Which EXE should I run?

[GT500]

20 hours ago, maki said:

But then why EEK? Are there any other Emsisoft "freeware" tools that are also equally effective at looking for malware?

EEK is a scanner that uses Anti-Virus engines and databases, and presents detections to the user so they can select to quarantine or delete them. FRST is an advanced tool that saves a log that must be analyzed by an expert, and it does not give the user a list of detections or allow the user to select anything for deletion (it only deletes stuff if a script tells it to).

We used to make a tool similar to Process Explorer, however we discontinued it about 7 or 8 years ago.

Edited December 20, 2020 by GT500
Added link to Process Explorer.

[maki]

I can see some important data here that should not be deleted.

 

Items scanned: 1065975

Malware/PUP found: 1239
=====================================================================================================================
6    PUP.FlowSpirit    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\SOFTWARE\Jingling
6    PUP.FlowSpirit    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\SOFTWARE\Jingling::eng_uicfg.1
6    PUP.FlowSpirit    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\SOFTWARE\Jingling::eng_tcfg.1
6    PUP.FlowSpirit    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\SOFTWARE\Jingling::eng_tcfg.2
6    Trojan.HomepageDefender    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\SOFTWARE\Akelsoft\AkelPad
6    Trojan.HomepageDefender    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\SOFTWARE\Akelsoft\AkelPad\Options
6    Trojan.HomepageDefender    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\SOFTWARE\Akelsoft\AkelPad\Search
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::ISN
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::[(DEFAULT)]
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::Language
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::kitType
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::ConvertDirectory
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::DisplayAds
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::AdsUrl
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::NextCheckAutoUpdate
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::OfferDisplayTime
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::OfferLastId
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::ConversionTypeDwnld
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::ConvertQualityDwnld
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::DownloadQuality
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::DownloadDirectory
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::DeleteOriginalFile
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::AutoConvert
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::ConversionType
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::ConvertQuality
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::InitialDirectory
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::DeleteAfterConversion
6    Adware.YTDownloader    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\GreenTree Applications\YTD::SameFolderAsDwnlds
6    PUP.Adguard    HKLM\SOFTWARE\Wow6432Node\Adguard
6    PUP.Adguard    HKLM\SOFTWARE\Wow6432Node\Adguard::AffiliateId
7    Tuvaro Toolbar    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\Software\Microsoft\Internet Explorer\SearchScopes::DefaultScope
6    Adware.YTDownloader    HKLM\Software\Classes\Wow6432Node\interface\{5252AC41-94BB-11D1-B2E7-444553540000}
6    Adware.YTDownloader    HKLM\Software\Classes\Wow6432Node\interface\{5252AC41-94BB-11D1-B2E7-444553540000}::[(DEFAULT)]
6    Adware.YTDownloader    HKLM\Software\Classes\Wow6432Node\interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32
6    Adware.YTDownloader    HKLM\Software\Classes\Wow6432Node\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}
6    Adware.YTDownloader    HKLM\Software\Classes\Wow6432Node\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}::[(DEFAULT)]
6    Adware.YTDownloader    HKLM\Software\Classes\Wow6432Node\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32
6    Adware.YTDownloader    HKCR\interface\{5252AC41-94BB-11D1-B2E7-444553540000}
6    Adware.YTDownloader    HKCR\interface\{5252AC41-94BB-11D1-B2E7-444553540000}::[(DEFAULT)]
6    Adware.YTDownloader    HKCR\interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32
6    Adware.YTDownloader    HKCR\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}
6    Adware.YTDownloader    HKCR\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}::[(DEFAULT)]
6    Adware.YTDownloader    HKCR\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32
6    Adware.YTDownloader    HKLM\SOFTWARE\Classes\interface\{5252AC41-94BB-11D1-B2E7-444553540000}
6    Adware.YTDownloader    HKLM\SOFTWARE\Classes\interface\{5252AC41-94BB-11D1-B2E7-444553540000}::[(DEFAULT)]
6    Adware.YTDownloader    HKLM\SOFTWARE\Classes\interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32
6    Adware.YTDownloader    HKLM\SOFTWARE\Classes\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}
6    Adware.YTDownloader    HKLM\SOFTWARE\Classes\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}::[(DEFAULT)]
6    Adware.YTDownloader    HKLM\SOFTWARE\Classes\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32
6    Adware.YTDownloader    HKLM\SOFTWARE\Wow6432Node\Classes\interface\{5252AC41-94BB-11D1-B2E7-444553540000}
6    Adware.YTDownloader    HKLM\SOFTWARE\Wow6432Node\Classes\interface\{5252AC41-94BB-11D1-B2E7-444553540000}::[(DEFAULT)]
6    Adware.YTDownloader    HKLM\SOFTWARE\Wow6432Node\Classes\interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ProxyStubClsid32
6    Adware.YTDownloader    HKLM\SOFTWARE\Wow6432Node\Classes\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}
6    Adware.YTDownloader    HKLM\SOFTWARE\Wow6432Node\Classes\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}::[(DEFAULT)]
6    Adware.YTDownloader    HKLM\SOFTWARE\Wow6432Node\Classes\interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ProxyStubClsid32
1    Adware Helpers    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Preferences
1    PUP.Rutube    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Web Data
19    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences::bpgpffljkgjmijjdmjbdppndoojdgboe
19    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences::ceoldlgkhdbnnUNKNOWNjjgfapagjccblib
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\css
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\css\style.css
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\images
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\images\arrows.png
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\images\icon128.png
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\images\icon16.png
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\images\icon48.png
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\images\premium-lock.png
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\images\sprites.png
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\images\tab-icons.png
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\images\toggler.png
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js\aa-collector.js
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js\background.js
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js\controller.js
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js\covers.js
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js\emoji_list.js
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js\lib
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js\lib\jquery-2.1.0.min.js
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js\lib\jquery.bind-first-0.2.3.min.js
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\js\mogicons.js
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\manifest.json
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\_metadata
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\_metadata\computed_hashes.json
1    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe\4.3.4_0\_metadata\verified_contents.json
0    PUP.Chedot    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\bpgpffljkgjmijjdmjbdppndoojdgboe
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\css
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\css\popup.css
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\opensans.ttf
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\opensans.woff
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\opensans.woff2
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\opensansbold.ttf
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\opensansbold.woff
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\opensansbold.woff2
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\SFUIText-Bold.eot
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\SFUIText-Bold.ttf
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\SFUIText-Bold.woff
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\SFUIText-Regular.eot
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\SFUIText-Regular.ttf
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\fonts\SFUIText-Regular.woff
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\img
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\img\kinopoisk_btn.svg
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\img\mailru_btn.svg
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\img\vk_128.png
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\img\vk_16.png
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\img\vk_btn.svg
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\img\yandex_btn.svg
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\js
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\js\background.js
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\js\jquery.js
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\js\popup.js
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\js\tippy.all.js
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\manifest.fingerprint
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\manifest.json
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\popup.html
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_locales
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_locales\en
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_locales\en\messages.json
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_locales\ru
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_locales\ru\messages.json
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_locales\uk
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_locales\uk\messages.json
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_metadata
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_metadata\computed_hashes.json
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\4.2.0_0\_metadata\verified_contents.json
0    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\extensions\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\000003.log
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\CURRENT
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\LOCK
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\LOG
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\LOG.old
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\MANIFEST-000001
0    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\000003.log
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\CURRENT
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\LOCK
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\LOG
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\LOG.old
1    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib\MANIFEST-000001
0    PUP.Browser Extensions    C:\Users\UNKNOWN\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoldlgkhdbnnUNKNOWNjjgfapagjccblib
6    PUP.Chedot    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings::bpgpffljkgjmijjdmjbdppndoojdgboe
6    PUP.Browser Extensions    HKU\S-1-5-21-505828563-3318272327-2646893776-1000\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings::ceoldlgkhdbnnUNKNOWNjjgfapagjccblib

[GT500]

21 hours ago, maki said:

I can see some important data here that should not be deleted.

What's that log from?

[maki]

I used "Emsisoft Anti-Malware" (trial version) It detected nothing.
So I used the advanced tool "Spy Hunter 5" (trial version) and it showed: trih POPUP/ADWARE/toolbar/TROJAN AkelPad(false?) etc.

[GT500]

19 hours ago, maki said:

So I used the advanced tool "Spy Hunter 5" (trial version) and it showed: trih POPUP/ADWARE/toolbar/TROJAN AkelPad(false?) etc.

I don't think I can make any comment on that without getting us sued, so I'll just say that you might want to pick another scanner for your second opinion.

[GT500]

19 hours ago, maki said:

I used "Emsisoft Anti-Malware" (trial version) It detected nothing.

FYI: EEK isn't supposed to work on a computer that has Emsisoft Anti-Malware installed. They both need our Emsisoft Protection Platform (EPP) driver, but they each have their own version of this driver, and they're not compatible with each other.