Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware/ransomware possibly installed


  • Please log in to reply

#1
Feverpitch

Feverpitch

    Member

  • Member
  • PipPip
  • 85 posts

I was playing a word search game on pch.com when my game suddenly disappeared and a ransomware screen appeared with a British woman's voice telling me that my computer had been hijacked. I was able to get rid of that screen and ran my antivirus software. But I'm concerned that remnants of that may still be on my desktop Dell OptiPlex.

 

Here are the readouts from Farbar Recovery Scan Tool:

 

 

Tool (FRST) (x86) Version: 13-05-2019
Ran by Dell (administrator) on DELL-PC (Dell Inc. OptiPlex 360) (14-05-2019 18:02:43)
Running from C:\Users\Dell\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Dell & DefaultAppPool (Available Profiles: Dell & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1709 16299.371 (X86) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon Services LLC -> ) C:\Users\Dell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Logitech, Inc. -> ) C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Dell\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> ) C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [221576 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [383328 2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [Amazon Cloud Player] => C:\Users\Dell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] (Amazon Services LLC -> )
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7511384 2019-05-13] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\MountPoints2: {d314d0f0-b2aa-11e3-8f04-806e6f6e6963} - "D:\Setup.EXE"
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [57856 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{49cd2afd-8679-48a5-90ab-e7044bee2465}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{49cd2afd-8679-48a5-90ab-e7044bee2465}.sdb [2018-06-27]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\73.0.1270.86\Installer\chrmstp.exe [2019-04-21] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-21] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02D33E20-8889-442D-8E81-E9FB18D0265E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {03574738-566D-4E13-8FA2-B3B63B6DA8DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0A8738B0-D7E2-4164-97EA-762FB8E32CFA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0B186A9B-7312-49B3-8635-014A1CDC764C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0B9233CE-50BB-44A8-9A0D-CC407F7BCBA9} - System32\Tasks\SafeZone scheduled Autoupdate 1465393856 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [1057824 2017-08-04] (AVAST Software s.r.o. -> Avast Software)
Task: {18EAFFA5-BEBA-4AE8-B2B1-76E654ADBC60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {21DAC2E4-1ED7-4B16-AAA6-130449A798E2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1656472 2019-02-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {24768FEF-8144-4810-A8B9-79B61931E8BC} - System32\Tasks\{6E0327EF-A229-460E-AED0-9B72DE0051FC} => "c:\windows\system32\launchwinapp.exe" hxxp://ui.skype.com/ui/0/7.8.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {265494C7-834D-4804-B05A-544E13384E40} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {28830FC8-99F8-4AB3-A1AC-614381DFE2C1} - System32\Tasks\WpsUpdateTask_Dell => C:\Users\Dell\AppData\Local\Kingsoft\WPS Office\10.2.0.6020\wtoolex\wpsupdate.exe [648320 2018-04-08] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {303C9978-0139-408D-848C-3F895281F107} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {3328B0B8-DEC7-4803-87A0-573FA798D4BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {44FCADF6-ACDF-4E1B-9263-A84F13351126} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {46252C2F-9C0D-457F-A90B-BF0337EB6FDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {463E4145-D228-4251-997C-F4261F337CA9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1960168 2019-04-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {47A16926-CD73-4478-8734-7BAD453A5A74} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {4A3F832B-A39A-45B4-9F57-1323784DEF5A} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {4A746E6C-8454-4E99-B24D-235E99D174D2} - System32\Tasks\Driver Tuneup_Logon => C:\Program Files\Driver Tuneup\drivertuneup.exe [2381152 2017-08-16] (DRIVER UPDATER TOOLS -> driver-tuneup.com)
Task: {4B472331-EEA0-4B52-8D3D-FB35D3215CBA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F0D174F-A259-49BD-A74A-F3D98DEB98CB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2385800 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
Task: {4F9605BC-2A35-48C5-854C-7D4A6FC17CA1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {57FFD35F-0C6F-4AD5-9B25-79A44C5A1E2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5881C0EF-717C-4851-A4DF-BAF17242373B} - System32\Tasks\CC-Cleaner_Logon => C:\Program Files\CC-Cleaner for DELL-PC\scad.exe
Task: {5C65F38F-7EF6-4422-BCA9-A1B8AE8E04F7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5F236D6B-DFCD-4B84-B825-ACA4DCFE8AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-05] (Google Inc -> Google Inc.)
Task: {644E137B-1310-469E-B426-FA5F5DF9F4A3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {64C73F97-748D-45B1-B89F-3E7ECDFC1BDD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6AB5DEF1-3FCE-46E8-8969-4C5E52EB88C2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1624408 2019-02-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {7BF7A248-4927-46F2-B23C-AD6B3B5A4884} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7E87604D-9CE3-491D-B1D1-5BDFF0E6C475} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {81072B60-3680-4214-8612-141C0E45F909} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {83160928-D23F-4053-8EA9-D09370E1F878} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1960168 2019-04-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {8944CB8D-5A6F-4D98-9249-1562DD5E7BC9} - System32\Tasks\G2MUploadTask-S-1-5-21-2931432088-2454819386-741456421-1000 => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\5636\g2mupload.exe [41536 2016-10-13] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {9193F921-54B4-4D0B-A3FA-99770F9A3016} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {98E5740D-DDC8-4898-9AA0-534EC2072760} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9D172B28-1811-4AB9-8719-DD1FA0BC0069} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9F4040A0-FDBC-47B8-A151-D173B8B2258A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A211E180-287B-4C83-B500-374E819B94C8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A426FE01-09BA-4283-94BA-91092D0FB285} - System32\Tasks\RegAce Scheduled Scan - Dell => C:\Program Files\RegAce System Suite\RegAce.exe
Task: {A75507C7-278B-4E30-AA47-52A1EF79985E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [1456128 2018-12-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AD48963A-26C8-4A76-BE89-E5C1FF672A02} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-26] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
Task: {B0224B7F-B52F-48DD-B004-222432057D82} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-26] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
Task: {B1FCF443-6A10-4B03-8EC7-EC1FFA089D09} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B2A86B9F-2808-4434-8A1F-062553B70886} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C4F1932D-8222-41D0-8045-10B5C1A4C361} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C7301135-CABF-4F30-AFFE-411C0D413934} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C9A39D22-B5EC-4518-A440-3D030ADF99C0} - System32\Tasks\G2MUpdateTask-S-1-5-21-2931432088-2454819386-741456421-1000 => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\5636\g2mupdate.exe [41536 2016-10-13] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {CB8B72F8-5BBD-47E3-AC17-4636F36DFC7B} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3519856 2018-04-12] (Easeware Technology Limited -> Easeware)
Task: {CC6FB896-DA6F-444D-9ECE-376CB6441711} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D0274884-7113-4B64-AB9C-8E1BC310A9F1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0733552-F1B7-4A46-BB89-BD18EBCEC9CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D36FD9D1-2BA7-48C5-9076-3930E3F9EF78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-05] (Google Inc -> Google Inc.)
Task: {D6792768-72CF-4706-804D-C98344F6DA29} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D9D0EC2B-EBA8-4076-BAB3-DBD060DA7BB1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E0115FE1-8A3F-4D43-9349-B69D46661F15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-12-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E61CAA43-AA76-47F2-AEE9-7721477DA684} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E7BDEF00-F21B-4118-AF2B-071FFB8856EB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EB2D0FDB-018A-46D4-9C90-B746BC847500} - System32\Tasks\S-1-5-21-2931432088-2454819386-741456421-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [103424 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
Task: {F35ADE33-EDD9-4E5F-8B60-43498CFD57BD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F613A590-D644-4C08-BA45-FFD85B5D447C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F851604E-B140-41E4-8D6A-296C8FD978F9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FE48F93D-E775-4F8D-B2D0-048EC1E1E54B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2931432088-2454819386-741456421-1000.job => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\5636\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2931432088-2454819386-741456421-1000.job => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\5636\g2mupload.exe
Task: C:\WINDOWS\Tasks\RegAce Scheduled Scan - Dell.job => C:\Program Files\RegAce System Suite\RegAce.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9e30b6f3-b0b9-40b7-beee-9aca2ca0da7f}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D082017-AA1FD30A82A&form=CONMHP&conlogo=CT3335665
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D082017-AA1FD30A82A&form=CONBDF&conlogo=CT3335665&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D082017-AA1FD30A82A&form=CONBDF&conlogo=CT3335665&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {2CC68BCF-FBE2-433E-B0D4-898417AB79EA} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {FFF4C4D8-A65C-4254-A0CB-107396E584D8} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-09-23] (Oracle America, Inc. -> Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc -> Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-09-23] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc -> Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Edge:
======
Edge Extension: (Amazon Assistant) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2018-06-21]
FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6kl0dbfv.default-1521378898138 [2019-05-14]
FF Homepage: Mozilla\Firefox\Profiles\6kl0dbfv.default-1521378898138 -> hxxp://www.bing.com/?pc=COS2&ptag=D082017-AA1FD30A82A&form=CONMHP&conlogo=CT3335665
FF NewTab: Mozilla\Firefox\Profiles\6kl0dbfv.default-1521378898138 -> hxxp://www.bing.com/?pc=COS2&ptag=D082017-AA1FD30A82A&form=CONMHP&conlogo=CT3335665
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-12-02] (Adobe Systems Incorporated -> )
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-21] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-21] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2931432088-2454819386-741456421-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-12] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2931432088-2454819386-741456421-1000: SkypePlugin -> C:\Users\Dell\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2017-12-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2017-12-26] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.msn.com/?pc=avmsp&ocid=PerDHP
CHR StartupUrls: Default -> "hxxps://www.msn.com/?pc=avmsp&ocid=PerDHP"
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default [2019-05-14]
CHR Extension: (Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-03]
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-28]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-28]
CHR Extension: (Google Search) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-21]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pcahildbjonlnmkfcdeiglkeodeijdco] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5458712 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-26] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [309480 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-26] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R2 LM__bdsvc; C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe [583680 2016-06-06] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2891976 2018-02-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25944 2019-05-13] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [279240 2018-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [87040 2018-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 AvastSecureBrowserElevationService; "C:\Program Files\AVAST Software\Browser\Application\73.0.1270.86\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [34720 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [172424 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [220128 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [158240 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [255360 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [51264 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [14976 2019-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [194680 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [40904 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [138480 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [101200 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [73008 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783232 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [403408 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [165464 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [312464 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [4815872 2012-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [38912 2018-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [237608 2018-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [93736 2018-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [186880 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-14 18:01 - 2019-05-14 18:02 - 000000000 ____D C:\FRST
2019-05-14 17:34 - 2019-05-14 17:34 - 001793024 _____ (Farbar) C:\Users\Dell\Downloads\FRST.exe
2019-05-14 17:12 - 2019-05-14 17:12 - 000000000 ___HD C:\OneDriveTemp
2019-05-13 19:46 - 2019-05-13 19:46 - 000000153 _____ C:\Users\Dell\AppData\Local\{9F60687C-6A8A-4B17-AB32-CC38BEAEF364}
2019-05-13 19:45 - 2019-05-13 19:45 - 000047720 _____ () C:\WINDOWS\system32\Drivers\staport.sys.155779113123405
2019-05-13 19:45 - 2019-05-13 19:45 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-05-13 19:43 - 2019-05-13 19:41 - 000311176 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-14 17:53 - 2014-03-24 15:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 17:49 - 2014-03-24 15:53 - 126228304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 17:38 - 2018-05-26 18:17 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-05-14 17:38 - 2018-05-26 18:17 - 000002409 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-05-14 17:37 - 2015-08-08 23:46 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-14 17:37 - 2014-04-13 18:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-14 17:22 - 2014-04-13 18:32 - 000001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-14 17:21 - 2018-09-23 22:19 - 000000000 ____D C:\Windows10Upgrade
2019-05-14 17:13 - 2018-05-26 18:14 - 000000000 ____D C:\Users\Dell\AppData\Local\AVAST Software
2019-05-14 17:12 - 2015-08-09 07:56 - 000000000 __RDL C:\Users\Dell\OneDrive
2019-05-13 20:30 - 2018-04-08 21:36 - 000000000 ____D C:\Users\Dell\Documents\RESUMES
2019-05-13 20:24 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-05-13 20:23 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-13 20:21 - 2017-09-29 07:55 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-13 20:00 - 2018-02-05 14:02 - 000000000 ____D C:\Users\Dell\AppData\Local\Packages
2019-05-13 19:51 - 2018-02-05 13:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-13 19:45 - 2014-03-25 11:44 - 000403408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-05-13 19:45 - 2014-03-25 11:44 - 000312464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-05-13 19:43 - 2017-09-29 07:55 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-13 19:42 - 2019-02-25 21:34 - 000194680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-05-13 19:42 - 2016-06-08 09:47 - 000040904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-05-13 19:42 - 2014-03-25 11:44 - 000165464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-05-13 19:42 - 2014-03-25 11:44 - 000138480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-05-13 19:42 - 2014-03-25 11:44 - 000101200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-05-13 19:42 - 2014-03-25 11:44 - 000073008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000255360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000220128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000158240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000051264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000034720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-05-13 19:40 - 2017-11-13 08:09 - 000172424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-05-13 19:40 - 2014-03-25 11:44 - 000783232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-05-13 19:36 - 2015-08-09 07:56 - 000002397 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-21 12:26 - 2018-02-05 14:01 - 000000000 ____D C:\Users\Dell
2019-04-21 11:58 - 2017-09-29 07:52 - 000000000 ____D C:\WINDOWS\INF
2019-04-21 11:51 - 2014-03-25 11:44 - 000309176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1aa535a10566d872.tmp
2019-04-21 11:44 - 2018-02-05 13:56 - 001100334 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-21 11:35 - 2018-02-05 14:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
==================== Files in the root of some directories =======
2014-08-12 21:07 - 2014-08-12 21:07 - 000000984 _____ () C:\Users\Dell\AppData\Roaming\.starmoon_kst.cfg
2017-08-18 18:08 - 2017-08-18 18:08 - 000000002 _____ () C:\Users\Dell\AppData\Roaming\acc.txt
2015-06-07 07:40 - 2015-08-22 13:00 - 000000093 _____ () C:\Users\Dell\AppData\Roaming\ARCompanion.log
2017-08-20 11:19 - 2017-08-20 11:19 - 000000002 _____ () C:\Users\Dell\AppData\Roaming\view.txt
2019-05-13 19:46 - 2019-05-13 19:46 - 000000153 _____ () C:\Users\Dell\AppData\Local\{9F60687C-6A8A-4B17-AB32-CC38BEAEF364}
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-05-14 17:46
==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2019
Ran by Dell (14-05-2019 18:04:26)
Running from C:\Users\Dell\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Microsoft Windows 10 Pro Version 1709 16299.371 (X86) (2018-02-05 18:29:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2931432088-2454819386-741456421-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2931432088-2454819386-741456421-503 - Limited - Disabled)
Dell (S-1-5-21-2931432088-2454819386-741456421-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-2931432088-2454819386-741456421-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2931432088-2454819386-741456421-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2931432088-2454819386-741456421-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 73.0.1270.86 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CC-Cleaner (HKLM\...\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1) (Version: 1.0.0.2502 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Citrix Online Launcher (HKLM\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.4.400.9 - Citrix Systems, Inc.)
Customer Support (HKLM\...\{B33D89E4-FB43-6749-447E-2E469AC9EB5B}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Driver Easy 5.6.2 (HKLM\...\DriverEasy_is1) (Version: 5.6.2 - Easeware)
Driver Tuneup (HKLM\...\{9132F466-FD4C-4DF1-85F0-818CC4567B2F}_is1) (Version: 1.0.0.34273 - driver-tuneup.com)
Dropbox (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
erLT (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
EU Waste Recycling Information (HKLM\...\{42DF7152-0B7D-7917-4633-94E00C7BE684}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
iCloud (HKLM\...\{FAF5F9DA-73F2-4BF3-8268-E45AAC42B533}) (Version: 7.5.0.34 - Apple Inc.)
Information Center (HKLM\...\{851828ED-8353-E017-70EE-BF284CE2B799}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Lexmark Network Twain Scan Driver (HKLM\...\{57799805-67CC-4401-5C6F-540D2E3DDE40}) (Version: 1.19.138.0 - Lexmark International, Inc.)
Lexmark Printer Software G2 PS3 Print Driver (HKLM\...\{C4114CDE-B0CD-4623-B5E2-5BE2C9702095}) (Version: 2.5.1.0 - Lexmark International, Inc.)
Lexmark Printer Software G2 Scan Driver (HKLM\...\{7932657D-8209-D3FB-4B19-D133EDE01DBB}) (Version: 2.5.1.0 - Lexmark International, Inc.)
Lexmark Status Center (HKLM\...\{B26B2B9C-01F7-44FE-8FBE-655073CBB0B0}) (Version: 2.4.53.0 - Lexmark International, Inc.)
Lexmark USB Bidi Solution (HKLM\...\{C5DB19F7-C720-4D88-B10F-704DE806F777}) (Version: 1.3.61.0 - Lexmark International, Inc.)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (HKLM\...\{67FE17FA-BD96-469D-9AAE-A65B9E650B0B}) (Version: 13.4.400.9 - Citrix Systems, Inc.) Hidden
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PhotoPad Image Editor (HKLM\...\PhotoPad) (Version: 4.12 - NCH Software)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Self-service Plug-in (HKLM\...\{F506798C-A221-40EF-BF4D-616DF049123C}) (Version: 3.4.400.49109 - Citrix Systems, Inc.) Hidden
Skype Web Plugin (HKLM\...\{F7C13D74-E0FD-4A76-896A-E8687769767D}) (Version: 7.5.0.127 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
UpdateAssistant (HKLM\...\{D66FEADA-C0EB-446E-955B-77E60B1FD5A1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\UserTestingPlugin) (Version:  - UserTesting.com)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.89.0 - Verizon)
Web Companion (HKLM\...\{7da819bc-37f0-4b3f-90ac-de2c15ef81e3}) (Version: 4.7.1987.3881 - Lavasoft)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Driver Package - Lexmark International Printer  (01/28/2016 2.5.1.0) (HKLM\...\7C43EFCAB92000EDB22A02000370EC696A57A525) (Version: 01/28/2016 2.5.1.0 - Lexmark International)
Windows Setup Remediations (x86) (KB4023057) (HKLM\...\{49cd2afd-8679-48a5-90ab-e7044bee2465}.sdb) (Version:  - )
WPS Office (10.2.0.6020) (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Kingsoft Office) (Version: 10.2.0.6020 - Kingsoft Corp.)
Packages:
=========
Amazon Assistant -> C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2018-06-21] (Amazon Assistant)
Assigned Access Lock app -> C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy [2017-09-29] (Microsoft Corporation)
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x86__8wekyb3d8bbwe [2018-09-20] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x86__8wekyb3d8bbwe [2018-02-19] (Microsoft Corporation)
SecondaryTileExperience -> C:\Windows\SystemApps\Microsoft.Windows.SecondaryTileExperience_cw5n1h2txyewy [2017-09-29] (Microsoft Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x86__kzf8qxf38zg5c [2019-02-09] (Skype)
Take a Test -> C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy [2017-09-29] (Microsoft Corporation)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x86__8wekyb3d8bbwe [2015-11-18] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{0825CC0E-34BD-4FE4-B78D-EF6582A94B6A}\InprocServer32 -> C:\Users\Dell\AppData\Local\SkypePlugin\7.5.0.127\GatewayActiveX.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\Dell\AppData\Local\SkypePlugin\7.5.0.127\EdgeBrokerPS.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\6140\G2MOutlookAddin.dll (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox -> Dropbox, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-05-23] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2931432088-2454819386-741456421-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2931432088-2454819386-741456421-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2931432088-2454819386-741456421-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox -> Dropbox, Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2016-06-06 11:26 - 2016-06-06 11:26 - 000220160 _____ ( ) [File not signed] C:\Program Files\Lexmark\Bidi\LM__inpa.dll
2016-06-06 11:25 - 2016-06-06 11:25 - 000583680 _____ () [File not signed] C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe
2014-11-20 04:22 - 2014-11-20 04:22 - 002293760 _____ (Apache Software Foundation) [File not signed] C:\Program Files\Citrix\Receiver\xerces-c_3_1.dll
2014-09-01 04:52 - 2014-09-01 04:52 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Citrix\ICA Client\MFC80.DLL
2014-09-01 04:52 - 2014-09-01 04:52 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Citrix\ICA Client\MFC80ENU.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Dell\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2019-02-09 16:20 - 000000039 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Skype\Phone\
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{926BC388-D5FA-4A9B-8A11-2617B08ADA94}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{7B54D6F6-AC04-4927-AF01-4D82F27DDCCD}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8518A6A-9BCB-4B30-8A57-5D8271C39998}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{2A42CE64-8733-49DC-8346-8216BDFDCD10}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{E0699B53-F799-45CF-9A97-D7E756E36161}] => (Allow) D:\install\x86\installgui.exe (Lexmark International, Inc. -> )
FirewallRules: [{F04EFA29-B5AC-4742-8ED4-3629A7BAFC0C}] => (Allow) D:\install\x86\installgui.exe (Lexmark International, Inc. -> )
FirewallRules: [{9A80F34D-7A21-4B14-95C8-0460E5D77598}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{5B5BAD19-6CE2-4394-83B8-143D2BE5E356}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
==================== Restore Points =========================
09-02-2019 17:58:11 Windows Update
14-05-2019 17:47:34 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2019 05:52:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (05/14/2019 05:48:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/14/2019 05:47:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Definition Update for Microsoft Office 2010 (KB3115475) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
Error: (05/14/2019 05:18:57 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (05/14/2019 05:11:33 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Citrix\ICA Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/13/2019 08:40:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15593
Error: (05/13/2019 08:40:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15593
Error: (05/13/2019 08:40:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (05/14/2019 05:47:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Office 2010 (KB3115475) 32-Bit Edition.
Error: (05/14/2019 05:36:05 PM) (Source: DCOM) (EventID: 10010) (User: DELL-PC)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (05/14/2019 05:34:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (05/14/2019 05:32:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (05/14/2019 05:30:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (05/14/2019 05:28:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (05/14/2019 05:26:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (05/14/2019 05:24:04 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2018-03-18 10:40:50.526
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {863E4470-C2BF-43D0-934D-D5DF6A51A07D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2019-05-14 18:00:28.904
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-14 18:00:28.902
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-14 17:53:56.191
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-14 17:53:56.189
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-14 17:48:26.314
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-14 17:48:26.311
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-14 17:47:35.021
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-14 17:47:35.019
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A02 07/02/2009
Motherboard: Dell Inc. 0T656F
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 70%
Total physical RAM: 3060.96 MB
Available physical RAM: 908.26 MB
Total Virtual: 6132.96 MB
Available Virtual: 3318.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.47 GB) (Free:105.26 GB) NTFS
Drive d: (Lexmark) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS
\\?\Volume{d314d0ec-b2aa-11e3-8f04-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{ee411f60-0000-0000-0000-802425000000}\ () (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: EE411F60)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================

 

 

 


  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 415 posts
Hi Feverpitch, Welcome to the Geeks To Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send any staff member a Private Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
--------------------

Do you recognize this program?

CC-Cleaner

--------------------

Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
    Driver Easy 5.6.2
    Driver Tuneup
    Itibiti RTC
    Web Companion
    
  • Select each program and click Uninstall.
  • Restart the computer if prompted.
--------------------

Farbar Recovery Scan Tool
  • Right-click FRST/FRST64 and select Run as Administrator.
  • Ensure Addition.txt is checked and click Scan.
  • Once the scan is complete, click OK to the "Scan Complete" message box and OK to the Addition.txt box.
  • Two reports will be open in Notepad.
  • Copy and paste their contents into your next reply.

  • 0

#3
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

CCleaner is a program I use regularly, so I'm aware of it.

 

I posted my FarBar reports initially. Do you need them run again?


  • 0

#4
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 415 posts
Hi Feverpitch, :)

CCleaner is a program I use regularly, so I'm aware of it.


There are two programs installed on your computer with similar names - CCleaner and CC-Cleaner. Do you recognize the "CC-Cleaner" program?

I posted my FarBar reports initially. Do you need them run again?


Yes, please run a new scan with FRST, and post the logs in your reply.
  • 0

#5
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2019
Ran by Dell (administrator) on DELL-PC (Dell Inc. OptiPlex 360) (17-05-2019 05:45:08)
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell & DefaultAppPool (Available Profiles: Dell & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1709 16299.371 (X86) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon Services LLC -> ) C:\Users\Dell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Logitech, Inc. -> ) C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Dell\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Windows -> ) C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [221576 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [383328 2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [Amazon Cloud Player] => C:\Users\Dell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] (Amazon Services LLC -> )
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Dell\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Dell\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\RunOnce: [Uninstall 19.062.0331.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dell\AppData\Local\Microsoft\OneDrive\19.062.0331.0006"
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\MountPoints2: {d314d0f0-b2aa-11e3-8f04-806e6f6e6963} - "D:\Setup.EXE"
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [57856 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{49cd2afd-8679-48a5-90ab-e7044bee2465}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{49cd2afd-8679-48a5-90ab-e7044bee2465}.sdb [2018-06-27]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\73.0.1270.86\Installer\chrmstp.exe [2019-04-21] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-21] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02D33E20-8889-442D-8E81-E9FB18D0265E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {03574738-566D-4E13-8FA2-B3B63B6DA8DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0A8738B0-D7E2-4164-97EA-762FB8E32CFA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0B186A9B-7312-49B3-8635-014A1CDC764C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0B9233CE-50BB-44A8-9A0D-CC407F7BCBA9} - System32\Tasks\SafeZone scheduled Autoupdate 1465393856 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [1057824 2017-08-04] (AVAST Software s.r.o. -> Avast Software)
Task: {18EAFFA5-BEBA-4AE8-B2B1-76E654ADBC60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {21DAC2E4-1ED7-4B16-AAA6-130449A798E2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1656472 2019-02-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {24768FEF-8144-4810-A8B9-79B61931E8BC} - System32\Tasks\{6E0327EF-A229-460E-AED0-9B72DE0051FC} => "c:\windows\system32\launchwinapp.exe" hxxp://ui.skype.com/ui/0/7.8.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {265494C7-834D-4804-B05A-544E13384E40} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {28830FC8-99F8-4AB3-A1AC-614381DFE2C1} - System32\Tasks\WpsUpdateTask_Dell => C:\Users\Dell\AppData\Local\Kingsoft\WPS Office\10.2.0.6020\wtoolex\wpsupdate.exe [648320 2018-04-08] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {303C9978-0139-408D-848C-3F895281F107} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {3328B0B8-DEC7-4803-87A0-573FA798D4BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {44FCADF6-ACDF-4E1B-9263-A84F13351126} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {46252C2F-9C0D-457F-A90B-BF0337EB6FDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {463E4145-D228-4251-997C-F4261F337CA9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1960168 2019-04-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {47A16926-CD73-4478-8734-7BAD453A5A74} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {4A3F832B-A39A-45B4-9F57-1323784DEF5A} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {4B472331-EEA0-4B52-8D3D-FB35D3215CBA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F0D174F-A259-49BD-A74A-F3D98DEB98CB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2385800 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
Task: {4F9605BC-2A35-48C5-854C-7D4A6FC17CA1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {57FFD35F-0C6F-4AD5-9B25-79A44C5A1E2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5881C0EF-717C-4851-A4DF-BAF17242373B} - System32\Tasks\CC-Cleaner_Logon => C:\Program Files\CC-Cleaner for DELL-PC\scad.exe
Task: {5C65F38F-7EF6-4422-BCA9-A1B8AE8E04F7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5F236D6B-DFCD-4B84-B825-ACA4DCFE8AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-05] (Google Inc -> Google Inc.)
Task: {644E137B-1310-469E-B426-FA5F5DF9F4A3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {64C73F97-748D-45B1-B89F-3E7ECDFC1BDD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6AB5DEF1-3FCE-46E8-8969-4C5E52EB88C2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1624408 2019-02-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {7BF7A248-4927-46F2-B23C-AD6B3B5A4884} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7E87604D-9CE3-491D-B1D1-5BDFF0E6C475} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {81072B60-3680-4214-8612-141C0E45F909} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {83160928-D23F-4053-8EA9-D09370E1F878} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1960168 2019-04-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {8944CB8D-5A6F-4D98-9249-1562DD5E7BC9} - System32\Tasks\G2MUploadTask-S-1-5-21-2931432088-2454819386-741456421-1000 => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\5636\g2mupload.exe [41536 2016-10-13] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {9193F921-54B4-4D0B-A3FA-99770F9A3016} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {98E5740D-DDC8-4898-9AA0-534EC2072760} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9D172B28-1811-4AB9-8719-DD1FA0BC0069} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9F4040A0-FDBC-47B8-A151-D173B8B2258A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A211E180-287B-4C83-B500-374E819B94C8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A426FE01-09BA-4283-94BA-91092D0FB285} - System32\Tasks\RegAce Scheduled Scan - Dell => C:\Program Files\RegAce System Suite\RegAce.exe
Task: {A75507C7-278B-4E30-AA47-52A1EF79985E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [1456128 2018-12-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AD48963A-26C8-4A76-BE89-E5C1FF672A02} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-26] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
Task: {B0224B7F-B52F-48DD-B004-222432057D82} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-26] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
Task: {B1FCF443-6A10-4B03-8EC7-EC1FFA089D09} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B2A86B9F-2808-4434-8A1F-062553B70886} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C4F1932D-8222-41D0-8045-10B5C1A4C361} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C7301135-CABF-4F30-AFFE-411C0D413934} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C9A39D22-B5EC-4518-A440-3D030ADF99C0} - System32\Tasks\G2MUpdateTask-S-1-5-21-2931432088-2454819386-741456421-1000 => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\5636\g2mupdate.exe [41536 2016-10-13] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {CC6FB896-DA6F-444D-9ECE-376CB6441711} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D0274884-7113-4B64-AB9C-8E1BC310A9F1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0733552-F1B7-4A46-BB89-BD18EBCEC9CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D36FD9D1-2BA7-48C5-9076-3930E3F9EF78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-05] (Google Inc -> Google Inc.)
Task: {D6792768-72CF-4706-804D-C98344F6DA29} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D9D0EC2B-EBA8-4076-BAB3-DBD060DA7BB1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E0115FE1-8A3F-4D43-9349-B69D46661F15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-12-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E61CAA43-AA76-47F2-AEE9-7721477DA684} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E7BDEF00-F21B-4118-AF2B-071FFB8856EB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EB2D0FDB-018A-46D4-9C90-B746BC847500} - System32\Tasks\S-1-5-21-2931432088-2454819386-741456421-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [103424 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
Task: {F35ADE33-EDD9-4E5F-8B60-43498CFD57BD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F613A590-D644-4C08-BA45-FFD85B5D447C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F851604E-B140-41E4-8D6A-296C8FD978F9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FE48F93D-E775-4F8D-B2D0-048EC1E1E54B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2931432088-2454819386-741456421-1000.job => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\5636\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2931432088-2454819386-741456421-1000.job => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\5636\g2mupload.exe
Task: C:\WINDOWS\Tasks\RegAce Scheduled Scan - Dell.job => C:\Program Files\RegAce System Suite\RegAce.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9e30b6f3-b0b9-40b7-beee-9aca2ca0da7f}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D082017-AA1FD30A82A&form=CONMHP&conlogo=CT3335665
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D082017-AA1FD30A82A&form=CONBDF&conlogo=CT3335665&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D082017-AA1FD30A82A&form=CONBDF&conlogo=CT3335665&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {2CC68BCF-FBE2-433E-B0D4-898417AB79EA} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {FFF4C4D8-A65C-4254-A0CB-107396E584D8} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-09-23] (Oracle America, Inc. -> Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc -> Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-09-23] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc -> Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Edge:
======
Edge Extension: (Amazon Assistant) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2018-06-21]
FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6kl0dbfv.default-1521378898138 [2019-05-14]
FF Homepage: Mozilla\Firefox\Profiles\6kl0dbfv.default-1521378898138 -> hxxp://www.bing.com/?pc=COS2&ptag=D082017-AA1FD30A82A&form=CONMHP&conlogo=CT3335665
FF NewTab: Mozilla\Firefox\Profiles\6kl0dbfv.default-1521378898138 -> hxxp://www.bing.com/?pc=COS2&ptag=D082017-AA1FD30A82A&form=CONMHP&conlogo=CT3335665
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-12-02] (Adobe Systems Incorporated -> )
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2014-11-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2931432088-2454819386-741456421-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-12] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2931432088-2454819386-741456421-1000: SkypePlugin -> C:\Users\Dell\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2017-12-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2017-12-26] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.msn.com/?pc=avmsp&ocid=PerDHP
CHR StartupUrls: Default -> "hxxps://www.msn.com/?pc=avmsp&ocid=PerDHP"
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default [2019-05-14]
CHR Extension: (Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-03]
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-28]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-28]
CHR Extension: (Google Search) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-21]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pcahildbjonlnmkfcdeiglkeodeijdco] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5458712 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-26] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [309480 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-26] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
R2 LM__bdsvc; C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe [583680 2016-06-06] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2891976 2018-02-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [279240 2018-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [87040 2018-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 AvastSecureBrowserElevationService; "C:\Program Files\AVAST Software\Browser\Application\73.0.1270.86\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [34720 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [172424 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [220128 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [158240 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [255360 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [51264 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [14976 2019-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [194680 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [40904 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [138480 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [101200 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [73008 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783232 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [403408 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [165464 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [312464 2019-05-13] (AVAST Software s.r.o. -> AVAST Software)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [4815872 2012-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [38912 2018-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [237608 2018-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [93736 2018-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [186880 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-17 05:45 - 2019-05-17 05:46 - 000036944 _____ C:\Users\Dell\Downloads\FRST.txt
2019-05-17 05:43 - 2019-05-17 05:43 - 001793536 _____ (Farbar) C:\Users\Dell\Downloads\FRST (1).exe
2019-05-17 05:38 - 2019-05-17 05:38 - 000000000 ___HD C:\OneDriveTemp
2019-05-14 18:01 - 2019-05-17 05:45 - 000000000 ____D C:\FRST
2019-05-14 17:34 - 2019-05-14 17:34 - 001793024 _____ (Farbar) C:\Users\Dell\Downloads\FRST.exe
2019-05-13 19:46 - 2019-05-13 19:46 - 000000153 _____ C:\Users\Dell\AppData\Local\{9F60687C-6A8A-4B17-AB32-CC38BEAEF364}
2019-05-13 19:45 - 2019-05-13 19:45 - 000047720 _____ () C:\WINDOWS\system32\Drivers\staport.sys.155779113123405
2019-05-13 19:45 - 2019-05-13 19:45 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-05-13 19:43 - 2019-05-13 19:41 - 000311176 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-17 05:42 - 2018-09-23 22:19 - 000000000 ____D C:\Windows10Upgrade
2019-05-17 05:38 - 2015-08-09 07:56 - 000000000 __RDL C:\Users\Dell\OneDrive
2019-05-17 05:37 - 2015-08-09 07:56 - 000002397 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-17 05:34 - 2017-08-18 18:06 - 000000000 ____D C:\Program Files\CC-Cleaner for DELL-PC
2019-05-17 05:32 - 2018-06-10 16:39 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Easeware
2019-05-17 05:29 - 2018-05-26 18:14 - 000000000 ____D C:\Users\Dell\AppData\Local\AVAST Software
2019-05-14 17:53 - 2014-03-24 15:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 17:49 - 2014-03-24 15:53 - 126228304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 17:38 - 2018-05-26 18:17 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-05-14 17:38 - 2018-05-26 18:17 - 000002409 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-05-14 17:37 - 2015-08-08 23:46 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-14 17:37 - 2014-04-13 18:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-14 17:22 - 2014-04-13 18:32 - 000001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-13 20:30 - 2018-04-08 21:36 - 000000000 ____D C:\Users\Dell\Documents\RESUMES
2019-05-13 20:24 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-05-13 20:23 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-13 20:21 - 2017-09-29 07:55 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-13 20:00 - 2018-02-05 14:02 - 000000000 ____D C:\Users\Dell\AppData\Local\Packages
2019-05-13 19:51 - 2018-02-05 13:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-13 19:45 - 2014-03-25 11:44 - 000403408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-05-13 19:45 - 2014-03-25 11:44 - 000312464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-05-13 19:43 - 2017-09-29 07:55 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-13 19:42 - 2019-02-25 21:34 - 000194680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-05-13 19:42 - 2016-06-08 09:47 - 000040904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-05-13 19:42 - 2014-03-25 11:44 - 000165464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-05-13 19:42 - 2014-03-25 11:44 - 000138480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-05-13 19:42 - 2014-03-25 11:44 - 000101200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-05-13 19:42 - 2014-03-25 11:44 - 000073008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000255360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000220128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000158240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000051264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-05-13 19:40 - 2019-02-09 16:54 - 000034720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-05-13 19:40 - 2017-11-13 08:09 - 000172424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-05-13 19:40 - 2014-03-25 11:44 - 000783232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-04-21 12:26 - 2018-02-05 14:01 - 000000000 ____D C:\Users\Dell
2019-04-21 11:58 - 2017-09-29 07:52 - 000000000 ____D C:\WINDOWS\INF
2019-04-21 11:51 - 2014-03-25 11:44 - 000309176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1aa535a10566d872.tmp
2019-04-21 11:44 - 2018-02-05 13:56 - 001100334 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-21 11:35 - 2018-02-05 14:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
==================== Files in the root of some directories =======
2014-08-12 21:07 - 2014-08-12 21:07 - 000000984 _____ () C:\Users\Dell\AppData\Roaming\.starmoon_kst.cfg
2017-08-18 18:08 - 2017-08-18 18:08 - 000000002 _____ () C:\Users\Dell\AppData\Roaming\acc.txt
2015-06-07 07:40 - 2015-08-22 13:00 - 000000093 _____ () C:\Users\Dell\AppData\Roaming\ARCompanion.log
2017-08-20 11:19 - 2017-08-20 11:19 - 000000002 _____ () C:\Users\Dell\AppData\Roaming\view.txt
2019-05-13 19:46 - 2019-05-13 19:46 - 000000153 _____ () C:\Users\Dell\AppData\Local\{9F60687C-6A8A-4B17-AB32-CC38BEAEF364}
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-05-14 17:46
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2019
Ran by Dell (17-05-2019 05:47:36)
Running from C:\Users\Dell\Downloads
Microsoft Windows 10 Pro Version 1709 16299.371 (X86) (2018-02-05 18:29:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2931432088-2454819386-741456421-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2931432088-2454819386-741456421-503 - Limited - Disabled)
Dell (S-1-5-21-2931432088-2454819386-741456421-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-2931432088-2454819386-741456421-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2931432088-2454819386-741456421-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2931432088-2454819386-741456421-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 73.0.1270.86 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Citrix Online Launcher (HKLM\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.4.400.9 - Citrix Systems, Inc.)
Customer Support (HKLM\...\{B33D89E4-FB43-6749-447E-2E469AC9EB5B}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dropbox (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
erLT (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
EU Waste Recycling Information (HKLM\...\{42DF7152-0B7D-7917-4633-94E00C7BE684}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
iCloud (HKLM\...\{FAF5F9DA-73F2-4BF3-8268-E45AAC42B533}) (Version: 7.5.0.34 - Apple Inc.)
Information Center (HKLM\...\{851828ED-8353-E017-70EE-BF284CE2B799}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Lexmark Network Twain Scan Driver (HKLM\...\{57799805-67CC-4401-5C6F-540D2E3DDE40}) (Version: 1.19.138.0 - Lexmark International, Inc.)
Lexmark Printer Software G2 PS3 Print Driver (HKLM\...\{C4114CDE-B0CD-4623-B5E2-5BE2C9702095}) (Version: 2.5.1.0 - Lexmark International, Inc.)
Lexmark Printer Software G2 Scan Driver (HKLM\...\{7932657D-8209-D3FB-4B19-D133EDE01DBB}) (Version: 2.5.1.0 - Lexmark International, Inc.)
Lexmark Status Center (HKLM\...\{B26B2B9C-01F7-44FE-8FBE-655073CBB0B0}) (Version: 2.4.53.0 - Lexmark International, Inc.)
Lexmark USB Bidi Solution (HKLM\...\{C5DB19F7-C720-4D88-B10F-704DE806F777}) (Version: 1.3.61.0 - Lexmark International, Inc.)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (HKLM\...\{67FE17FA-BD96-469D-9AAE-A65B9E650B0B}) (Version: 13.4.400.9 - Citrix Systems, Inc.) Hidden
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PhotoPad Image Editor (HKLM\...\PhotoPad) (Version: 4.12 - NCH Software)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Self-service Plug-in (HKLM\...\{F506798C-A221-40EF-BF4D-616DF049123C}) (Version: 3.4.400.49109 - Citrix Systems, Inc.) Hidden
Skype Web Plugin (HKLM\...\{F7C13D74-E0FD-4A76-896A-E8687769767D}) (Version: 7.5.0.127 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
UpdateAssistant (HKLM\...\{D66FEADA-C0EB-446E-955B-77E60B1FD5A1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\UserTestingPlugin) (Version:  - UserTesting.com)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.89.0 - Verizon)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Driver Package - Lexmark International Printer  (01/28/2016 2.5.1.0) (HKLM\...\7C43EFCAB92000EDB22A02000370EC696A57A525) (Version: 01/28/2016 2.5.1.0 - Lexmark International)
Windows Setup Remediations (x86) (KB4023057) (HKLM\...\{49cd2afd-8679-48a5-90ab-e7044bee2465}.sdb) (Version:  - )
WPS Office (10.2.0.6020) (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Kingsoft Office) (Version: 10.2.0.6020 - Kingsoft Corp.)
Packages:
=========
Amazon Assistant -> C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2018-06-21] (Amazon.com)
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x86__8wekyb3d8bbwe [2018-09-20] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x86__8wekyb3d8bbwe [2018-02-19] (Microsoft Corporation)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x86__8wekyb3d8bbwe [2015-11-18] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{0825CC0E-34BD-4FE4-B78D-EF6582A94B6A}\InprocServer32 -> C:\Users\Dell\AppData\Local\SkypePlugin\7.5.0.127\GatewayActiveX.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\Dell\AppData\Local\SkypePlugin\7.5.0.127\EdgeBrokerPS.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\6140\G2MOutlookAddin.dll (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox -> Dropbox, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2018-05-23] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2931432088-2454819386-741456421-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2931432088-2454819386-741456421-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2931432088-2454819386-741456421-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox -> Dropbox, Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2016-06-06 11:26 - 2016-06-06 11:26 - 000220160 _____ ( ) [File not signed] C:\Program Files\Lexmark\Bidi\LM__inpa.dll
2016-06-06 11:25 - 2016-06-06 11:25 - 000583680 _____ () [File not signed] C:\Program Files\Lexmark\Bidi\LM__bdsvc.exe
2014-11-20 04:22 - 2014-11-20 04:22 - 002293760 _____ (Apache Software Foundation) [File not signed] C:\Program Files\Citrix\Receiver\xerces-c_3_1.dll
2014-09-01 04:52 - 2014-09-01 04:52 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Citrix\ICA Client\MFC80.DLL
2014-09-01 04:52 - 2014-09-01 04:52 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Citrix\ICA Client\MFC80ENU.DLL
2018-09-23 22:20 - 2018-07-19 13:13 - 000196096 _____ (Microsoft Corporation) [File not signed] C:\Windows10Upgrade\Downloader.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Dell\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2019-02-09 16:20 - 000000039 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Skype\Phone\
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{926BC388-D5FA-4A9B-8A11-2617B08ADA94}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{7B54D6F6-AC04-4927-AF01-4D82F27DDCCD}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8518A6A-9BCB-4B30-8A57-5D8271C39998}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{2A42CE64-8733-49DC-8346-8216BDFDCD10}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{E0699B53-F799-45CF-9A97-D7E756E36161}] => (Allow) D:\install\x86\installgui.exe (Lexmark International, Inc. -> )
FirewallRules: [{F04EFA29-B5AC-4742-8ED4-3629A7BAFC0C}] => (Allow) D:\install\x86\installgui.exe (Lexmark International, Inc. -> )
FirewallRules: [{9A80F34D-7A21-4B14-95C8-0460E5D77598}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{5B5BAD19-6CE2-4394-83B8-143D2BE5E356}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
==================== Restore Points =========================
09-02-2019 17:58:11 Windows Update
14-05-2019 17:47:34 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (05/17/2019 05:40:21 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (05/17/2019 05:28:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.16299.15, time stamp: 0x17283b89
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x8400000e
Fault offset: 0x00000000
Faulting process id: 0x2098
Faulting application start time: 0x01d50c92db179113
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: unknown
Report Id: fc39a40e-f616-4ff8-aae0-a4042c541c46
Faulting package full name:
Faulting package-relative application ID:
Error: (05/17/2019 05:28:02 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Citrix\ICA Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/14/2019 06:15:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15563
Error: (05/14/2019 06:15:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15563
Error: (05/14/2019 06:15:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/14/2019 05:52:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (05/14/2019 05:48:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.

System errors:
=============
Error: (05/17/2019 05:44:51 AM) (Source: DCOM) (EventID: 10016) (User: DELL-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Dell-PC\Dell SID (S-1-5-21-2931432088-2454819386-741456421-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/17/2019 05:44:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Downloaded Maps Manager service terminated unexpectedly.  It has done this 1 time(s).
Error: (05/17/2019 05:43:26 AM) (Source: DCOM) (EventID: 10005) (User: DELL-PC)
Description: DCOM got error "2" attempting to start the service AvastSecureBrowserElevationService with arguments "Unavailable" in order to run the server:
{620A093F-79D3-4CAB-8CAD-EB1A39A8C0A2}
Error: (05/17/2019 05:43:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Secure Browser Elevation Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (05/17/2019 05:41:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (05/17/2019 05:39:59 AM) (Source: DCOM) (EventID: 10016) (User: DELL-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user Dell-PC\Dell SID (S-1-5-21-2931432088-2454819386-741456421-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (05/17/2019 05:36:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/17/2019 05:28:54 AM) (Source: DCOM) (EventID: 10016) (User: DELL-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user Dell-PC\Dell SID (S-1-5-21-2931432088-2454819386-741456421-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-03-18 10:40:50.526
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {863E4470-C2BF-43D0-934D-D5DF6A51A07D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-02-09 16:50:06.803
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2019-05-17 05:40:54.412
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-17 05:40:54.402
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-17 05:40:40.515
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-17 05:40:40.513
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-17 05:40:23.776
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-17 05:40:23.277
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-17 05:40:16.472
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2019-05-17 05:40:16.469
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A02 07/02/2009
Motherboard: Dell Inc. 0T656F
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 75%
Total physical RAM: 3060.96 MB
Available physical RAM: 747.98 MB
Total Virtual: 6132.96 MB
Available Virtual: 3259.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.47 GB) (Free:104.69 GB) NTFS
Drive d: (Lexmark) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS
\\?\Volume{d314d0ec-b2aa-11e3-8f04-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{ee411f60-0000-0000-0000-802425000000}\ () (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: EE411F60)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================

  • 0

#6
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

I was able to remove Driver easy, driver tuneup, web companion, and cc-cleaner .... ITIBITI RTC was not in the list of programs, so I don't know where to locate that. I'm having trouble now with popups --  a calculator and a mini version of this screen --- appearing when I hold the shift key, so that's why I didn't use proper capitalization in this reply. 


  • 0

#7
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 415 posts
Hi,

Farbar Recovery Scan Tool - Fix
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it ....
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {03574738-566D-4E13-8FA2-B3B63B6DA8DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0A8738B0-D7E2-4164-97EA-762FB8E32CFA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0B186A9B-7312-49B3-8635-014A1CDC764C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {18EAFFA5-BEBA-4AE8-B2B1-76E654ADBC60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3328B0B8-DEC7-4803-87A0-573FA798D4BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {46252C2F-9C0D-457F-A90B-BF0337EB6FDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {57FFD35F-0C6F-4AD5-9B25-79A44C5A1E2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {7E87604D-9CE3-491D-B1D1-5BDFF0E6C475} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {81072B60-3680-4214-8612-141C0E45F909} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C4F1932D-8222-41D0-8045-10B5C1A4C361} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CC6FB896-DA6F-444D-9ECE-376CB6441711} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7BDEF00-F21B-4118-AF2B-071FFB8856EB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FE48F93D-E775-4F8D-B2D0-048EC1E1E54B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2017-12-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2017-12-26] <==== ATTENTION
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR HKLM\...\Chrome\Extension: [pcahildbjonlnmkfcdeiglkeodeijdco] - hxxps://clients2.google.com/service/update2/crx
S3 AvastSecureBrowserElevationService; "C:\Program Files\AVAST Software\Browser\Application\73.0.1270.86\elevation_service.exe" [X]
2019-05-17 05:32 - 2018-06-10 16:39 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Easeware
Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION

ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\webcompanion.com -> hxxp://webcompanion.com

VirusTotal: C:\Users\Dell\AppData\Local\{9F60687C-6A8A-4B17-AB32-CC38BEAEF364}
VirusTotal: C:\Program Files\RegAce System Suite\RegAce.exe

C:\Program Files\Lavasoft\Web Companion

End
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST
  • Please post the log in your next reply[/b]
-----------------------------------


Attempt to uninstall Itibiti RTC after running the FRST fix. Let me know if successful.


-----------------------------------

Do the popups appear when using a specific browser?
  • 0

#8
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

itibiti showed up in my programs as available to uninstall and is gone. I am using internet explorer and the popup problem only occurs after I open the farbar logs. so I avoided the shift key when typing this.

 

here is the fix it result:

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-05-2019
Ran by Dell (20-05-2019 20:50:18) Run:1
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell & DefaultAppPool (Available Profiles: Dell & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {03574738-566D-4E13-8FA2-B3B63B6DA8DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0A8738B0-D7E2-4164-97EA-762FB8E32CFA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0B186A9B-7312-49B3-8635-014A1CDC764C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {18EAFFA5-BEBA-4AE8-B2B1-76E654ADBC60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3328B0B8-DEC7-4803-87A0-573FA798D4BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {46252C2F-9C0D-457F-A90B-BF0337EB6FDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {57FFD35F-0C6F-4AD5-9B25-79A44C5A1E2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {7E87604D-9CE3-491D-B1D1-5BDFF0E6C475} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {81072B60-3680-4214-8612-141C0E45F909} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C4F1932D-8222-41D0-8045-10B5C1A4C361} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CC6FB896-DA6F-444D-9ECE-376CB6441711} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7BDEF00-F21B-4118-AF2B-071FFB8856EB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FE48F93D-E775-4F8D-B2D0-048EC1E1E54B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2017-12-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2017-12-26] <==== ATTENTION
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR HKLM\...\Chrome\Extension: [pcahildbjonlnmkfcdeiglkeodeijdco] - hxxps://clients2.google.com/service/update2/crx
S3 AvastSecureBrowserElevationService; "C:\Program Files\AVAST Software\Browser\Application\73.0.1270.86\elevation_service.exe" [X]
2019-05-17 05:32 - 2018-06-10 16:39 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Easeware
Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\webcompanion.com -> hxxp://webcompanion.com
VirusTotal: C:\Users\Dell\AppData\Local\{9F60687C-6A8A-4B17-AB32-CC38BEAEF364}
VirusTotal: C:\Program Files\RegAce System Suite\RegAce.exe
C:\Program Files\Lavasoft\Web Companion
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully.
HKLM\Software\Classes\CLSID\{503739d0-4c5e-4cfd-b3ba-d881334f0df2} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03574738-566D-4E13-8FA2-B3B63B6DA8DF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03574738-566D-4E13-8FA2-B3B63B6DA8DF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A8738B0-D7E2-4164-97EA-762FB8E32CFA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A8738B0-D7E2-4164-97EA-762FB8E32CFA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B186A9B-7312-49B3-8635-014A1CDC764C}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B186A9B-7312-49B3-8635-014A1CDC764C}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18EAFFA5-BEBA-4AE8-B2B1-76E654ADBC60}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18EAFFA5-BEBA-4AE8-B2B1-76E654ADBC60}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3328B0B8-DEC7-4803-87A0-573FA798D4BF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3328B0B8-DEC7-4803-87A0-573FA798D4BF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46252C2F-9C0D-457F-A90B-BF0337EB6FDA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46252C2F-9C0D-457F-A90B-BF0337EB6FDA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57FFD35F-0C6F-4AD5-9B25-79A44C5A1E2A} => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57FFD35F-0C6F-4AD5-9B25-79A44C5A1E2A} => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E87604D-9CE3-491D-B1D1-5BDFF0E6C475}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E87604D-9CE3-491D-B1D1-5BDFF0E6C475}" => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81072B60-3680-4214-8612-141C0E45F909}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81072B60-3680-4214-8612-141C0E45F909}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4F1932D-8222-41D0-8045-10B5C1A4C361}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4F1932D-8222-41D0-8045-10B5C1A4C361}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC6FB896-DA6F-444D-9ECE-376CB6441711}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC6FB896-DA6F-444D-9ECE-376CB6441711}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7BDEF00-F21B-4118-AF2B-071FFB8856EB}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7BDEF00-F21B-4118-AF2B-071FFB8856EB}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE48F93D-E775-4F8D-B2D0-048EC1E1E54B}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE48F93D-E775-4F8D-B2D0-048EC1E1E54B}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
C:\Program Files\mozilla firefox\defaults\pref\dsengine.js => moved successfully
C:\Program Files\mozilla firefox\dsengine.cfg => moved successfully
"Chrome DefaultSearchURL" => removed successfully.
"Chrome DefaultSearchKeyword" => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco => removed successfully.
HKLM\System\CurrentControlSet\Services\AvastSecureBrowserElevationService => removed successfully.
AvastSecureBrowserElevationService => service removed successfully.
C:\Users\Dell\AppData\Roaming\Easeware => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent" => removed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully.
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully.
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully.
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully.
VirusTotal: C:\Users\Dell\AppData\Local\{9F60687C-6A8A-4B17-AB32-CC38BEAEF364} => https://www.virustot...sis/1556753998/
"VirusTotal: C:\Program Files\RegAce System Suite\RegAce.exe" => not found
"C:\Program Files\Lavasoft\Web Companion" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 8151040 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69936084 B
Java, Flash, Steam htmlcache => 1313 B
Windows/system/drivers => 47344749 B
Edge => 39401738 B
Chrome => 333933 B
Firefox => 10108623 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6144 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 3715072 B
Dell => 104018942 B
DefaultAppPool => 6144 B
RecycleBin => 1866001 B
EmptyTemp: => 271.7 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 20:52:20 ====

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-05-2019
Ran by Dell (20-05-2019 20:50:18) Run:1
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell & DefaultAppPool (Available Profiles: Dell & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {03574738-566D-4E13-8FA2-B3B63B6DA8DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0A8738B0-D7E2-4164-97EA-762FB8E32CFA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0B186A9B-7312-49B3-8635-014A1CDC764C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {18EAFFA5-BEBA-4AE8-B2B1-76E654ADBC60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3328B0B8-DEC7-4803-87A0-573FA798D4BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {46252C2F-9C0D-457F-A90B-BF0337EB6FDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {57FFD35F-0C6F-4AD5-9B25-79A44C5A1E2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {7E87604D-9CE3-491D-B1D1-5BDFF0E6C475} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {81072B60-3680-4214-8612-141C0E45F909} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C4F1932D-8222-41D0-8045-10B5C1A4C361} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CC6FB896-DA6F-444D-9ECE-376CB6441711} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7BDEF00-F21B-4118-AF2B-071FFB8856EB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FE48F93D-E775-4F8D-B2D0-048EC1E1E54B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2017-12-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2017-12-26] <==== ATTENTION
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR HKLM\...\Chrome\Extension: [pcahildbjonlnmkfcdeiglkeodeijdco] - hxxps://clients2.google.com/service/update2/crx
S3 AvastSecureBrowserElevationService; "C:\Program Files\AVAST Software\Browser\Application\73.0.1270.86\elevation_service.exe" [X]
2019-05-17 05:32 - 2018-06-10 16:39 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Easeware
Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\webcompanion.com -> hxxp://webcompanion.com
VirusTotal: C:\Users\Dell\AppData\Local\{9F60687C-6A8A-4B17-AB32-CC38BEAEF364}
VirusTotal: C:\Program Files\RegAce System Suite\RegAce.exe
C:\Program Files\Lavasoft\Web Companion
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully.
HKLM\Software\Classes\CLSID\{503739d0-4c5e-4cfd-b3ba-d881334f0df2} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03574738-566D-4E13-8FA2-B3B63B6DA8DF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03574738-566D-4E13-8FA2-B3B63B6DA8DF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A8738B0-D7E2-4164-97EA-762FB8E32CFA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A8738B0-D7E2-4164-97EA-762FB8E32CFA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B186A9B-7312-49B3-8635-014A1CDC764C}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B186A9B-7312-49B3-8635-014A1CDC764C}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18EAFFA5-BEBA-4AE8-B2B1-76E654ADBC60}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18EAFFA5-BEBA-4AE8-B2B1-76E654ADBC60}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3328B0B8-DEC7-4803-87A0-573FA798D4BF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3328B0B8-DEC7-4803-87A0-573FA798D4BF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46252C2F-9C0D-457F-A90B-BF0337EB6FDA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46252C2F-9C0D-457F-A90B-BF0337EB6FDA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57FFD35F-0C6F-4AD5-9B25-79A44C5A1E2A} => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57FFD35F-0C6F-4AD5-9B25-79A44C5A1E2A} => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E87604D-9CE3-491D-B1D1-5BDFF0E6C475}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E87604D-9CE3-491D-B1D1-5BDFF0E6C475}" => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81072B60-3680-4214-8612-141C0E45F909}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81072B60-3680-4214-8612-141C0E45F909}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4F1932D-8222-41D0-8045-10B5C1A4C361}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4F1932D-8222-41D0-8045-10B5C1A4C361}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC6FB896-DA6F-444D-9ECE-376CB6441711}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC6FB896-DA6F-444D-9ECE-376CB6441711}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7BDEF00-F21B-4118-AF2B-071FFB8856EB}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7BDEF00-F21B-4118-AF2B-071FFB8856EB}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE48F93D-E775-4F8D-B2D0-048EC1E1E54B}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE48F93D-E775-4F8D-B2D0-048EC1E1E54B}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
C:\Program Files\mozilla firefox\defaults\pref\dsengine.js => moved successfully
C:\Program Files\mozilla firefox\dsengine.cfg => moved successfully
"Chrome DefaultSearchURL" => removed successfully.
"Chrome DefaultSearchKeyword" => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pcahildbjonlnmkfcdeiglkeodeijdco => removed successfully.
HKLM\System\CurrentControlSet\Services\AvastSecureBrowserElevationService => removed successfully.
AvastSecureBrowserElevationService => service removed successfully.
C:\Users\Dell\AppData\Roaming\Easeware => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent" => removed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully.
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully.
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully.
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully.
VirusTotal: C:\Users\Dell\AppData\Local\{9F60687C-6A8A-4B17-AB32-CC38BEAEF364} => https://www.virustot...sis/1556753998/
"VirusTotal: C:\Program Files\RegAce System Suite\RegAce.exe" => not found
"C:\Program Files\Lavasoft\Web Companion" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 8151040 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69936084 B
Java, Flash, Steam htmlcache => 1313 B
Windows/system/drivers => 47344749 B
Edge => 39401738 B
Chrome => 333933 B
Firefox => 10108623 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6144 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 3715072 B
Dell => 104018942 B
DefaultAppPool => 6144 B
RecycleBin => 1866001 B
EmptyTemp: => 271.7 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 20:52:20 ====

 


  • 0

#9
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 415 posts
Hi,

--------------------------------------------

AdwCleaner

Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, uncheck any items you want to keep
  • Click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
  • Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).
--------------------------------------------

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
--------------------------------------------

In your next reply, please include:
  • AdwCleaner log
  • ESET log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP