13 - 2009-10-20 11:13 - 000147456 _____ () C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll
2017-07-11 17:00 - 2017-07-11 17:00 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-09-15 23:34 - 2017-09-15 23:34 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-03-01 02:20 - 2014-03-01 02:20 - 000002560 _____ () C:\Windows\CTXFIRES.DLL
2017-09-11 14:47 - 2017-09-11 14:47 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2017-09-11 14:47 - 2017-09-11 14:47 - 000080184 _____ () C:\Program Files\iTunes\zlib1.dll
2014-10-24 17:06 - 2014-10-24 17:06 - 002063968 _____ () C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe
2014-10-24 14:27 - 2014-10-24 14:27 - 000964096 _____ () C:\Program Files\Touro Cloud Backup\NativeControls7.dll
2014-10-24 17:01 - 2014-10-24 17:01 - 001827328 _____ () C:\Program Files\Touro Cloud Backup\OnlineBackupFacade.dll
2017-09-15 23:35 - 2017-09-15 23:35 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-09-15 23:35 - 2017-09-15 23:35 - 000241448 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2017-02-05 21:18 - 2009-03-26 15:46 - 000148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2017-05-22 18:10 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\channeal\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6A316F54-A462-497C-854E-320040254714}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8623E712-26D6-4B66-A9BD-BCE472267DEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{53B2E896-6F70-44A9-B389-03EDCE450C61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0A7752C-5BE3-4370-A1D4-8B76C80905A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1A778C12-1689-4794-8D78-6C94C9AD3BCF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{4AEA1AFD-5D2A-4024-A325-626E3717CDFC}] => (Allow) C:\Program Files\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{EDC5BD1B-A41C-49A1-9248-7B8D9D7A8DA2}] => (Allow) C:\Program Files\Opera\46.0.2597.57\opera.exe
FirewallRules: [{6F73EBE6-8D3C-4502-93B9-455C0DF00EC2}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{B4F5D869-8772-4EF7-B8BD-C312F222B969}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{2F4188C5-2B90-4063-B3EF-B6421315A21D}] => (Allow) C:\Program Files\Opera\47.0.2631.55\opera.exe
FirewallRules: [{7A2C6FB2-5D93-4D72-97E1-47C0315F9A2B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{49A022DB-8F39-4E2B-98B4-5425A1786DAD}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

16-09-2017 00:49:22 Windows Update
16-09-2017 23:32:05 Windows Update
18-09-2017 22:41:21 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2017 09:46:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\channeal\Downloads\WMIDiag.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2017 09:46:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 17.9.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 550

Start Time: 01d331237a37134d

Termination Time: 16

Application Path: C:\Users\channeal\Downloads\FRST.exe

Report Id: d92d4cfa-9d16-11e7-bb80-00137216c65c

Error: (09/18/2017 10:49:41 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x8000ffff.

Error: (09/16/2017 11:57:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15164

Error: (09/16/2017 11:57:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15164

Error: (09/16/2017 11:57:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/16/2017 11:57:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13385

Error: (09/16/2017 11:57:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13385

Error: (09/16/2017 11:57:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/16/2017 11:57:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12231


System errors:
=============
Error: (09/19/2017 11:30:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {4B635ECB-0887-4015-8CA6-D621362F98D1} did not register with DCOM within the required timeout.

Error: (09/19/2017 09:30:16 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (09/18/2017 10:46:46 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (09/16/2017 10:27:18 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (08/16/2017 09:28:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 09:27:08 on ‎16/‎08/‎2017 was unexpected.

Error: (08/10/2017 10:06:19 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (08/09/2017 07:22:55 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (08/08/2017 02:26:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/08/2017 02:26:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

Error: (08/08/2017 02:26:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.20GHz
Percentage of memory in use: 51%
Total physical RAM: 3582.16 MB
Available physical RAM: 1740.57 MB
Total Virtual: 7162.65 MB
Available Virtual: 5365.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.01 GB) (Free:98.78 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Cloned Files) (Fixed) (Total:65.76 GB) (Free:35.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:400 GB) (Free:275.14 GB) NTFS
Drive k: (TOURO Mobile) (Fixed) (Total:931.51 GB) (Free:773.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 3758CD02)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 092D3660)
Partition 1: (Active) - (Size=65.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=400 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B873C38B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Channeal, 19 September 2017 - 05:00 PM.

  • 0

Advertisements

#2
zep516
Posted 19 September 2017 - 10:17 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

A few items to fix, just left overs.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" <not found>
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#3
Channeal
Posted 20 September 2017 - 12:34 PM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Hello zep516. Many thanks for endeavouring to help me.

 

I have had such big trouble running the fixlist. :( For some strange reason, when I tried to run it I got the same message I was getting at first yesterday, the one about not having the appropriate permissions. I have probably spent around three hours trying to do it! In the end, I deleted everything connected with FRST and tried to download it again. Even then, it took several attempts...... but I did eventually succeed, so am really hoping that the following will show that everything has been completed as necessary.

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-09-2017
Ran by channeal (20-09-2017 19:02:08) Run:1
Running from C:\Users\channeal\Desktop
Loaded Profiles: channeal (Available Profiles: channeal)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" <not found>
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009 => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ihenkjeihefokohmemphikjnjbmegdik => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\ChromeHTML => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628} => key removed successfully.
HKU\S-1-5-21-2559438547-1515831249-1651957702-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628} => key removed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => key removed successfully.
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully.
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully.
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{C8D58A05-32EC-45DE-9E8F-0F7667B428DC} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59157061 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 394165904 B
Edge => 0 B
Chrome => 227717230 B
Firefox => 199906257 B
Opera => 46601690 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
LocalService => 70235 B
NetworkService => 66868 B
channeal => 286032057 B

RecycleBin => 57485 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:05:41 ====


  • 0

#4
zep516
Posted 20 September 2017 - 03:18 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Lets scan for any adware,

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#5
Channeal
Posted 21 September 2017 - 03:52 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Hello,

 

Results of the AdwCleaner scan are below. I wasn't sure why it was warning me of a PUP in relation to Auslogics which I have used for many years to defrag the computer. Is there a problem with it? I let AdwCleaner delete it anyway; I guess I can always download it again if I need it.

 

Is it okay to download CCleaner again, or do you guys no longer recommend using it? I have CCleaner on my laptop too, but because I have been away for a month the offending download was missed out altogether.

 

Thank you for your help.

 

 

 

 

 

# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 21 09:03:04 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\channeal\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Yahoo! Companion
Deleted: C:\ProgramData\Application Data\Yahoo! Companion
Deleted: C:\Users\All Users\Yahoo! Companion
Deleted: C:\Users\channeal\AppData\LocalLow\Yahoo! Companion
Deleted: C:\Program Files\Yahoo!\Companion
Deleted: C:\Users\channeal\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Users\channeal\AppData\Roaming\Yahoo!\Companion
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Deleted: C:\ProgramData\Auslogics
Deleted: C:\ProgramData\Application Data\Auslogics
Deleted: C:\Program Files\Auslogics
Deleted: C:\Users\All Users\Auslogics


***** [ Files ] *****

Deleted: C:\Program Files\Yahoo!\Common\unyt.exe
Deleted: C:\Users\channeal\Desktop\Auslogics Disk Defrag.lnk


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2559438547-1515831249-1651957702-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Deleted: [Key] - HKLM\SOFTWARE\Auslogics


***** [ Firefox (and derivatives) ] *****

Plugin deleted: Yahoo Toolbar and New Tab - Yahoo


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [8143 B] - [2017/9/21 9:0:54]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


  • 0

#6
zep516
Posted 21 September 2017 - 07:05 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

I don't recommend any 3ed party tools for windows except an anti virus.


How is the computer doing ?

Thanks
Joe :)
  • 0

#7
Channeal
Posted 21 September 2017 - 11:20 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Hello again,

 

 

 

I don't recommend any 3ed party tools for windows except an anti virus.

 

Okay, thanks. I'll try to get along without them! :)

 

 

 

How is the computer doing ?

 

Everything seems to be fine with it as far as I can tell. Tbh though, I never really noticed any problems with it in the first place; it was only that I read about the problem with the CCleaner update and thought I should investigate.

 

 

Thanks again for your help.

 

Chris.


  • 0

#8
zep516
Posted 21 September 2017 - 03:24 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
You're welcome Chris everything looks good :)


We need to remove the tools we used and then close the topic.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#9
Channeal
Posted 22 September 2017 - 11:44 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Hello again,

 

Ran DelFix as suggested. It deleted some other stuff that has been on here since previous visits to GTG as well. :)

 

# DelFix v1.010 - Logfile created 22/09/2017 at 18:34:47
# Updated 26/04/2015 by Xplode
# Username : channeal - NEAL1-DELL
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\channeal\Desktop\mbar
Deleted : C:\Users\channeal\Desktop\Addition.txt
Deleted : C:\Users\channeal\Desktop\adwcleaner_7.0.2.1.exe
Deleted : C:\Users\channeal\Desktop\Fixlog.txt
Deleted : C:\Users\channeal\Desktop\FRST.exe
Deleted : C:\Users\channeal\Desktop\FRST.txt
Deleted : C:\Users\channeal\Desktop\TFC.exe
Deleted : C:\Users\channeal\Downloads\JRT.exe
Deleted : C:\Users\channeal\Downloads\MiniToolBox.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Cleaning system restore ...

Deleted : RP #77 [Windows Update | 09/16/2017 22:32:05]
Deleted : RP #78 [Restore Operation | 09/18/2017 21:41:21]
Deleted : RP #79 [Windows Update | 09/19/2017 23:02:56]
Deleted : RP #80 [Installed Rapport | 09/20/2017 17:26:24]
Deleted : RP #81 [Restore Point Created by FRST | 09/20/2017 18:02:12]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#10
zep516
Posted 22 September 2017 - 03:52 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

You can re-download TFC that was on the desktop.
http://oldtimer.geekstogo.com/TFC.exe

Also Ccleaner should be safe to re- download

Thanks
Joe :)
  • 0

#11
Channeal
Posted 23 September 2017 - 07:04 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Thanks very much, Joe. Am very pleased to have got this sorted! :thumbsup:

 

Chris.


  • 0

#12
zep516
Posted 23 September 2017 - 01:35 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
I see no signs of malware on your computer, and feel satisfied that our work here is done.


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP