1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved antivirus disabled

Discussion in 'Virus & Other Malware Removal' started by damselletoo, Jan 6, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. damselletoo

    damselletoo Thread Starter

    Joined:
    Jul 13, 2013
    Messages:
    32
    Hi, about one month ago i was searching websites on my laptop and must have hit a virus. one webstite seemed dicey and I got out as fast as I could, but the damage must have been done. the next time I logged in, I had trouble connecting to the internet and my avast pro antivirus seems to be disabled: i'm not able to run it no matter how I try to access it.

    today, I was able to get online, but still can't run antivirus.

    here's my sysinfo utility info:

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD Turion(tm) II P540 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
    Processor Count: 2
    RAM: 3834 Mb
    Graphics Card: ATI Mobility Radeon HD 4200 Series, 256 Mb
    Hard Drives: C: 454 GB (243 GB Free);
    Motherboard: AMD Corp., Guam
    Antivirus: Avast Antivirus, Enabled
     
  2. damselletoo

    damselletoo Thread Starter

    Joined:
    Jul 13, 2013
    Messages:
    32
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hello damselletoo and welcome to TSG,

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

    Be aware FRST must be run from an account with Administrator status...

    • Double-click to run it. When the tool opens click Yes to disclaimer.
      (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
    • Make sure Addition.txt is checkmarked under "Optional scans"
    • Press Scan button to run the tool....
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

    Thank you,

    Kevin...
     
  4. damselletoo

    damselletoo Thread Starter

    Joined:
    Jul 13, 2013
    Messages:
    32
    Hi Kevin,

    Thanks! here's the logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
    Ran by Owner (administrator) on OWNER-PC (12-01-2018 16:50:08)
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\instup.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.667\SSScheduler.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-22] (AVAST Software)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2725400 2015-02-05] (Sony Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\Policies\Explorer: [NoLogOff] 0
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\MountPoints2: {6c1a9492-6849-11e1-afe0-60eb690cb8fa} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\MountPoints2: {b16d0367-d191-11e1-ae29-60eb690cb8fa} - E:\WIN\setup.exe
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\MountPoints2: {ceedc4a2-a5f8-11e3-90dc-60eb690cb8fa} - E:\win\setup.exe -phs
    AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-01-12]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.667\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-10-29]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-10-29]
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    GroupPolicy\User: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.128.1
    Tcpip\..\Interfaces\{115CF329-2EDF-47AB-9005-978915F301FA}: [DhcpNameServer] 168.94.0.15 168.94.0.14
    Tcpip\..\Interfaces\{4147D397-D8A8-4536-8FA1-21685E7B9C5F}: [DhcpNameServer] 192.168.128.1
    Tcpip\..\Interfaces\{5CED88F3-32AE-4AA6-8A57-EB078A6886B0}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    SearchScopes: HKLM -> DefaultScope {BBE22A20-3519-49DE-AD43-217D6D1FB647} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {BBE22A20-3519-49DE-AD43-217D6D1FB647} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> {648C34DF-FDA4-4030-A145-180FBC8D5E91} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    SearchScopes: HKU\S-1-5-21-3203867040-3475878047-3988116120-1000 -> {648C34DF-FDA4-4030-A145-180FBC8D5E91} URL =
    SearchScopes: HKU\S-1-5-21-3203867040-3475878047-3988116120-1000 -> {BBE22A20-3519-49DE-AD43-217D6D1FB647} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-22] (AVAST Software)
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-22] (AVAST Software)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\58klywq8.default [2018-01-12]
    FF Homepage: Mozilla\Firefox\Profiles\58klywq8.default -> hxxp://www.bing.com/
    FF NetworkProxy: Mozilla\Firefox\Profiles\58klywq8.default -> no_proxies_on", "localhost,127.0.0.1"
    FF Extension: (Disable JavaScript Shared Memory) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\58klywq8.default\features\{38fc3634-5c34-451c-8097-6477d235a55d}\[email protected] [2018-01-12] [Legacy]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\58klywq8.default\searchplugins\bing-.xml [2014-02-26]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-11-22]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-11-22]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-18] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-18] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-18] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3203867040-3475878047-3988116120-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-19] (Citrix Online)
    FF Plugin HKU\S-1-5-21-3203867040-3475878047-3988116120-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-02] (Zoom Video Communications, Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-01-06]
    CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-24]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-24]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-25]
    CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-18]
    CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-24]
    CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-18]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-25]
    CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-18]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-22] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-22] (AVAST Software)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe [404376 2018-01-05] (McAfee, Inc.)
    R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation)
    R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-22] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [189768 2017-04-22] (AVAST Software s.r.o.)
    R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334088 2017-04-22] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [48528 2017-04-22] (AVAST Software s.r.o.)
    S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-04-22] (AVAST Software)
    R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32600 2017-04-22] (AVAST Software)
    R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [128648 2017-04-28] (AVAST Software)
    R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [101152 2017-04-22] (AVAST Software)
    R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [75704 2017-04-22] (AVAST Software)
    R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1005048 2017-04-22] (AVAST Software)
    R1 aswSP; C:\windows\system32\drivers\aswSP.sys [556784 2017-04-28] (AVAST Software)
    R2 aswStm; C:\windows\system32\drivers\aswStm.sys [164064 2017-04-22] (AVAST Software)
    R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [339696 2017-04-22] (AVAST Software)
    S3 swmsflt; C:\windows\System32\DRIVERS\swmsflt.sys [47104 2009-10-20] ()
    S3 SWNC5E00; C:\windows\System32\DRIVERS\SWNC5E00.sys [285696 2009-08-04] (Sierra Wireless Inc.)
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-12 16:50 - 2018-01-12 16:51 - 000020063 _____ C:\Users\Owner\Desktop\FRST.txt
    2018-01-12 16:49 - 2018-01-12 16:50 - 000000000 ____D C:\FRST
    2018-01-12 16:48 - 2018-01-12 16:48 - 002393088 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2018-01-12 16:46 - 2018-01-12 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2018-01-12 16:46 - 2018-01-12 16:46 - 000000000 ____D C:\ProgramData\McAfee Security Scan
    2018-01-12 16:41 - 2018-01-12 16:41 - 000000000 ____D C:\ProgramData\SWCUTemp
    2018-01-06 12:53 - 2018-01-06 12:53 - 000000000 ____D C:\Program Files\Common Files\avast software
    2018-01-06 12:52 - 2018-01-06 12:53 - 000748192 _____ (TechGuy, Inc.) C:\Users\Owner\Desktop\SysInfo.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-12 16:51 - 2012-04-06 06:56 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2018-01-12 16:51 - 2012-04-06 06:56 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2018-01-12 16:51 - 2012-04-06 06:56 - 000000000 ____D C:\windows\system32\Macromed
    2018-01-12 16:51 - 2011-11-18 11:19 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2018-01-12 16:51 - 2010-07-18 20:28 - 000000000 ____D C:\windows\SysWOW64\Macromed
    2018-01-12 16:47 - 2017-04-22 09:53 - 000004172 _____ C:\windows\System32\Tasks\Avast Emergency Update
    2018-01-12 16:47 - 2014-11-26 19:09 - 000000534 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3203867040-3475878047-3988116120-1000.job
    2018-01-12 16:47 - 2009-07-14 00:13 - 000786662 _____ C:\windows\system32\PerfStringBackup.INI
    2018-01-12 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
    2018-01-12 16:46 - 2017-10-01 06:37 - 000001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2018-01-12 16:46 - 2017-08-13 07:38 - 000000000 ____D C:\Program Files\McAfee Security Scan
    2018-01-12 16:44 - 2016-11-25 09:44 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
    2018-01-12 16:44 - 2012-04-26 17:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-01-12 16:43 - 2016-11-18 09:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-01-12 16:39 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
    2018-01-06 12:53 - 2015-12-06 14:01 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
    2018-01-06 12:51 - 2016-02-13 03:59 - 000003892 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1455353963
    2018-01-06 12:46 - 2009-07-13 23:45 - 000015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-01-06 12:46 - 2009-07-13 23:45 - 000015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-01-06 12:39 - 2015-11-30 19:48 - 000000630 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-3203867040-3475878047-3988116120-1000.job

    ==================== Files in the root of some directories =======

    2014-07-23 14:00 - 2014-07-23 14:00 - 050063360 _____ () C:\Program Files (x86)\GUT8768.tmp
    2013-03-26 12:26 - 2014-04-13 18:48 - 000000093 _____ () C:\Users\Owner\AppData\Roaming\ARCompanion.log

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\SysWOW64\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-11-19 00:38

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
    Ran by Owner (12-01-2018 16:51:51)
    Running from C:\Users\Owner\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-10-29 20:15:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3203867040-3475878047-3988116120-500 - Administrator - Disabled)
    Guest (S-1-5-21-3203867040-3475878047-3988116120-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3203867040-3475878047-3988116120-1002 - Limited - Enabled)
    Owner (S-1-5-21-3203867040-3475878047-3988116120-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
    Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    ArcSoft MediaImpression 2 (HKLM-x32\...\{9EA7046A-5C45-426F-AC58-C85872351626}) (Version: 2.0.47.514 - ArcSoft)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
    ATI Catalyst Install Manager (HKLM\...\{5792CD64-61B4-C448-0D22-3C51DD73AB2A}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
    Avast Pro Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
    Best Buy pc app (HKLM\...\{FBBC4667-2521-4E78-B1BD-8706F774549B}) (Version: 3.0.0.0 - Best Buy) Hidden
    Blue Iris (HKLM-x32\...\{B8087CCE-B735-4485-BA45-08929FCCB101}) (Version: 2.49.09 - Perspective Software) Hidden
    Blue Iris (HKLM-x32\...\InstallShield_{B8087CCE-B735-4485-BA45-08929FCCB101}) (Version: 2.49.09 - Perspective Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    ccc-core-static (HKLM-x32\...\{219B4856-468A-F0BB-8249-E630AD4E86C2}) (Version: 2010.0315.1050.17562 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
    File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.1.24.0 - ) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 8.17.0.7943 (HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\GoToMeeting) (Version: 8.17.0.7943 - LogMeIn, Inc.)
    iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
    IP Camera (HKLM-x32\...\IP Camera) (Version: - )
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    [email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.667.1 - McAfee, Inc.)
    MergeModule_x64 (HKLM\...\{3D576235-F0CE-4B50-A9C6-0775B9E50B63}) (Version: 9.1.00 - Sony Corporation) Hidden
    MergeModule_x86 (HKLM-x32\...\{306CBA87-E890-4FBB-9AB8-E65C96D352B2}) (Version: 9.1.00 - Sony Corporation) Hidden
    Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Moyea FLV Player version 1.6.2.2 (HKLM-x32\...\{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1) (Version: - )
    Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PMB_ModeEditor (HKLM-x32\...\{19FEBF46-AE2C-45C7-BF9F-E254A4B3E717}) (Version: 9.1.00 - Sony Corporation) Hidden
    PMB_ServiceUploader (HKLM-x32\...\{8E5861CA-9B65-488B-972E-405AD03EBC7C}) (Version: 9.2.00 - Sony Corporation) Hidden
    Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
    SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
    Sierra Wireless USB MUX Driver Package (HKLM-x32\...\{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}) (Version: 0.56 - Sierra Wireless)
    SOHLib for PlayMemories Home (HKLM\...\{F07F9109-D141-4E88-BFF5-0206D61994F5}) (Version: 1.0.3.02170 - Sony Corporation) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.2.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Zoom (HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3203867040-3475878047-3988116120-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll => No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-22] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-22] (AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-22] (AVAST Software)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-11-30] (Apple Inc.)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-22] (AVAST Software)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2010-03-15] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-22] (AVAST Software)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01893E32-25BE-4760-918F-92F60F74255B} - System32\Tasks\G2MUploadTask-S-1-5-21-3203867040-3475878047-3988116120-1000 => C:\Users\Owner\AppData\Local\GoToMeeting\7943\g2mupload.exe [2017-11-18] (LogMeIn, Inc.)
    Task: {170CB1D9-EE6D-4451-8580-9F2BDF654977} - System32\Tasks\G2MUpdateTask-S-1-5-21-3203867040-3475878047-3988116120-1000 => C:\Users\Owner\AppData\Local\GoToMeeting\7943\g2mupdate.exe [2017-11-18] (LogMeIn, Inc.)
    Task: {1B795F07-9ED8-44DB-B4B9-8A61BD6278C8} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
    Task: {3ACA4470-ADB3-4FA7-AD4A-C76DF8FB3B7A} - \ProgramUpdateCheck -> No File <==== ATTENTION
    Task: {4DF0491D-AA1E-4D67-958D-71DDDDB309C9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-12] (Adobe Systems Incorporated)
    Task: {680193B2-7BE2-4C51-B729-A0EF0F155C78} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-06] (AVAST Software)
    Task: {6C69C792-B197-4D60-95DD-FABF6754CD31} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-08-04] (AVAST Software)
    Task: {808E70F0-EC33-4E5B-ABD4-714243DDEA24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
    Task: {93622B59-B243-462D-8E76-98EF740D5BF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
    Task: {B9A3D266-43DE-4AA4-BA78-5D41D8D3E163} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
    Task: {BBBBBABF-3FC7-41CE-9386-E7603A63D7A8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-22] (AVAST Software)
    Task: {C9C3A7AE-A915-4CC3-95C0-59B585630A11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
    Task: {F1CC68CA-A715-43E7-AA75-4AE83AFA1FB5} - System32\Tasks\SafeZone scheduled Autoupdate 1455353963 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
    Task: {FD786534-6EF9-4464-B58B-81CAA44B998E} - \ProgramRefresh-ATFST -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3203867040-3475878047-3988116120-1000.job => C:\Users\Owner\AppData\Local\GoToMeeting\7943\g2mupdate.exe
    Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-3203867040-3475878047-3988116120-1000.job => C:\Users\Owner\AppData\Local\GoToMeeting\7943\g2mupload.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2015-02-13 03:20 - 2015-02-13 03:20 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 04:45 - 2015-10-13 04:45 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-03-03 16:15 - 2010-03-03 16:15 - 008762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    2009-11-03 15:26 - 2009-11-03 15:26 - 000053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    2010-03-03 16:15 - 2010-03-03 16:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
    2010-03-03 16:15 - 2010-03-03 16:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
    2010-07-18 20:25 - 2009-06-22 17:40 - 000022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
    2009-03-12 21:08 - 2009-03-12 21:08 - 000048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
    2009-07-25 19:38 - 2009-07-25 19:38 - 000017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    2017-04-22 09:52 - 2017-04-22 09:52 - 000162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
    2017-04-22 09:52 - 2017-04-22 09:52 - 000790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
    2017-04-22 09:52 - 2017-04-22 09:52 - 000275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
    2017-04-22 09:52 - 2017-04-22 09:52 - 000170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-04-22 09:52 - 2017-04-22 09:52 - 000176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-11-22 12:08 - 2017-11-22 12:08 - 005882432 _____ () C:\Program Files\AVAST Software\Avast\defs\17112202\algo.dll
    2017-04-22 09:52 - 2017-04-22 09:52 - 000653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2017-04-22 09:52 - 2017-04-22 09:52 - 000230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2015-10-13 04:46 - 2015-10-13 04:46 - 001040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 04:45 - 2015-10-13 04:45 - 000237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2017-01-02 09:43 - 2017-01-02 09:43 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-04-22 09:52 - 2017-04-22 09:52 - 000293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2018-01-12 16:46 - 000000859 _____ C:\windows\system32\Drivers\etc\hosts

    0.0.0.1 mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\ArcSoft\PhotoViewer\1. 0. 0\PV_SetWallPaper.bmp
    DNS Servers: 192.168.128.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: Best Buy pc app => C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
    MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{1B026C5D-4290-4E26-8006-2A3028479D1E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{D60CD28C-972F-440C-9C6C-41AD37A31A2F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{CE81497B-A0F9-4989-A77D-9B6D6B228B69}] => (Allow) svchost.exe
    FirewallRules: [{36E69095-CA5A-4207-9234-CC70AA401C25}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [TCP Query User{F3F36021-7ADA-4486-AD8E-C5F95FDADC2C}C:\program files (x86)\blue iris\blueiris.exe] => (Allow) C:\program files (x86)\blue iris\blueiris.exe
    FirewallRules: [UDP Query User{EE7CFD5B-E0B5-4F99-B688-B4F4B3330747}C:\program files (x86)\blue iris\blueiris.exe] => (Allow) C:\program files (x86)\blue iris\blueiris.exe
    FirewallRules: [{A433423E-5C3F-4665-B568-423887E60389}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{627FBEB6-F241-469B-B0C9-FB501F80C4B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [TCP Query User{31713A95-EA72-4C26-8802-0149F8B66C85}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
    FirewallRules: [UDP Query User{AF280127-FD96-4609-B21D-A0F933E85A28}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
    FirewallRules: [{99DAFA0F-F1C7-440D-A473-0C921225026E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D6272D18-8E19-4E6F-8A36-015490E664BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B7ED78DD-4F49-449F-82D8-1E6DBD1801D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C798B8F8-F497-4A5E-9C3D-FC20CA4B66FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{19761992-56B9-4DE2-A3F8-9E8FED3193BB}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{A08CAB63-BDD1-4F10-92FF-4942AA12A9A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5872230E-0E16-44C4-9B3D-B639841E125B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1826179B-2B57-4344-8500-18F941500D3B}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    FirewallRules: [{E5625CC8-E33F-49FE-9C44-538A989351B9}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    FirewallRules: [{74A66349-BB12-484D-9A32-86D926452962}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    FirewallRules: [{02B99215-87EA-4157-B110-60FDAEF2C2CD}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
    FirewallRules: [{BC8E0E96-BEF9-4E88-9317-2F7FF78C864D}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
    FirewallRules: [TCP Query User{3F665402-7B2B-4E32-8FDB-7E72912BEA26}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{2A07059B-E08F-49AA-9137-EE9AE9235A9F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{A2F7771A-A6D2-433B-A443-3A98BDA541EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{290C8CC5-997E-4F80-BCC1-99E27E1F1824}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{5855255F-2BF4-4068-846D-7F28248B4FC5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{49663F07-F983-44EF-B144-4ED1602BC8E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{A9AEBF06-60BD-435C-A302-8EEDA302AB00}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{C578037E-9C12-4A96-A7B3-830A3755E98F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C2120A32-57F9-4B7B-8609-382CF2ED3320}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EC9A4448-54A6-49D3-82DE-CCD72B6D728E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
    FirewallRules: [{FEE51F24-588B-494F-BAA4-0D425CFA9C63}] => (Allow) C:\Users\Owner\AppData\Roaming\Zoom\bin\Zoom.exe
    FirewallRules: [{BE4D3452-07A3-414C-8CAE-749BA867E3A0}] => (Allow) C:\Users\Owner\AppData\Roaming\Zoom\bin\airhost.exe
    FirewallRules: [{2F52173F-42EE-4778-A9ED-D0AD9783FFF9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{CE9A5B76-9564-45B0-A42C-3B4D5A6C7AD6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe

    ==================== Restore Points =========================

    17-02-2017 08:41:53 Scheduled Checkpoint
    25-02-2017 03:00:26 Windows Update
    10-03-2017 14:13:57 Scheduled Checkpoint
    19-03-2017 14:27:55 Windows Update
    25-03-2017 07:19:50 Windows Update
    26-03-2017 02:00:19 Windows Update
    01-04-2017 16:31:07 Windows Update
    09-04-2017 14:05:59 Scheduled Checkpoint
    15-04-2017 02:01:05 Windows Update
    22-04-2017 23:00:21 Scheduled Checkpoint
    05-05-2017 11:13:44 Scheduled Checkpoint
    10-05-2017 18:46:18 Windows Update
    12-05-2017 06:09:01 Windows Update
    12-05-2017 07:46:50 Windows Update
    27-05-2017 02:00:29 Windows Update
    04-06-2017 10:51:29 Scheduled Checkpoint
    18-06-2017 02:01:19 Windows Update
    25-06-2017 02:00:29 Windows Update
    02-07-2017 12:04:48 Scheduled Checkpoint
    15-07-2017 07:42:11 Scheduled Checkpoint
    16-07-2017 02:00:38 Windows Update
    16-07-2017 15:39:57 Windows Update
    30-07-2017 07:25:42 Scheduled Checkpoint
    04-08-2017 18:02:57 Windows Update
    05-08-2017 02:00:29 Windows Update
    12-08-2017 02:00:34 Windows Update
    19-08-2017 23:00:22 Scheduled Checkpoint
    27-08-2017 12:36:03 Scheduled Checkpoint
    04-09-2017 11:40:44 Scheduled Checkpoint
    13-09-2017 12:37:22 Scheduled Checkpoint
    14-09-2017 02:01:14 Windows Update
    21-09-2017 19:20:47 Scheduled Checkpoint
    29-09-2017 08:27:34 Scheduled Checkpoint
    06-10-2017 16:20:38 Scheduled Checkpoint
    15-10-2017 12:39:23 Windows Update
    22-10-2017 23:00:22 Scheduled Checkpoint
    04-11-2017 09:51:15 Scheduled Checkpoint
    18-11-2017 09:15:28 Windows Update
    18-11-2017 11:21:05 Windows Update
    19-11-2017 03:00:27 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/18/2017 08:39:00 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/05/2017 04:04:42 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/04/2017 08:28:19 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/27/2017 07:26:17 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/23/2017 02:35:28 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/22/2017 08:46:34 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/22/2017 08:45:21 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: DllHost (3404) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (10/22/2017 08:45:20 AM) (Source: ESENT) (EventID: 489) (User: )
    Description: DllHost (3404) WebCacheLocal: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (10/15/2017 10:35:11 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/10/2017 03:03:48 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (01/12/2018 04:49:07 PM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (01/12/2018 04:49:07 PM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (01/12/2018 04:45:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (01/12/2018 04:40:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The VBoxAsw Support Driver service failed to start due to the following error:
    The system cannot find the path specified.

    Error: (01/06/2018 12:49:57 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register with DCOM within the required timeout.

    Error: (01/06/2018 12:49:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The iPod Service service terminated with the following error:
    Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.

    Error: (01/06/2018 12:46:21 PM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (01/06/2018 12:46:21 PM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (01/06/2018 12:46:21 PM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (01/06/2018 12:37:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The VBoxAsw Support Driver service failed to start due to the following error:
    The system cannot find the path specified.


    ==================== Memory info ===========================

    Processor: AMD Turion(tm) II P540 Dual-Core Processor
    Percentage of memory in use: 58%
    Total physical RAM: 3834.9 MB
    Available physical RAM: 1596.34 MB
    Total Virtual: 7667.98 MB
    Available Virtual: 5372.41 MB

    ==================== Drives ================================

    Drive c: (TI105949W0C) (Fixed) (Total:454.24 GB) (Free:243.06 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D6484892)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=454.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.1 GB) - (Type=17)

    ==================== End of Addition.txt ============================

    Regards
    D
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Thanks for those logs, continue with the following:

    Uninstall the following Program, reboot when complete:

    File Type Assistant

    Next,

    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Open FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    Next,

    Download Malwarebytes version 3 from the following link:

    https://www.malwarebytes.com/mwb-download/thankyou/

    Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

    When the install completes and is updated do the following:

    Open Malwarebytes, select > "settings" > "protection tab"

    Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

    Go back to "DashBoard" select the Blue "Scan Now" tab......

    When the scan completes deal with any found entries...

    To get the log from Malwarebytes do the following:

    • Click on the Report tab > from main interface.
    • Double click on the Scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have two options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

    • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

    Next,

    Download AdwCleaner by Malwarebytes onto your Desktop.

    Or from this Mirror

    • Right-click on AdwCleaner.exe and select [​IMG]Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

    Next,

    Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

    Ensure to get the correct version for your system....

    https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


    Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.


    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\mrt.log

    The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

    Let me see tose logs in your reply, also tell me if there are any remaining issues or concerns....

    Thank you,

    Kevin...
     

    Attached Files:

  6. damselletoo

    damselletoo Thread Starter

    Joined:
    Jul 13, 2013
    Messages:
    32
    I'm getting an error message when trying to uninstall file type assistant: "An error occured when trying to uninstall file type assistant. it may have already been uninstalled. would you like to remove file type assistant from programs and features list?"

    should I continue with fixes? or remove program another way?
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Use the following to uninstall it...

    Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

    Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

    Run the tool, the main GUI will populate with installed programs list,

    Left click on File Type Assistant to highlight that entry.

    Select Action from the Menu bar, then Uninstall from there follow the prompts.

    If Uninstall fails open the "Action" menu one more time and use "Force Removal" option
     
  8. damselletoo

    damselletoo Thread Starter

    Joined:
    Jul 13, 2013
    Messages:
    32
    Here's the Fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 13.01.2018 01
    Ran by Owner (14-01-2018 10:58:51) Run:1
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\Policies\Explorer: [NoLogOff] 0
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\MountPoints2: {6c1a9492-6849-11e1-afe0-60eb690cb8fa} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\MountPoints2: {b16d0367-d191-11e1-ae29-60eb690cb8fa} - E:\WIN\setup.exe
    HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\...\MountPoints2: {ceedc4a2-a5f8-11e3-90dc-60eb690cb8fa} - E:\win\setup.exe -phs
    AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => No File
    GroupPolicy\User: Restriction <==== ATTENTION
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    2014-07-23 14:00 - 2014-07-23 14:00 - 050063360 _____ () C:\Program Files (x86)\GUT8768.tmp
    Task: {3ACA4470-ADB3-4FA7-AD4A-C76DF8FB3B7A} - \ProgramUpdateCheck -> No File <==== ATTENTION
    Task: {FD786534-6EF9-4464-B58B-81CAA44B998E} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
    MSCONFIG\startupreg: Best Buy pc app => C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
    RemoveProxy:
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushDNS
    end




    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktopCleanupWizard" => removed successfully
    "HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu" => removed successfully
    "HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogOff" => removed successfully
    "HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c1a9492-6849-11e1-afe0-60eb690cb8fa}" => removed successfully
    HKLM\Software\Classes\CLSID\{6c1a9492-6849-11e1-afe0-60eb690cb8fa} => key not found
    "HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b16d0367-d191-11e1-ae29-60eb690cb8fa}" => removed successfully
    HKLM\Software\Classes\CLSID\{b16d0367-d191-11e1-ae29-60eb690cb8fa} => key not found
    "HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ceedc4a2-a5f8-11e3-90dc-60eb690cb8fa}" => removed successfully
    HKLM\Software\Classes\CLSID\{ceedc4a2-a5f8-11e3-90dc-60eb690cb8fa} => key not found
    "c:\progra~2\citrix\icacli~1\rshook.dll" => Value data removed successfully
    C:\windows\system32\GroupPolicy\User => moved successfully
    C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
    C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    HKLM\System\CurrentControlSet\Services\VBoxAswDrv => key could not remove, key could be protected
    C:\Program Files (x86)\GUT8768.tmp => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3ACA4470-ADB3-4FA7-AD4A-C76DF8FB3B7A} => could not remove key. ErrorCode1: 0x00000002
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ACA4470-ADB3-4FA7-AD4A-C76DF8FB3B7A}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD786534-6EF9-4464-B58B-81CAA44B998E}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD786534-6EF9-4464-B58B-81CAA44B998E}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Best Buy pc app" => removed successfully

    ========= RemoveProxy: =========

    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
    "HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
    "HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= ipconfig /flushDNS =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38925899 B
    Java, Flash, Steam htmlcache => 557 B
    Windows/system/drivers => 589767438 B
    Edge => 0 B
    Chrome => 190464 B
    Firefox => 70613564 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 33186 B
    systemprofile32 => 33490 B
    LocalService => 66228 B
    NetworkService => 0 B
    Owner => 25992537 B

    RecycleBin => 3898189 B
    EmptyTemp: => 703.7 MB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-01-2018 11:06:52)


    Result of scheduled keys to remove after reboot:

    HKLM\System\CurrentControlSet\Services\VBoxAswDrv => key could not remove, key could be protected

    ==== End of Fixlog 11:06:52 ====

    here's the malwarbytes report:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/14/18
    Scan Time: 11:16 AM
    Log File: 49f47a28-f946-11e7-8687-60eb690cb8fa.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.262
    Update Package Version: 1.0.3692
    License: Trial

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Owner-PC\Owner

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 280669
    Threats Detected: 8
    Threats Quarantined: 8
    Time Elapsed: 17 min, 3 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 5
    PUP.Optional.GetSavin, HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\SOFTWARE\APPDATALOW\SOFTWARE\GetSavin, Quarantined, [5347], [238718],1.0.3692
    PUP.Optional.DownloadTerms, HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\SOFTWARE\DOWNLOADTERMS, Quarantined, [6854], [237887],1.0.3692
    PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [2251], [243667],1.0.3692
    PUP.Optional.DownloadTerms, HKLM\SOFTWARE\WOW6432NODE\DOWNLOADTERMS, Quarantined, [6854], [237888],1.0.3692
    PUP.Optional.SuperOptimizer, HKU\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [2251], [243667],1.0.3692

    Registry Value: 2
    PUP.Optional.DownloadTerms, HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\SOFTWARE\DOWNLOADTERMS|AGE, Quarantined, [6854], [237887],1.0.3692
    PUP.Optional.DownloadTerms, HKLM\SOFTWARE\WOW6432NODE\DOWNLOADTERMS|AGE, Quarantined, [6854], [237888],1.0.3692

    Registry Data: 1
    PUM.Optional.DisableShowSearch, HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, Replaced, [14089], [293317],1.0.3692

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

    ADWare cleaner didn't ask to restart, but I saved the log and restarted anyway:

    # AdwCleaner 7.0.6.0 - Logfile created on Sun Jan 14 16:51:23 2018
    # Updated on 2017/21/12 by Malwarebytes
    # Database: 01-11-2018.1
    # Running on Windows 7 Home Premium (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\FileTypeAssistant
    PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant


    ***** [ Files ] *****

    PUP.Optional.Legacy, C:\Users\Owner\Desktop\SysInfo.exe


    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {19761992-56B9-4DE2-A3F8-9E8FED3193BB}
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\Software\Bitberry Software
    PUP.Optional.Legacy, [Key] - HKCU\Software\Bitberry Software
    PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3203867040-3475878047-3988116120-1000\Software\Bitberry
    PUP.Optional.Legacy, [Key] - HKCU\Software\Bitberry
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
    PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
    PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\.DEFAULT\Software\Auslogics
    PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\S-1-5-18\Software\Auslogics


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [7144 B] - [2014/7/23 14:17:13]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

    no MSRT log found....

    Having a hard time getting firefox to open. I'll ask several times with no response, then I'll get two windows.

    I'm able to open Avast now!
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    The AdwCleaner log is the results from a scan, when that completes the Clean option should be used...

    Next,

    Download BlitzBlank from here: http://www.bleepingcomputer.com/download/blitzblank/dl/108/ and save it to your desktop.

    Right click on [​IMG] Blitzblank.exe select "Run as Administrator"


    Click OK at the warning (and take note of it, this is a VERY powerful tool!).

    [​IMG]

    Click the Script tab and copy/paste the following text there:

    DeleteRegKey:
    HKLM\System\CurrentControlSet\Services\VBoxAswDrv

    [​IMG]

    Click Execute Now. An alert will ask "You are about to delete files, are you sure to proceed" Select OK to proceed

    [​IMG]

    A system reboot warning will open, it will say "Please close all running applicatons to avoid data loss" Select OK to proceed

    [​IMG]

    Your computer will need to reboot in order to do the fixes

    When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

    Next,

    Refresh Firefox....

    Click on Help from menu bar, then select Troubleshooting Information then click on the Refresh Firefox button.

    Does that make any difference to Firefox... Also for firefox go here https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ and install uBlock-Origin
     
  10. damselletoo

    damselletoo Thread Starter

    Joined:
    Jul 13, 2013
    Messages:
    32
    getting a syntax error when I try to copy and paste that command in the script section of blitzblank
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Try again with BlitzBlank, copy and paste this script..


    DeleteRegKey:
    hkey_local_machine\System\CurrentControlSet\Services\VBoxAswDrv
     
  12. damselletoo

    damselletoo Thread Starter

    Joined:
    Jul 13, 2013
    Messages:
    32
    ok, here's some weirdness... so when I started up my laptop tonight and opened up my bookmark for tech support guy and i didn't have to log in... and i haven't saved my password..

    so. sorry for the tardy response. ive been caught up in the start of the work week.

    I'm not able to find any Blitzbank report, or program in C drive... for that matter.

    Firefox is starting up better. maybe as good as can be expected, given that I only have a miserably crappy Sprint hot spot with which to connect to the internet....
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Blitzbank is normally saved to your Desktop, or possibly your downloads folder. Any log saved normally goes to the root of your hard drive "C:\" if you can find neither i`m not sure what has happened.

    VBoxAswDrv was part of Avasts NG system, it was used for virtualisation on a users system. It was found that some systems were either not up to the task of running NG or slowed the system right down. I believe it was also used for exploitation by malware.... it was discontinued early 2016 (I think)....

    What is happening with your system now, is there any odd or erratic behavior, same for your default browser...? Does the issue you mention regarding passwords still happen...?
     
  14. damselletoo

    damselletoo Thread Starter

    Joined:
    Jul 13, 2013
    Messages:
    32
    Huh, well that's weird, today when I logged in, the log was there in c drive....


    BlitzBlank 1.0.0.32

    File/Registry Modification Engine native application
    DeleteRegistryKeyOnReboot: keyName = "\Registry\Machine\hkey_local_machine\system\currentcontrolset\services\vboxaswdrv", backupFile = "(null)", replaceWithDummy = 0
    DeleteRegistryKeyByDriver: keyName = "\Registry\Machine\hkey_local_machine\system\currentcontrolset\services\vboxaswdrv", backupFile = "(null)", replaceWithDummy = 0
    OpenDriver: ZwLoadDriver(\Registry\Machine\System\CurrentControlSet\Services\blzblk) failed: status = c0000428
    DeleteRegistryKeyByDriver: OpenDriver failed: status = c0000428
    DeleteRegistryKeyOnReboot: DeleteRegistryKeyByDriver failed: status = c0000428

    it took ten seconds for firefox to open and load. which is much faster. before, I had to leave the room and come back.

    today, I had to log into this sight.

    I ran an avast smart scan. no viruses found, but other stuff found. I took screen shots:

    upload_2018-1-19_10-48-52.png

    upload_2018-1-19_10-49-53.png

    upload_2018-1-19_10-50-38.png

    upload_2018-1-19_10-51-9.png

    ^ not sure if any of these things are stuff I don't need
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Those screen shots are not critical entries that should be addressed asap, they are typical logs to show AVAST is doing a good job... Its really up to you what you do with AVAST findings, I make no comments on such software....

    vboxaswdrv is a remnant from AVAST as i`ve already made you aware, the only way to remove it is to turn off AVAST self protection, then deal with the entry...

    If you have no other issues or concerns run the following to clean up:

    Download "Delfix by Xplode" and save it to your desktop.

    Or use the following if first link is down:

    "Delfix link mirror"

    If your security program alerts to Delfix either, accept the alert or turn your security off.

    Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

    Make Sure the following items are checked:


    • Remove disinfection tools <----- this will remove tools we may have used.
    • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
    • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection

    Now click on "Run" and wait patiently until the tool has completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Any remnant files/logs from tools we have used can be deleted…

    Next,

    Read the following links to fully understand PC Security and Best Practices, you may find them useful....

    Answers to Common Security Questions and best Practices

    Do I need a Registry Cleaner?

    Take care and surf safe

    If you are satisfied all is now ok hit the "Mark Complete" tab at the top of the thread...

    Kevin... [​IMG]
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1202421

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice