Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Malware [Solved]


  • This topic is locked This topic is locked

#1
md262

md262

    Member

  • Member
  • PipPip
  • 90 posts

Hi- Our Dell Inspiron 580S has been running slowly lately.  The PC has been freezing more and more frequently particularly Google Chrome.  The only solution has been to reboot the system.  Wondering if it's Malware due to the game downloads my kids have been playing.  Appreciate any advice and insight.  Thanks!


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.


  • 0

#3
md262

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Thank you.  Here are the scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018

Ran by jklm (administrator) on JKLM-PC (22-07-2018 17:50:34)
Running from C:\Users\jklm\Desktop
Loaded Profiles: jklm 
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(The CefSharp Authors) C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM\...\Run: [AccessSecureData] => C:\Users\jklm\AppData\Local\Temp\{9F5CF87B-936C-4C96-A72B-5800FA6EDC00}\AccessSecureData.exe <==== ATTENTION
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-18] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-28] (Piriform Ltd)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-05-26]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B6A67A2E-1155-47C1-B66A-47F0D95A2DAF}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2695581885-3589152984-3162700467-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2695581885-3589152984-3162700467-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> DefaultScope {165FB8EE-01A8-4939-9492-509DE3C9C365} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> {165FB8EE-01A8-4939-9492-509DE3C9C365} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1003 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1003 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-07] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-07] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2018-03-18] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2018-03-18] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2018-03-18] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2018-03-18] (Microsoft Corporation)
 
FireFox:
========
FF HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-23] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-07] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default [2018-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin Ltd. or its subsidiaries)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; c:\program files\dell support center\pcdsrvc_x64.pkms [25072 2010-07-30] (PC-Doctor, Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3741960 2015-06-19] (Realtek Semiconductor Corporation )
R0 Sahara; C:\Windows\System32\drivers\Sahara.sys [243744 2017-06-21] (Safend Ltd.)
R0 Salvador; C:\Windows\System32\drivers\Salvador.sys [50208 2017-06-21] (Safend Ltd.)
R0 Scarlet; C:\Windows\System32\drivers\Scarlet.sys [44576 2017-06-21] (Safend Ltd.)
R0 Sidney; C:\Windows\System32\drivers\Sidney.sys [132128 2017-06-21] (Safend Ltd.)
R0 SpfdBus; C:\Windows\System32\DRIVERS\SpfdBus.sys [11296 2013-02-21] (Safend Ltd.)
U5 SPHINX; C:\Windows\System32\Drivers\SPHINX.sys [78880 2017-06-21] (Safend Ltd.)
S0 Spfd; system32\DRIVERS\Spfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-22 17:50 - 2018-07-22 17:51 - 000021723 ____C C:\Users\jklm\Desktop\FRST.txt
2018-07-22 17:50 - 2018-07-22 17:50 - 000000000 ___DC C:\FRST
2018-07-22 17:48 - 2018-07-22 17:49 - 000000000 ___DC C:\Users\jklm\Desktop\Possible Malware - Virus, Spyware, Malware Removal (07-18-18)
2018-07-22 17:47 - 2018-07-22 17:48 - 002412544 ____C (Farbar) C:\Users\jklm\Desktop\FRST64.exe
2018-07-22 08:36 - 2018-07-22 08:36 - 000000000 ___DC C:\Users\jklm\Desktop\WHAT I DESERVE
2018-07-20 23:39 - 2018-07-20 23:40 - 000000000 ___DC C:\Users\jklm\Desktop\Thule Force XXL
2018-07-20 23:30 - 2018-07-20 23:39 - 000000000 ___DC C:\Users\jklm\Desktop\Stretches
2018-07-08 11:43 - 2018-07-08 11:43 - 000028160 ____C C:\Users\jklm\Downloads\Marcy's Birthday Dinner 2017.xls
2018-07-08 11:43 - 2018-07-08 11:43 - 000028160 ____C C:\Users\jklm\Downloads\Marcy's Birthday Dinner 2017 (1).xls
2018-07-04 10:09 - 2018-07-04 10:09 - 000000143 ____C C:\Users\jklm\Desktop\The North Face Men's Mudder Trucker Hat - DICK'S Sporting Goods.url
2018-07-04 10:09 - 2018-07-04 10:09 - 000000103 ____C C:\Users\jklm\Desktop\MUDDER TRUCKER - United States.url
2018-07-04 10:09 - 2018-07-04 10:09 - 000000097 ____C C:\Users\jklm\Desktop\The North Face Americana Trucker Hat at REI.url
2018-06-30 10:44 - 2018-06-30 10:44 - 000266622 ____C C:\Users\jklm\Downloads\6_20_2018.pdf
2018-06-22 23:36 - 2018-07-17 06:26 - 000000000 ___DC C:\Users\jklm\Desktop\Grand Canyon South Rim
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-22 17:48 - 2013-07-27 11:19 - 000000000 ___DC C:\Users\jklm\AppData\Roaming\MediaMonkey
2018-07-22 14:01 - 2011-06-11 19:25 - 000000422 ____C C:\Windows\Tasks\SystemToolsDailyTest.job
2018-07-22 14:00 - 2011-06-12 14:00 - 000003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2018-07-22 14:00 - 2011-06-11 19:25 - 000003440 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2018-07-22 11:05 - 2011-06-12 19:58 - 000000000 ___DC C:\Users\jklm\Documents\Outlook Files
2018-07-20 23:52 - 2018-05-29 22:46 - 000000000 ___DC C:\Users\jklm\Desktop\Depeche Mode
2018-07-16 20:18 - 2009-07-13 21:45 - 000014016 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-16 20:18 - 2009-07-13 21:45 - 000014016 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-16 15:02 - 2011-06-12 12:51 - 000563832 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-07-14 18:47 - 2011-04-07 13:04 - 000000000 ___DC C:\Users\Default\AppData\Local\SoftThinks
2018-07-14 18:47 - 2011-04-07 13:04 - 000000000 ___DC C:\Users\Default User\AppData\Local\SoftThinks
2018-07-14 18:47 - 2011-04-07 12:35 - 000000000 ___DC C:\Program Files (x86)\Dell DataSafe Local Backup
2018-07-14 08:05 - 2009-07-13 22:08 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2018-07-13 01:53 - 2017-01-24 20:40 - 000004476 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-07-13 01:52 - 2017-01-24 20:39 - 000002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-10 11:56 - 2018-03-13 14:56 - 000004458 ____C C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-10 11:56 - 2013-03-09 16:35 - 000842240 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-07-10 11:56 - 2013-03-09 16:35 - 000175104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-10 11:56 - 2013-03-09 16:35 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-07-10 11:56 - 2013-03-09 16:35 - 000000000 ___DC C:\Windows\system32\Macromed
2018-07-10 11:56 - 2011-04-07 12:27 - 000000000 ___DC C:\Windows\SysWOW64\Macromed
2018-07-10 06:58 - 2011-06-11 19:25 - 000000564 ____C C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2018-07-08 12:02 - 2011-06-24 07:41 - 000000000 ___DC C:\Users\jklm\Documents\(Leslie)
2018-07-08 11:00 - 2011-06-11 19:25 - 000004258 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2018-07-02 08:13 - 2016-11-22 20:17 - 000000000 ___DC C:\Users\Jenna
2018-07-02 08:13 - 2014-07-20 01:26 - 000000000 ___DC C:\Users\Michael
2018-07-02 08:13 - 2013-05-19 18:44 - 000000000 ___DC C:\Users\Leslie
2018-06-28 20:30 - 2016-01-25 19:09 - 000000000 ___DC C:\Users\jklm\Desktop\Best Pics Ever
2018-06-27 00:03 - 2015-06-21 09:34 - 000002186 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-27 00:03 - 2015-06-21 09:34 - 000002145 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-23 12:04 - 2018-03-07 03:16 - 000004128 ____C C:\Windows\System32\Tasks\CCleaner Update
 
==================== Files in the root of some directories =======
 
2013-11-17 19:03 - 2013-11-17 19:03 - 000004096 ___HC () C:\Users\jklm\AppData\Local\keyfile3.drm
 
Some files in TEMP:
====================
2018-05-30 06:41 - 2018-05-30 06:37 - 002758672 ____C () C:\Users\jklm\AppData\Local\Temp\removeSZB.exe
2015-07-24 14:07 - 2015-07-24 14:07 - 000011264 _____ () C:\Users\Leslie\AppData\Local\Temp\xfi94sql.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-17 00:37
 
==================== End of FRST.txt ============================
 
******
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by jklm (22-07-2018 17:51:36)
Running from C:\Users\jklm\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-12 03:16:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2695581885-3589152984-3162700467-500 - Administrator - Disabled)
Guest (S-1-5-21-2695581885-3589152984-3162700467-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2695581885-3589152984-3162700467-1002 - Limited - Enabled)
jklm (S-1-5-21-2695581885-3589152984-3162700467-1001 - Administrator - Enabled) => C:\Users\jklm
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{20AB389B-8602-403C-B19B-F0A1D6C510A5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cinema_Plus-1.2V19.06 (HKLM-x32\...\Cinema_Plus-1.2V19.06) (Version: 1.36.01.22 - Cinema_Plus-1.2V19.06) <==== ATTENTION
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (HKLM-x32\...\{6E257EB0-5EFF-416D-82D4-592924566BB4}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free Audio Converter version 5.0.38.423 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.38.423 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{3e534d41-dcc4-4f51-9858-70dd42beb3d5}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E1C18A5C-63D7-4DC5-977F-5B4BAB4169D9}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IneedSpeed (HKLM-x32\...\7D97A712-EA2C-C889-15C2-FB6C8019A56D) (Version:  - IneedSpeed-software)
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Internet Explorer (HKLM-x32\...\{AA31EA7B-7917-4000-949B-38E91F848A25}) (Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java™ 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LaserJet 1020 series (HKLM-x32\...\HP-LaserJet 1020 series) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.0.150.1 - McAfee)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
TL-WN725N_WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.5.32 - WildTangent)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
YouTube Downloader 5 (HKLM-x32\...\YouTube Downloader_is1) (Version:  - Kotato)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2010-11-30] (Microsoft Corporation)
ContextMenuHandlers1: [Kotato.FLVConverter] -> {28863A2A-2FDE-40A2-A329-5DC47FAD70CB} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVC_WS.dll -> No File
ContextMenuHandlers1: [Kotato.FLVPlayer] -> {053B0549-6E21-404A-8C80-43DE13174332} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVP_WS.dll -> No File
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-04] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2010-11-30] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2010-11-30] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-04-01] (Intel Corporation)
ContextMenuHandlers6: [Kotato.FLVConverter] -> {28863A2A-2FDE-40A2-A329-5DC47FAD70CB} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVC_WS.dll -> No File
ContextMenuHandlers6: [Kotato.FLVPlayer] -> {053B0549-6E21-404A-8C80-43DE13174332} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVP_WS.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06B6C5E5-6208-4BA7-992C-A1A96774E915} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-06-06] ()
Task: {0F47D358-E59D-4098-99DB-C1A958878350} - System32\Tasks\HPCustPartic.exe_{35042773-B1AE-4985-9F14-21B84BCA8001} => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {108C1E21-5089-48EF-BD11-1501899CE4AC} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-08-05] ()
Task: {212E79B7-A3EC-4B29-ADAE-6F7A003DCA81} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-05] (AVAST Software)
Task: {3F9FFB51-01F5-4118-A21C-AAC2C511CF39} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-27] (McAfee, Inc.)
Task: {4EDB6E6F-D1C5-4562-996F-7AC45B801E87} - System32\Tasks\{39A1393B-21B3-4D56-830C-93542D034A88} => C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
Task: {5773C316-3E31-4457-80EB-A4D9D6313CF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5CD2788A-2A84-4243-860F-29BF6BE12267} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {677FA86E-8180-41D6-85A3-09C60D8B7CFC} - System32\Tasks\{F6C4D047-EC52-4B20-A24A-8ED40FFE4EE1} => C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
Task: {6D82E243-5B7C-45FB-8CE2-8C9CBCB64EF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {6F0C4BD5-136A-41B2-97BE-E9A0A8939D55} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {9875B4B7-4608-4EE8-A7BD-BDD84AD6C45A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {9C494CE0-EAD7-4D7A-B043-EB0E53A5BD92} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {AACBE3DE-4533-41A1-9110-33CA1009219D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {AC5033BA-CE31-4FDD-A35C-9870C6E7A78B} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {C65B53BE-655F-4EA7-B8A3-37A466C460F9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {C8395013-B967-494F-B484-DC2AEEAAC22C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-28] (Piriform Ltd)
Task: {EC030BBA-1A99-48A5-9616-E98AC8CE8371} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-28] (Piriform Ltd)
Task: {F6BA4C1F-5DC6-44F3-9C26-E783E739F7FC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\jklm\Documents\Dell Original Files, Desktop Settings\Dell Desktop Original Shortcuts\eBay.lnk -> C:\Program Files (x86)\eBay\Browser Launcher.exe (eBay Inc.) -> hxxp://rover.ebay.com/rover/1/711-86042-13409-1/4?mpre=hxxp://ebay.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-06-12 13:32 - 2010-05-13 23:48 - 000192512 _____ () C:\Windows\System32\zlhp1020.dll
2011-06-12 13:33 - 2010-05-13 23:48 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 000092472 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 001354040 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-07 12:35 - 2011-08-18 08:05 - 002751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2017-05-26 23:43 - 2015-03-20 16:23 - 002206208 ____C () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 000514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2015-07-10 22:05 - 2015-06-18 12:22 - 000062464 ____C () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2018-06-27 00:03 - 2018-06-22 12:15 - 004608856 ____C () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-27 00:03 - 2018-06-22 12:15 - 000099672 ____C () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 ____C () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2018-06-06 14:31 - 2018-06-06 14:31 - 000073216 ____C () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2017-05-26 23:43 - 2015-03-23 17:33 - 001411072 ____C () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2017-05-26 23:43 - 2015-03-20 16:16 - 000192000 ____C () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2017-05-26 23:43 - 2015-03-20 16:36 - 001693696 ____C () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 000375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2017-04-18 05:45 - 2017-04-18 05:45 - 001227264 ____C () C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 067109376 ____C () C:\Program Files (x86)\Garmin\Express\libcef.dll
2017-04-18 05:45 - 2017-04-18 05:45 - 000808960 ____C () C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 002246144 ____C () C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 000079360 ____C () C:\Program Files (x86)\Garmin\Express\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2017-12-14 00:03 - 000000838 ____C C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2695581885-3589152984-3162700467-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Jenna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7D6CF809-00B0-4712-B341-7EDEB334D2BF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A39C0790-924F-4DD8-BEB0-EB925C7798A1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FC5A360B-6592-4732-A2F5-E9C15C23D4FD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{52923224-012A-4AF5-B97B-5BE82B613CDD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{C5E93250-52D4-41C5-90A0-62004F2DE9F0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{46E28A6F-C857-4DA5-A1C2-9ADE353806D1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{1E8C0CBA-5632-4F3C-B81F-7F73476BA798}] => (Allow) LPort=5357
FirewallRules: [{28792FFB-514E-42CF-8D44-3840B2F1C4E7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B49C8454-5F71-45D3-A6A5-82D4F30D564B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{9992EA15-715D-431B-98BE-EBA194E3419D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3EB2846F-6E86-4FAF-8EBE-3D1FE6212739}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{EC51BB85-EDDD-4A18-9F17-40DAD459B74A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{58D5BD7A-5B9C-4F07-9E4D-82664D346D9E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2F9ABFD2-EEAC-45A4-996E-F7C5F262DA46}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0B8B97AF-0586-47C8-B509-A500DAFC7C6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2C2F4C4F-98C3-4C79-BA4C-9A02884A26F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7695CBC-F043-4C8F-8964-5E5014CD8D89}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53692C76-D99A-495B-AC1B-0696F15F260B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C59021B7-79FE-428F-A90F-573C8A9A7DC9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BB83C8A2-A815-4319-962B-8D33F81A3460}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{98181F57-E7C7-4C3E-B607-36B136629448}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
19-07-2018 00:00:00 Scheduled Checkpoint
22-07-2018 01:40:32 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/22/2018 05:28:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/22/2018 05:08:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/22/2018 04:28:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/22/2018 04:08:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/22/2018 03:28:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/22/2018 03:08:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/22/2018 02:28:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (07/22/2018 02:08:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (07/18/2018 08:20:23 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (07/14/2018 06:52:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (07/14/2018 06:47:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/14/2018 08:06:43 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
 
Feature: Behavior Monitoring
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
 
Error: (07/14/2018 08:06:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Spfd
 
Error: (07/14/2018 08:06:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/14/2018 08:05:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (07/14/2018 08:05:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:04:12 AM on ‎7/‎14/‎2018 was unexpected.
 
 
CodeIntegrity:
===================================
 
Date: 2016-09-20 20:31:30.702
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2016-09-20 20:31:30.701
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2016-08-28 20:17:06.118
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2016-08-28 20:15:29.532
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2016-08-28 20:15:29.251
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2016-08-21 08:48:23.927
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2016-08-21 08:45:36.150
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2016-08-21 08:45:35.182
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 47%
Total physical RAM: 7991.12 MB
Available physical RAM: 4232.11 MB
Total Virtual: 15980.43 MB
Available Virtual: 11156.19 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1383.41 GB) (Free:59.8 GB) NTFS
 
\\?\Volume{a9366a6a-615c-11e0-95a2-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:13.81 GB) (Free:5.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1383.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Please remove the following programs:

Cinema_Plus-1.2V19.06 (HKLM-x32\...\Cinema_Plus-1.2V19.06) (Version: 1.36.01.22 - Cinema_Plus-1.2V19.06) <==== ATTENTION
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut) <==== ATTENTION

 

 

  • Highlight the entire content of the quote box below.

Start::  
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S0 Spfd; system32\DRIVERS\Spfd.sys [X]
FirewallRules: [{1E8C0CBA-5632-4F3C-B81F-7F73476BA798}] => (Allow) LPort=5357
HKLM\...\Run: [AccessSecureData] => C:\Users\jklm\AppData\Local\Temp\{9F5CF87B-936C-4C96-A72B-5800FA6EDC00}\AccessSecureData.exe <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Toolbar: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Kotato.FLVConverter] -> {28863A2A-2FDE-40A2-A329-5DC47FAD70CB} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVC_WS.dll -> No File
ContextMenuHandlers1: [Kotato.FLVPlayer] -> {053B0549-6E21-404A-8C80-43DE13174332} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVP_WS.dll -> No File
ContextMenuHandlers6: [Kotato.FLVConverter] -> {28863A2A-2FDE-40A2-A329-5DC47FAD70CB} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVC_WS.dll -> No File
ContextMenuHandlers6: [Kotato.FLVPlayer] -> {053B0549-6E21-404A-8C80-43DE13174332} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVP_WS.dll -> No File
HKLM\...\Run: [AccessSecureData] => C:\Users\jklm\AppData\Local\Temp\{9F5CF87B-936C-4C96-A72B-5800FA6EDC00}\AccessSecureData.exe <==== ATTENTION
Unlock: HKLM\SYSTEM\CurrentControlSet\Services\aswSP
Unlock: HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt
Unlock: HKLM\SYSTEM\CurrentControlSet\Services\aswSnx
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

 

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

zcMPezJ.pngAdwCleaner - Fix Mode


  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log
  • Copy/pasted Fixlog.txt log

 

 


  • 0

#5
md262

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Thank you! 

 

*****

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by jklm (23-07-2018 22:33:40) Run:1
Running from C:\Users\jklm\Desktop
Loaded Profiles: jklm 
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S0 Spfd; system32\DRIVERS\Spfd.sys [X]
FirewallRules: [{1E8C0CBA-5632-4F3C-B81F-7F73476BA798}] => (Allow) LPort=5357
HKLM\...\Run: [AccessSecureData] => C:\Users\jklm\AppData\Local\Temp\{9F5CF87B-936C-4C96-A72B-5800FA6EDC00}\AccessSecureData.exe <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Toolbar: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Kotato.FLVConverter] -> {28863A2A-2FDE-40A2-A329-5DC47FAD70CB} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVC_WS.dll -> No File
ContextMenuHandlers1: [Kotato.FLVPlayer] -> {053B0549-6E21-404A-8C80-43DE13174332} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVP_WS.dll -> No File
ContextMenuHandlers6: [Kotato.FLVConverter] -> {28863A2A-2FDE-40A2-A329-5DC47FAD70CB} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVC_WS.dll -> No File
ContextMenuHandlers6: [Kotato.FLVPlayer] -> {053B0549-6E21-404A-8C80-43DE13174332} => C:\Program Files (x86)\Kotato\YouTube Downloader\FLVP_WS.dll -> No File
HKLM\...\Run: [AccessSecureData] => C:\Users\jklm\AppData\Local\Temp\{9F5CF87B-936C-4C96-A72B-5800FA6EDC00}\AccessSecureData.exe <==== ATTENTION
Unlock: HKLM\SYSTEM\CurrentControlSet\Services\aswSP
Unlock: HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt
Unlock: HKLM\SYSTEM\CurrentControlSet\Services\aswSnx
EMPTYTEMP:
Reboot:
 
*****************
 
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist" => removed successfully
"HKLM\System\CurrentControlSet\Services\InstallerService" => removed successfully
InstallerService => service removed successfully
"HKLM\System\CurrentControlSet\Services\Spfd" => removed successfully
Spfd => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E8C0CBA-5632-4F3C-B81F-7F73476BA798}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AccessSecureData" => removed successfully
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Kotato.FLVConverter" => removed successfully
"HKLM\Software\Classes\CLSID\{28863A2A-2FDE-40A2-A329-5DC47FAD70CB}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Kotato.FLVPlayer" => removed successfully
"HKLM\Software\Classes\CLSID\{053B0549-6E21-404A-8C80-43DE13174332}" => removed successfully
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Kotato.FLVConverter" => removed successfully
HKLM\Software\Classes\CLSID\{28863A2A-2FDE-40A2-A329-5DC47FAD70CB} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Kotato.FLVPlayer" => removed successfully
HKLM\Software\Classes\CLSID\{053B0549-6E21-404A-8C80-43DE13174332} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AccessSecureData" => not found
"HKLM\SYSTEM\CurrentControlSet\Services\aswSP" => not found
"HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt" => not found
"HKLM\SYSTEM\CurrentControlSet\Services\aswSnx" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24775123 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 228091182 B
Edge => 0 B
Chrome => 348114161 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 44382613 B
systemprofile32 => 8658983 B
LocalService => 66440 B
NetworkService => 698959 B
jklm => 51712666 B
 
 
RecycleBin => 12173862 B
EmptyTemp: => 815 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:35:37 ====
 
 
*****
 
RogueKiller V12.12.28.0 (x64) [Jul 23 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : jklm [Administrator]
Started from : C:\Users\jklm\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 07/23/2018 22:53:47 (Duration : 00:57:50)
 
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] DSUpd.exe(3264) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 30 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{82025773-B1B0-497b-B942-0171A2E42C3C} (C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\cpturlpassthru.dll) -> Deleted
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B} ("C:\Program Files\Kromtech\Common\AccountService.exe") -> Deleted
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Kromtech -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ConsumerInput -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\ConsumerInput -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Kromtech -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\ConsumerInput -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Kromtech -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Compete -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Compete -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\AppDataLow\Software\IneedSpeed -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\AppDataLow\Software\IneedSpeed -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Compete -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Compete -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SU -> Deleted
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31500341AS ATA Device +++++
--- User ---
[MBR] 4bb11df67b8fd998c8746eef618a831a
[BSP] 2dfa851a71cb3d932cd438f3fdc85c0d : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 14142 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29044736 | Size: 1416616 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
*****
 
 
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-12.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-24-2018
# Duration: 00:00:08
# OS:       Windows 7 Home Premium
# Cleaned:  105
# Failed:   3
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Not Deleted   C:\Program Files (x86)\Common Files\freemake shared
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Not Deleted   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Crossbrowse.job.fp
Not Deleted   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures|Crossbrowse.job
Deleted       HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing|bProtectShowTabsWelcome
Deleted       HKLM\Software\Wow6432Node\CLASSES\APPID\dca-host.exe
Deleted       HKLM\SOFTWARE\CLASSES\APPID\dca-host.exe
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{C015D269-0F4E-4B52-A91F-721F6DAC9437}
Deleted       HKLM\Software\Classes\Interface\{C015D269-0F4E-4B52-A91F-721F6DAC9437}
Deleted       HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST|ORBTR
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\ConsumerInputUpdate.exe
Deleted       HKLM\SOFTWARE\Classes\AppID\ConsumerInputUpdate.exe
Deleted       HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML
Deleted       HKLM\Software\Wow6432Node\AppDataLow\Software\Crossrider
Deleted       HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted       HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted       HKLM\Software\Wow6432Node\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
Deleted       HKCU\Software\Microsoft\Tinstalls
Deleted       HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted       HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted       HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConsumerInputUpdate.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConsumerInputUpdate.exe
Deleted       HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted       HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted       HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs|CRSBRWSHTML
Deleted       HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs|CRSBRWSHTML
Deleted       HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs|CRSBRWSHTML
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{E98F6ADA-0655-45F4-9141-9F7A18C5B46B}
Deleted       HKLM\Software\Classes\Interface\{E98F6ADA-0655-45F4-9141-9F7A18C5B46B}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{294BC5A4-7157-4131-AB81-1DEC393D0F0A}
Deleted       HKLM\Software\Classes\TypeLib\{294BC5A4-7157-4131-AB81-1DEC393D0F0A}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}
Deleted       HKLM\Software\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{E8EB2F1F-661E-4A7F-8F9A-77DEB757A906}
Deleted       HKLM\Software\Classes\AppID\{E8EB2F1F-661E-4A7F-8F9A-77DEB757A906}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{56AD7EEE-D6C0-410E-8A7B-811DEA764554}
Deleted       HKLM\Software\Classes\AppID\{56AD7EEE-D6C0-410E-8A7B-811DEA764554}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}
Deleted       HKLM\Software\Classes\AppID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}
Deleted       HKLM\Software\Classes\AppID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}
Deleted       HKLM\Software\Classes\AppID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
Deleted       HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{1E218D71-6C28-46EE-AC6A-20C95989D566}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{0E02C3DE-FDA9-4381-99E6-7ED76A518504}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}
Deleted       HKLM\Software\Classes\Interface\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{82025773-B1B0-497B-B942-0171A2E42C3C}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9480B134-F446-56C2-81C2-8E7E24D11E5F}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\gamesbotservice
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\sonocontrol
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sonocontrol
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\SweetIM
Deleted       HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       AOL
Deleted       AOL
Deleted       AOL
Deleted       AOL
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [13190 octets] - [24/07/2018 05:27:50]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Edited by md262, 24 July 2018 - 07:01 PM.

  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

As both scans showed malware activity, lets perform one last scan:

 

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg



  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 


  • 0

#7
md262

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Thank you.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/25/18
Scan Time: 2:13 AM
Log File: efabc22e-8fea-11e8-9a17-782bcb8d9336.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6057
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 385774
Threats Detected: 9
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 19 min, 5 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 5
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, No Action By User, [829], [236904],1.0.6057
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, No Action By User, [829], [236904],1.0.6057
PUP.Optional.Infonaut, HKLM\SOFTWARE\WOW6432NODE\Infonaut_1.10.0.14, No Action By User, [513], [239521],1.0.6057
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.compete.cinm, No Action By User, [829], [245884],1.0.6057
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr, No Action By User, [387], [244209],1.0.6057
 
Registry Value: 4
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|, No Action By User, [2034], [237108],1.0.6057
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|STUBPATH, No Action By User, [2034], [237108],1.0.6057
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|LOCALIZED NAME, No Action By User, [2034], [237108],1.0.6057
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, No Action By User, [387], [244209],1.0.6057
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Hope you have deleted items  detected..

 

How is the computer doing?


  • 0

#9
md262

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Seems to be running ok. Based on all the items I was instructed to delete, would you say they were significant enough to cause the slowness and freezing problem? Futurewise any suggestions on what application I should run on an ongoing basis (malware bytes, etc.). Thanks!
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Sorry for the delay.

 

I am glad things are well. I will suggest AVAST as an antivirus and Malwarebytes Antimalware. It is the combination I have been using and works fine.

 

Use this application to remove quarantined items.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

 

I guess we're done here.

 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.


Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)


  • 0

#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP