hmacgr
Posts: 14 +0
Can't seen to rid myself of nasty browser malware Thanks for any insight. I've had to separate the addition txt as it's too big to post together.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by hmacgr (administrator) on HMACGR-PC (19-01-2017 09:32:56)
Running from C:\Users\hmacgr\Videos\Downloads
Loaded Profiles: hmacgr (Available Profiles: hmacgr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dldocoms.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Users\hmacgr\Videos\Downloads\Analysis2017.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167008 2009-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [Google Update] => C:\Users\hmacgr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [PhotoGadgetFirstRun_Portal] => [X]
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {38fe814f-183d-11e5-bd46-00269ec24b4a} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {923cbdf2-c7e7-11e4-9c8b-00269ec24b4a} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {923cc147-c7e7-11e4-9c8b-00269ec24b4a} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {9957473e-5125-11e5-a5b0-00269ec24b4a} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {99574807-5125-11e5-a5b0-00269ec24b4a} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-08-06] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-08-06] (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-3319097331-3074561023-2059268158-1000] => http://noblockweb.org/wpad.dat?b455205e9a1589084a67f860d371baf223773460
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{07F20D0B-1E61-4344-8F5F-15D0F556B85D}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3319097331-3074561023-2059268158-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3319097331-3074561023-2059268158-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3319097331-3074561023-2059268158-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3319097331-3074561023-2059268158-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\hmacgr\AppData\Roaming\Mozilla\Firefox\Profiles\hgkjqd0g.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-12-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-12-11] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\hmacgr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: @talk.google.com/O1DPlugin -> C:\Users\hmacgr\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: @tools.google.com/Google Update;version=3 -> C:\Users\hmacgr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: @tools.google.com/Google Update;version=9 -> C:\Users\hmacgr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: SkypePlugin -> C:\Users\hmacgr\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi.dll [2015-09-23] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: SkypePlugin64 -> C:\Users\hmacgr\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi-x64.dll [2015-09-23] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\hmacgr\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\hmacgr\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: No Name - C:\Users\hmacgr\AppData\Roaming\Mozilla\Firefox\Profiles\hgkjqd0g.default\Extensions\abs@avira.com [2017-01-16]
FF Extension: Pin It button - C:\Users\hmacgr\AppData\Roaming\Mozilla\Firefox\Profiles\hgkjqd0g.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-07-20]
FF Extension: Save Button for Pinterest - C:\Users\hmacgr\AppData\Roaming\Mozilla\Firefox\Profiles\hgkjqd0g.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-04-26]
Chrome:
=======
CHR HomePage: Default -> chrome://apps/
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Play Music) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-01-18]
CHR Extension: (Google Hangouts) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-18]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-08-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-16]
CHR Extension: (MonsterBall) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo [2015-10-04]
CHR Extension: (Clever Elements) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdfdcifbpbfgooijdefcahghfakaoiho [2015-02-16]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-02-16]
CHR Extension: (Weather Underground) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-02-16]
CHR Extension: (Gmail) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR Profile: C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-01]
CHR Extension: (Google Docs) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-01]
CHR Extension: (Google Drive) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-01]
CHR Extension: (YouTube) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-01]
CHR Extension: (Google Sheets) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-01]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-01]
CHR Extension: (Gmail) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nlbejmccbhkncgokjcmghpfloaajcffj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-07-09] (DisplayLink Corp.)
R2 dldo_device; C:\Windows\system32\dldocoms.exe [1044720 2007-10-05] ( )
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2710648 2016-08-23] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103168 2016-08-23] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [128512 2015-04-15] (Motorola Mobility LLC) [File not signed]
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFTrafMgr1.1; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [54712 2016-08-23] (AnchorFree Inc.)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.6.56275.0.sys [46384 2014-07-10] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-18] (Malwarebytes)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [18392 2013-01-25] (Scott)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-19 09:32 - 2017-01-19 09:33 - 00000000 ____D C:\FRST
2017-01-18 07:42 - 2017-01-18 07:42 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-18 07:42 - 2017-01-18 07:42 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-17 10:49 - 2017-01-17 10:49 - 00002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-17 10:49 - 2017-01-17 10:49 - 00002223 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-17 10:30 - 2017-01-17 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-17 10:30 - 2017-01-17 10:30 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-17 09:33 - 2017-01-17 09:33 - 00002340 _____ C:\Users\hmacgr\Desktop\Vivaldi.lnk
2017-01-17 09:33 - 2017-01-17 09:33 - 00002267 _____ C:\Users\hmacgr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-01-17 09:33 - 2017-01-17 09:33 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Chromium
2017-01-17 09:32 - 2017-01-17 09:33 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Vivaldi
2017-01-17 07:24 - 2017-01-17 07:24 - 00004622 _____ C:\Windows\system32\.crusader
2017-01-17 07:11 - 2017-01-17 10:04 - 00000000 ____D C:\AdwCleaner
2017-01-17 07:11 - 2017-01-17 07:24 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-16 07:59 - 2017-01-16 07:59 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2017-01-16 07:59 - 2017-01-16 07:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-01-16 07:59 - 2012-07-25 23:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2017-01-16 07:23 - 2017-01-18 06:36 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-16 07:23 - 2017-01-17 10:47 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-16 07:23 - 2017-01-16 08:21 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-16 07:22 - 2017-01-17 10:47 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-16 07:22 - 2017-01-17 10:46 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-16 07:22 - 2017-01-16 07:22 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-16 07:22 - 2017-01-16 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-16 07:22 - 2017-01-16 07:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-16 07:22 - 2017-01-16 07:22 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-16 07:22 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-19 09:30 - 2016-01-08 09:04 - 00003356 _____ C:\Windows\System32\Tasks\Acer Registration Data Sending
2017-01-19 09:30 - 2015-02-16 20:27 - 00000346 _____ C:\Windows\Tasks\Acer Registration Data Sending.job
2017-01-19 09:18 - 2015-02-16 20:26 - 00000000 ____D C:\Users\hmacgr\AppData\Local\VirtualStore
2017-01-19 08:09 - 2016-03-19 10:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 07:54 - 2016-10-12 11:53 - 00144729 _____ C:\Windows\WindowsUpdate.log
2017-01-18 07:42 - 2015-10-27 06:10 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-18 07:42 - 2015-10-27 06:10 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-18 07:42 - 2015-10-27 06:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-18 07:42 - 2015-05-14 12:07 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Adobe
2017-01-18 07:42 - 2009-09-10 22:45 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-17 10:54 - 2009-07-13 23:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-17 10:54 - 2009-07-13 23:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-17 10:51 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 10:49 - 2009-09-10 22:37 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-17 10:44 - 2015-04-22 09:09 - 00000000 ____D C:\Temp
2017-01-17 10:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-17 07:26 - 2009-09-10 22:37 - 00000000 ____D C:\Program Files\Google
2017-01-16 09:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-16 08:54 - 2016-03-20 09:56 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-01-16 08:32 - 2009-09-10 22:23 - 00000000 ____D C:\ProgramData\WildTangent
2017-01-16 08:32 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-16 08:30 - 2015-02-16 21:15 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Deployment
2017-01-16 08:25 - 2015-02-16 21:15 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Google
2017-01-16 08:25 - 2009-09-10 22:37 - 00000000 ____D C:\ProgramData\Google
2017-01-16 08:22 - 2015-04-22 08:27 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-16 08:18 - 2009-07-14 00:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-15 15:36 - 2016-11-18 21:28 - 00000000 ____D C:\Users\hmacgr\AppData\LocalLow\Mozilla
2017-01-12 22:01 - 2016-03-19 10:31 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2015-06-14 09:41 - 2015-06-14 09:41 - 0003584 _____ () C:\Users\hmacgr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-07 10:25 - 2015-09-07 10:25 - 0003363 _____ () C:\Users\hmacgr\AppData\Local\ZedgeLog.txt
2016-02-24 11:21 - 2016-02-24 11:21 - 0000087 _____ () C:\ProgramData\dldo.log
2015-02-27 16:30 - 2016-03-20 11:11 - 0008906 _____ () C:\ProgramData\hpzinstall.log
2015-02-16 20:39 - 2015-02-16 20:56 - 0000108 _____ () C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
2015-02-16 20:40 - 2015-02-16 20:57 - 0000114 _____ () C:\ProgramData\{70CC0095-AA68-45BE-AE98-D8170182E9EB}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-13 22:21
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by hmacgr (administrator) on HMACGR-PC (19-01-2017 09:32:56)
Running from C:\Users\hmacgr\Videos\Downloads
Loaded Profiles: hmacgr (Available Profiles: hmacgr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dldocoms.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Users\hmacgr\Videos\Downloads\Analysis2017.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\hmacgr\AppData\Local\Vivaldi\Application\vivaldi.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167008 2009-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [Google Update] => C:\Users\hmacgr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\Run: [PhotoGadgetFirstRun_Portal] => [X]
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {38fe814f-183d-11e5-bd46-00269ec24b4a} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {923cbdf2-c7e7-11e4-9c8b-00269ec24b4a} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {923cc147-c7e7-11e4-9c8b-00269ec24b4a} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {9957473e-5125-11e5-a5b0-00269ec24b4a} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\...\MountPoints2: {99574807-5125-11e5-a5b0-00269ec24b4a} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-08-06] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-08-06] (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-3319097331-3074561023-2059268158-1000] => http://noblockweb.org/wpad.dat?b455205e9a1589084a67f860d371baf223773460
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{07F20D0B-1E61-4344-8F5F-15D0F556B85D}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
HKU\S-1-5-21-3319097331-3074561023-2059268158-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z5600&r=173602155500p0447y145w4401t53o
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3319097331-3074561023-2059268158-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3319097331-3074561023-2059268158-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3319097331-3074561023-2059268158-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3319097331-3074561023-2059268158-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\hmacgr\AppData\Roaming\Mozilla\Firefox\Profiles\hgkjqd0g.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-12-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-12-11] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\hmacgr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: @talk.google.com/O1DPlugin -> C:\Users\hmacgr\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: @tools.google.com/Google Update;version=3 -> C:\Users\hmacgr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: @tools.google.com/Google Update;version=9 -> C:\Users\hmacgr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: SkypePlugin -> C:\Users\hmacgr\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi.dll [2015-09-23] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3319097331-3074561023-2059268158-1000: SkypePlugin64 -> C:\Users\hmacgr\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi-x64.dll [2015-09-23] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\hmacgr\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\hmacgr\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: No Name - C:\Users\hmacgr\AppData\Roaming\Mozilla\Firefox\Profiles\hgkjqd0g.default\Extensions\abs@avira.com [2017-01-16]
FF Extension: Pin It button - C:\Users\hmacgr\AppData\Roaming\Mozilla\Firefox\Profiles\hgkjqd0g.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-07-20]
FF Extension: Save Button for Pinterest - C:\Users\hmacgr\AppData\Roaming\Mozilla\Firefox\Profiles\hgkjqd0g.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-04-26]
Chrome:
=======
CHR HomePage: Default -> chrome://apps/
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Play Music) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-01-18]
CHR Extension: (Google Hangouts) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-18]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-08-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-16]
CHR Extension: (MonsterBall) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo [2015-10-04]
CHR Extension: (Clever Elements) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdfdcifbpbfgooijdefcahghfakaoiho [2015-02-16]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-02-16]
CHR Extension: (Weather Underground) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-02-16]
CHR Extension: (Gmail) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR Profile: C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-01]
CHR Extension: (Google Docs) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-01]
CHR Extension: (Google Drive) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-01]
CHR Extension: (YouTube) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-01]
CHR Extension: (Google Sheets) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-01]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-01]
CHR Extension: (Gmail) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\hmacgr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nlbejmccbhkncgokjcmghpfloaajcffj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-07-09] (DisplayLink Corp.)
R2 dldo_device; C:\Windows\system32\dldocoms.exe [1044720 2007-10-05] ( )
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2710648 2016-08-23] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103168 2016-08-23] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [128512 2015-04-15] (Motorola Mobility LLC) [File not signed]
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFTrafMgr1.1; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [54712 2016-08-23] (AnchorFree Inc.)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.6.56275.0.sys [46384 2014-07-10] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-18] (Malwarebytes)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [18392 2013-01-25] (Scott)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-19 09:32 - 2017-01-19 09:33 - 00000000 ____D C:\FRST
2017-01-18 07:42 - 2017-01-18 07:42 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-18 07:42 - 2017-01-18 07:42 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-17 10:49 - 2017-01-17 10:49 - 00002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-17 10:49 - 2017-01-17 10:49 - 00002223 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-17 10:30 - 2017-01-17 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-17 10:30 - 2017-01-17 10:30 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-17 09:33 - 2017-01-17 09:33 - 00002340 _____ C:\Users\hmacgr\Desktop\Vivaldi.lnk
2017-01-17 09:33 - 2017-01-17 09:33 - 00002267 _____ C:\Users\hmacgr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-01-17 09:33 - 2017-01-17 09:33 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Chromium
2017-01-17 09:32 - 2017-01-17 09:33 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Vivaldi
2017-01-17 07:24 - 2017-01-17 07:24 - 00004622 _____ C:\Windows\system32\.crusader
2017-01-17 07:11 - 2017-01-17 10:04 - 00000000 ____D C:\AdwCleaner
2017-01-17 07:11 - 2017-01-17 07:24 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-16 07:59 - 2017-01-16 07:59 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2017-01-16 07:59 - 2017-01-16 07:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-01-16 07:59 - 2012-07-25 23:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2017-01-16 07:23 - 2017-01-18 06:36 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-16 07:23 - 2017-01-17 10:47 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-16 07:23 - 2017-01-16 08:21 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-16 07:22 - 2017-01-17 10:47 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-16 07:22 - 2017-01-17 10:46 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-16 07:22 - 2017-01-16 07:22 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-16 07:22 - 2017-01-16 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-16 07:22 - 2017-01-16 07:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-16 07:22 - 2017-01-16 07:22 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-16 07:22 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-19 09:30 - 2016-01-08 09:04 - 00003356 _____ C:\Windows\System32\Tasks\Acer Registration Data Sending
2017-01-19 09:30 - 2015-02-16 20:27 - 00000346 _____ C:\Windows\Tasks\Acer Registration Data Sending.job
2017-01-19 09:18 - 2015-02-16 20:26 - 00000000 ____D C:\Users\hmacgr\AppData\Local\VirtualStore
2017-01-19 08:09 - 2016-03-19 10:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 07:54 - 2016-10-12 11:53 - 00144729 _____ C:\Windows\WindowsUpdate.log
2017-01-18 07:42 - 2015-10-27 06:10 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-18 07:42 - 2015-10-27 06:10 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-18 07:42 - 2015-10-27 06:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-18 07:42 - 2015-05-14 12:07 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Adobe
2017-01-18 07:42 - 2009-09-10 22:45 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-17 10:54 - 2009-07-13 23:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-17 10:54 - 2009-07-13 23:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-17 10:51 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 10:49 - 2009-09-10 22:37 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-17 10:44 - 2015-04-22 09:09 - 00000000 ____D C:\Temp
2017-01-17 10:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-17 07:26 - 2009-09-10 22:37 - 00000000 ____D C:\Program Files\Google
2017-01-16 09:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-16 08:54 - 2016-03-20 09:56 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-01-16 08:32 - 2009-09-10 22:23 - 00000000 ____D C:\ProgramData\WildTangent
2017-01-16 08:32 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-16 08:30 - 2015-02-16 21:15 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Deployment
2017-01-16 08:25 - 2015-02-16 21:15 - 00000000 ____D C:\Users\hmacgr\AppData\Local\Google
2017-01-16 08:25 - 2009-09-10 22:37 - 00000000 ____D C:\ProgramData\Google
2017-01-16 08:22 - 2015-04-22 08:27 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-16 08:18 - 2009-07-14 00:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-15 15:36 - 2016-11-18 21:28 - 00000000 ____D C:\Users\hmacgr\AppData\LocalLow\Mozilla
2017-01-12 22:01 - 2016-03-19 10:31 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2015-06-14 09:41 - 2015-06-14 09:41 - 0003584 _____ () C:\Users\hmacgr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-07 10:25 - 2015-09-07 10:25 - 0003363 _____ () C:\Users\hmacgr\AppData\Local\ZedgeLog.txt
2016-02-24 11:21 - 2016-02-24 11:21 - 0000087 _____ () C:\ProgramData\dldo.log
2015-02-27 16:30 - 2016-03-20 11:11 - 0008906 _____ () C:\ProgramData\hpzinstall.log
2015-02-16 20:39 - 2015-02-16 20:56 - 0000108 _____ () C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
2015-02-16 20:40 - 2015-02-16 20:57 - 0000114 _____ () C:\ProgramData\{70CC0095-AA68-45BE-AE98-D8170182E9EB}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-13 22:21
==================== End of FRST.txt ============================