Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Riskware.Hijack???!


  • This topic is locked This topic is locked
8 replies to this topic

#1 Dessertmints

Dessertmints

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 25 July 2018 - 12:02 AM

Hello!

 

Long story short, I have noticed a significant slow down in boot speed, as well as some funky behavior & slow browser speed as well.  Malwarebytes detected 4 items (Riskware.IFEO.Hijack) that were quarantined and then removed.  Avast has found nothing.  I do not think that the malware and/or virus' on this PC have been fully removed.

 

I appreciate what you guys do here, and ask that someone could please lend me a hand!  Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by John (administrator) on JOHN-PC (24-07-2018 23:39:33)
Running from C:\Users\John\Downloads
Loaded Profiles: John & DefaultAppPool (Available Profiles: John & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.245_none_16ec1d963212a637\TiWorker.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-22] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-03-25] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [269824 2015-12-21] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\Run: [Dropbox Update] => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\Run: [AvastBrowserAutoLaunch_D39FDF68DE73058B395809CCEB6C0150] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1728272 2018-07-19] (AVAST Software)
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
IFEO\Acrobat.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\acrodist.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dslauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\formdesigner.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2018-07-24]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-04-14]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-14]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-14]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-14]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2018-07-24]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-02-20]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2011-04-07]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-14]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2018-07-24]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a6a4dbe8-38b0-4659-b23d-e41af58f6bdf}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.xfinity.com/customer/start/?cid=xfstart_tech_main
SearchScopes: HKU\S-1-5-21-3822427988-1214073701-2480250881-1001 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKU\S-1-5-21-3822427988-1214073701-2480250881-1001 -> {6b0d4c9d-c6eb-4a9a-981c-ac3f9d8373c0} URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&cid=xfstart_tech_search&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-24] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-24] (Oracle Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-24] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-24] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3822427988-1214073701-2480250881-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ec1u9vx9.default [2018-07-24]
FF Homepage: Mozilla\Firefox\Profiles\ec1u9vx9.default -> hxxp://www.google.com/
FF Extension: (Avast SafePrice) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ec1u9vx9.default\Extensions\sp@avast.com.xpi [2018-04-09]
FF Extension: (Avast Online Security) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ec1u9vx9.default\Extensions\wrc@avast.com.xpi [2018-06-22]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2018-04-14] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-24] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3822427988-1214073701-2480250881-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2018-07-24]
CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (uBlock Origin) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-22]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (XFINITY® TV Go Stream Live TV Online) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbefpbidnpmpfbkledpohpejdcgfnfif [2016-09-16]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-22]
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-07-24]
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-07-24]
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-13]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-13]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-18]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-29]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-13]
CHR Extension: (Avast SafePrice) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-20]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-13]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-12]
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-22] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-22] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-16] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8730648 2018-07-24] (AVAST Software)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-12-22] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 osrss; C:\WINDOWS\system32\osrss.dll [130808 2018-06-08] (Microsoft Corporation)
R2 sedsvc; C:\Program Files\rempl\sedsvc.exe [295976 2018-07-16] (Microsoft Corporation)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [258048 2010-06-18] (IDT, Inc.) [File not signed]
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-22] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-22] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-22] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-22] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-22] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-22] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-22] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-22] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-22] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-07-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-22] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [191208 2018-07-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [114920 2018-07-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [48360 2018-07-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102632 2018-07-24] (Malwarebytes)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R2 TurboB; C:\WINDOWS\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-24 23:39 - 2018-07-24 23:41 - 000025520 _____ C:\Users\John\Downloads\FRST.txt
2018-07-24 23:38 - 2018-07-24 23:39 - 000000000 ____D C:\FRST
2018-07-24 23:37 - 2018-07-24 23:38 - 002412544 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2018-07-24 23:24 - 2018-07-24 23:24 - 000000000 ____D C:\WINDOWS\Panther
2018-07-24 22:06 - 2018-07-24 22:07 - 000000000 ___HD C:\$WINDOWS.~BT
2018-07-24 20:22 - 2018-07-24 23:24 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-24 20:22 - 2018-07-24 23:24 - 000114920 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-24 20:22 - 2018-07-24 23:24 - 000102632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-24 20:22 - 2018-07-24 23:24 - 000048360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-07-24 20:22 - 2018-07-24 20:22 - 000191208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-07-24 17:51 - 2018-07-24 17:51 - 000000000 ____D C:\Program Files (x86)\ESET
2018-07-24 17:50 - 2018-07-24 17:50 - 002870984 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2018-07-24 17:36 - 2018-07-24 17:37 - 007404752 _____ (Malwarebytes) C:\Users\John\Downloads\adwcleaner_7.2.2.exe
2018-07-24 17:27 - 2018-07-24 17:29 - 000000000 ____D C:\AdwCleaner
2018-07-24 17:24 - 2018-07-24 17:24 - 007395536 _____ (Malwarebytes) C:\Users\John\Downloads\AdwCleaner.exe
2018-07-24 16:39 - 2018-07-24 16:39 - 000737617 _____ C:\Users\John\Desktop\TDSSKiller.txt
2018-07-24 16:25 - 2018-07-24 16:38 - 001475320 _____ C:\TDSSKiller.2.8.16.0_24.07.2018_16.25.26_log.txt
2018-07-24 16:25 - 2018-07-24 16:25 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\99449447.sys
2018-07-24 16:13 - 2018-07-24 16:15 - 000003702 _____ C:\TDSSKiller.2.8.16.0_24.07.2018_16.13.58_log.txt
2018-07-24 16:13 - 2018-07-24 16:13 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2018-07-24 16:13 - 2018-07-24 16:13 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\27822293.sys
2018-07-24 16:02 - 2018-07-24 16:08 - 000003536 _____ C:\Users\John\Desktop\Rkill.txt
2018-07-24 16:01 - 2018-07-24 16:01 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2018-07-24 15:30 - 2018-07-24 15:30 - 000000000 ____D C:\Program Files (x86)\Absolute Software
2018-07-24 15:29 - 2018-07-24 15:29 - 000276556 _____ C:\Users\John\Documents\cc_20180724_152904.reg
2018-07-24 15:25 - 2018-07-24 15:34 - 000000000 ____D C:\Program Files\CCleaner
2018-07-24 15:25 - 2018-07-24 15:25 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-07-24 15:25 - 2018-07-24 15:25 - 000002852 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-07-24 15:25 - 2018-07-24 15:25 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-24 15:25 - 2018-07-24 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-07-24 14:52 - 2018-07-24 14:52 - 000000000 ____D C:\Users\John\AppData\Local\LogMeIn
2018-07-24 14:47 - 2018-07-24 14:47 - 000000000 ____D C:\Program Files (x86)\Roblox
2018-07-24 14:46 - 2018-07-24 14:46 - 000000000 ____D C:\Users\John\AppData\Roaming\Roxio Log Files
2018-07-23 20:55 - 2018-07-23 20:57 - 000400720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-22 18:22 - 2018-07-22 18:22 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-22 18:18 - 2018-07-22 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-22 18:18 - 2018-07-22 18:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-22 18:18 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-22 18:13 - 2018-07-22 18:13 - 076887504 _____ (Malwarebytes ) C:\Users\John\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6007.exe
2018-07-17 18:21 - 2018-07-23 18:11 - 000000000 ____D C:\Program Files\rempl
2018-07-12 16:34 - 2018-07-12 16:34 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-07-12 16:34 - 2018-07-12 16:34 - 000002243 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-07-12 16:34 - 2018-07-12 16:34 - 000000000 ____D C:\Program Files\Google
2018-07-10 16:41 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-24 23:27 - 2018-05-16 17:08 - 000000000 ____D C:\Users\John\AppData\Local\AVAST Software
2018-07-24 23:23 - 2017-12-21 19:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-24 23:22 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-24 23:19 - 2017-12-21 18:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-24 22:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-07-24 21:17 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-07-24 20:43 - 2013-11-16 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-24 20:43 - 2011-01-14 00:54 - 000000000 ____D C:\Program Files\Java
2018-07-24 20:42 - 2013-08-03 20:32 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-24 20:36 - 2017-10-10 16:42 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-07-24 20:36 - 2015-06-22 18:34 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-07-24 20:34 - 2016-05-21 10:03 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-07-24 20:08 - 2011-01-14 01:27 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-07-24 15:43 - 2016-11-08 17:07 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3822427988-1214073701-2480250881-1001UA1d23a0c8d5f5dca.job
2018-07-24 15:43 - 2016-11-08 17:07 - 000000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3822427988-1214073701-2480250881-1001Core1d23a0c8cfb96c6.job
2018-07-24 15:43 - 2011-10-31 17:12 - 000000000 ____D C:\ProgramData\WebEx
2018-07-24 15:33 - 2012-11-22 21:23 - 000000000 ____D C:\Users\John\AppData\Local\Google
2018-07-24 15:31 - 2017-12-21 18:57 - 000000000 ____D C:\Users\John\AppData\Local\Packages
2018-07-24 15:31 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-24 15:31 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-24 15:06 - 2011-07-09 19:51 - 000000000 ____D C:\Users\John\AppData\Local\Facebook
2018-07-24 15:03 - 2017-12-21 19:23 - 000003700 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3822427988-1214073701-2480250881-1001UA1d23a0c8d5f5dca
2018-07-24 15:03 - 2017-12-21 19:23 - 000003432 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3822427988-1214073701-2480250881-1001Core1d23a0c8cfb96c6
2018-07-24 14:58 - 2011-01-14 01:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2018-07-24 14:57 - 2012-08-23 02:07 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-07-24 14:56 - 2012-08-23 02:07 - 000000000 ____D C:\ProgramData\Apple
2018-07-24 14:56 - 2011-03-10 16:59 - 000000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2018-07-24 14:53 - 2016-02-14 14:00 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-07-24 14:50 - 2011-06-27 20:46 - 000000000 ____D C:\Program Files (x86)\LogMeIn
2018-07-24 14:36 - 2018-04-14 12:44 - 000004284 _____ C:\WINDOWS\System32\Tasks\Avast TUNEUP Update
2018-07-24 14:30 - 2017-12-21 19:23 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-07-24 14:25 - 2017-12-21 21:25 - 000033982 ____H C:\Users\John\AppData\Local\IconCache.db.backup
2018-07-23 20:54 - 2017-12-21 18:55 - 000000000 ____D C:\Users\John
2018-07-23 20:42 - 2011-02-27 16:07 - 000000000 ____D C:\Users\John\Documents\Outlook Files
2018-07-23 18:09 - 2013-08-15 18:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-23 17:56 - 2011-02-20 15:51 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-23 17:55 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-23 17:29 - 2011-10-06 12:09 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-07-23 17:02 - 2012-02-18 11:16 - 000000000 ____D C:\Users\John\AppData\Roaming\Dropbox
2018-07-21 14:04 - 2018-05-16 17:09 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-21 14:04 - 2018-05-16 17:09 - 000002465 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-21 14:02 - 2018-06-23 19:42 - 000002405 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-21 14:02 - 2017-12-21 19:23 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3822427988-1214073701-2480250881-1001
2018-07-21 14:02 - 2016-03-25 07:13 - 000000000 ___RD C:\Users\John\OneDrive
2018-07-10 16:39 - 2018-03-13 16:48 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-10 16:39 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-10 16:39 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-09 16:43 - 2018-04-14 17:14 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-06-28 19:46 - 2018-01-20 12:55 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-28 19:46 - 2018-01-20 12:55 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-27 17:24 - 2014-05-03 14:09 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-27 17:24 - 2014-05-03 14:09 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2011-06-21 01:42 - 2011-12-23 02:10 - 000000034 _____ () C:\Users\John\jagex_runescape_preferences.dat
2011-06-21 01:43 - 2011-12-23 02:10 - 000000129 _____ () C:\Users\John\jagex_runescape_preferences2.dat
2014-11-17 20:39 - 2018-07-24 14:49 - 014147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-04-03 13:18 - 2018-03-09 18:41 - 000007600 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2018-07-24 20:33 - 2018-07-24 20:33 - 001906040 _____ (Oracle Corporation) C:\Users\John\AppData\Local\Temp\jre-8u181-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-22 17:39
 
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Dessertmints

Dessertmints
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 25 July 2018 - 12:04 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by John (24-07-2018 23:41:52)
Running from C:\Users\John\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-22 00:25:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3822427988-1214073701-2480250881-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3822427988-1214073701-2480250881-503 - Limited - Disabled)
Guest (S-1-5-21-3822427988-1214073701-2480250881-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3822427988-1214073701-2480250881-1002 - Limited - Enabled)
John (S-1-5-21-3822427988-1214073701-2480250881-1001 - Administrator - Enabled) => C:\Users\John
WDAGUtilityAccount (S-1-5-21-3822427988-1214073701-2480250881-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.5273 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 67.1.664.100 - AVAST Software)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Dell)
Dell Dock (HKLM\...\{C73A3942-84C8-4597-9F9B-EE227DCBA758}) (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5830.12 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5830.12 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{B29B4ACE-362A-47D2-AB37-87C721D09803}) (Version: 7.3.2.5487 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
iTunes (HKLM\...\{5581A594-89CB-4062-81C3-2E9F7A76FBE0}) (Version: 12.7.4.76 - Apple Inc.)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Syncios version 5.0.2 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 5.0.2 - Anvsoft, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{479E8CC7-CD68-4EB4-BB04-34A5C2C74102}) (Version: 2.46.0.0 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-22] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-22] (AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-04-22] (Apple Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-22] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {018C3207-AAA1-4F04-BBD7-4DAD10DAA3B9} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-07-24] (AVAST Software)
Task: {01A1EE1B-76B3-4BF1-8EB6-8BD836347560} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {022CD3AE-C36E-46D3-8ACD-4198CEC361C6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {142AA3BF-EB7B-4697-B52A-C17DFD51870F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {15D7C2B6-8DF8-4658-8254-3B44E093A35B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {26001268-F4C0-48DD-A7E8-F9A4A3A64A6B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2803A0BD-3C95-48CB-B84A-A5A1A98C70EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2E4DBAD3-106E-4076-ABF1-504E156C8A54} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe [2018-07-16] (Microsoft Corporation)
Task: {2EC4854E-669C-49DD-B71F-94176F749048} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {37292EA8-F458-47ED-A55C-5A3A1CCF5FD5} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {37449A31-039E-4B1D-8F13-E8C24D7833D4} - \Microsoft\Windows\WindowsUpdate\sihboot -> No File <==== ATTENTION
Task: {38C5EF19-4FDA-4229-9DC5-E9A9BE679F9A} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-16] (AVAST Software)
Task: {39AD4A22-F206-4665-910F-F62045802283} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3DAB5DBE-7AC5-4BE0-B1BE-1C40913ABED5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {48F9FC2B-C42B-4BE5-A1FC-95606174DCFF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {504D8ABD-C40B-4686-946D-FCEABCB884EF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5187FE82-97EB-490C-9790-ABE388F302B0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {530A5E94-0A00-4870-8317-E696AEA851FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {5474D253-7C23-4E98-8E7A-B4733350C8ED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {597BB17E-3451-4CE6-B110-33B4485A6040} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {59B54618-55CB-40B8-BED0-3CE228D005D9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5F143F1B-ACB6-4987-BC01-6DC536D0FECB} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {6038471A-587D-40D9-8FE1-0FB49A0CE3D1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7037B1AE-1CB9-4019-AAB6-BC59CC212C59} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {77258A6C-0CDF-4FC5-B8D6-262DCA62F082} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7B6381DC-7AE5-4395-8ABF-E4CA709213B1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7E74755F-EDF5-46B5-948F-DBF759025E12} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {7E79E59E-FEE4-40F4-87DF-540E85965DBC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd)
Task: {80017C3A-086D-4910-B3E8-02B2C221A948} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {81B61C44-18B7-4FA9-B9A4-5EA36FC53A7A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {82AB7827-12D0-45C1-A293-7641936242C2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82D8C166-F22D-42BB-89BB-DAB8CF0E84CE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8AD31853-89B0-439D-B8D5-3A4FCBE07228} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {919AC3E1-EE96-4710-80C0-42474E7BC425} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9C68F59C-3ABA-44B0-97AC-263602F4F76F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A7B7FFD0-A68D-4CA0-AD62-CA37B1D7556A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {AA3149ED-34C6-477C-8E1B-260D549351B4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-22] (AVAST Software)
Task: {AC641380-8E17-4DDE-913A-D31BE93ED36D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AC6636F1-B6BA-4BFB-A9F9-4DBFF9630BDE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-07-22] (AVAST Software)
Task: {B2388890-B9D7-48C1-B7B3-B0E5410F85A7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {B9C9A67A-7F24-4C11-95ED-FC4988911D30} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd)
Task: {BBBE43F5-BB87-4C30-9DA6-1097E802FCC6} - System32\Tasks\{6BF799C4-412A-4C7E-BF13-96D2AC163023} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Alwil Software\Avast5\aswRunDll.exe" -c "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Task: {BFB07AEC-CA73-4E64-ABFF-2EB5396C1904} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C085DD87-98C8-4CCB-99F6-146386C8F083} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C216DE79-979C-444D-943D-67290389576E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C992E795-40B5-404D-99FB-9985BB60ABAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {CFFBE9C3-AD20-46EB-9229-1418CED18C4D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3822427988-1214073701-2480250881-1001UA1d23a0c8d5f5dca => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {D8A5226A-CB80-4727-8558-AB1B8B994E91} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3822427988-1214073701-2480250881-1001Core1d23a0c8cfb96c6 => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {DA40D71F-E903-49C0-8E67-AB5965DD6E1E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E13A6CB6-1656-4B91-B99C-9337E07C6CC4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E525386F-BBC6-4021-83B9-328B130945A0} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {EA25D914-C235-4484-A293-18D02E813C70} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EBC41324-1AA1-4CB4-9CD3-017DE5C92A59} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EDB0712A-D4D4-4D15-8ABD-7D06EDC6E572} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F3ECD873-2134-4FF1-81A7-941958A2B633} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F4E658BA-FFAE-439C-94EC-4A22F2FA3EA7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F68548ED-12A9-4582-9906-28C57056E989} - System32\Tasks\{7FADC243-274B-44C7-BA1D-3BD58F426256} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=wow_enus --displayname="World of Warcraft"
Task: {F730100B-CB95-4E24-B5B0-0B1A71C93CEC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F9250835-13CB-4D22-B132-E95FACF9755C} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {FC949924-05F5-4B33-B9AE-31853936ABD3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {FD0BFF95-CEE6-4A05-B3E3-6DD88924B65D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDCDA5ED-63ED-47C7-A872-E754DA75DA16} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-16] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3822427988-1214073701-2480250881-1001Core1d23a0c8cfb96c6.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3822427988-1214073701-2480250881-1001UA1d23a0c8d5f5dca.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\John\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-07-22 18:18 - 2018-07-03 12:59 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-07-22 18:18 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-12-21 20:25 - 2017-12-21 20:25 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-21 20:25 - 2017-12-21 20:25 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-07-24 15:34 - 2018-07-24 15:34 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-06-27 17:24 - 2018-06-22 14:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-27 17:24 - 2018-06-22 14:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-04-09 19:11 - 2018-04-09 19:11 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-06-22 15:34 - 2018-06-22 15:34 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-22 15:33 - 2018-06-22 15:33 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-04-14 12:44 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D21F91FD [128]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42194452.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42194452.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2018-07-05 16:05 - 000001258 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 forum.alcohol-soft.com
127.0.0.1 support.alcohol-soft.com
127.0.0.1 users.alcohol-soft.com
127.0.0.1 shop.alcohol-soft.com
127.0.0.1 vodka.alcohol-soft.com
127.0.0.1 *.alcohol-soft.com
127.0.0.1 *.alcohol-soft.*
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Dell\Win7 Chrome 1920x1200.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AutoKMS => C:\Windows\AutoKMS.exe
MSCONFIG\startupreg: ComcastAntispyClient => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
MSCONFIG\startupreg: Facebook Update => "C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Avast Cleanup Premium.lnk"
HKLM\...\StartupApproved\Run: => "Broadcom Wireless Manager UI"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Dell DataSafe Online"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Desktop Disc Tool"
HKLM\...\StartupApproved\Run32: => "ddoctorv2"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKLM\...\StartupApproved\Run32: => "Dell Webcam Central"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\StartupApproved\StartupFolder: => "Dell Dock.lnk"
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\StartupApproved\StartupFolder: => "Microsoft SharePoint Workspace.lnk"
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3822427988-1214073701-2480250881-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_D39FDF68DE73058B395809CCEB6C0150"
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\StartupApproved\StartupFolder: => "Dell Dock First Run.lnk"
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\StartupApproved\Run: => "OneDriveSetup"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E0BF7EAC-B4CA-4514-8E29-43EA8E90E307}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{01D9EF44-7E99-462F-B622-EC42180D6710}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{731897EC-BE77-4012-B683-526F0899957B}] => (Allow) svchost.exe
FirewallRules: [{251C1D9A-72C4-4D40-85E4-69D72F77A160}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{5B98CD09-0711-4E38-AC65-0AF537CF8AEC}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{32BD116F-E2A7-4B1C-A971-361520959F3C}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [TCP Query User{ED8B9F60-DD4C-4BA4-8074-CC43857A8D36}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D9A5405D-7980-40C2-9B60-E1007D56848B}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{BB8445B1-96A6-4D46-ABE6-CDA173FAD239}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{59694636-F474-42A8-BFC1-3B5B242C5BB5}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{31F75F77-696F-48B3-9FF6-B076C52DB14E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D056C49-FB16-4A7A-9AB4-56EB3A0FDB5A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D31C20E1-AB78-4A18-B5DB-5D864F4E825E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{80825C58-E4B3-45C2-B6DE-F60C4F77B5F8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{508B5A76-DDF6-4365-8B7B-F61777F87976}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{4A1BD90E-F523-4282-95EC-7A41B39FF636}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B3B40893-650E-4F05-AA0D-D4E2EC2A00C3}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{E9828546-E3FE-4BCF-AACE-65296B97B5E9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BE582D75-9870-408B-A12B-7E0A7F734DC0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
 
==================== Restore Points =========================
 
17-07-2018 18:19:33 Windows Update
21-07-2018 14:34:22 Windows Update
24-07-2018 14:35:21 Removed Apple Application Support (32-bit)
 
==================== Faulty Device Manager Devices =============
 
Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2018 11:29:25 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
 
Error: (07/24/2018 11:15:15 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
 
Error: (07/24/2018 10:14:03 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
 
Error: (07/24/2018 09:18:24 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
 
Error: (07/24/2018 09:08:02 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5360,G,0) An attempt to open the file "C:\Users\John\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/24/2018 08:57:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_15c8cdae9364c23b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.192_none_5d760485a7e0eb41.manifest.
 
Error: (07/24/2018 08:27:20 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
 
Error: (07/24/2018 08:27:17 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserUpdateHelper.msi. Error 1618 occurred while beginning the transaction.
 
 
System errors:
=============
Error: (07/24/2018 11:33:35 PM) (Source: DCOM) (EventID: 10016) (User: JOHN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user John-PC\John SID (S-1-5-21-3822427988-1214073701-2480250881-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/24/2018 11:28:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (07/24/2018 11:24:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/24/2018 11:24:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetTcpPortSharing service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/24/2018 11:24:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetTcpPortSharing service to connect.
 
Error: (07/24/2018 11:23:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIInfo service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (07/24/2018 11:20:38 PM) (Source: DCOM) (EventID: 10016) (User: JOHN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user John-PC\John SID (S-1-5-21-3822427988-1214073701-2480250881-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/24/2018 10:19:37 PM) (Source: DCOM) (EventID: 10016) (User: JOHN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user John-PC\John SID (S-1-5-21-3822427988-1214073701-2480250881-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-07-24 14:38:06.064
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-24 14:38:06.061
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-24 14:37:43.055
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-24 14:37:43.048
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-24 14:37:35.033
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-24 14:37:35.027
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-24 14:37:33.017
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-24 14:37:33.011
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3894.68 MB
Available physical RAM: 1621.71 MB
Total Virtual: 7862.68 MB
Available Virtual: 5335.87 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:371.84 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{07bc7754-1f99-11e0-b868-806e6f6e6963}\ (Recovery) (Fixed) (Total:14.65 GB) (Free:7.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: ADC98026)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 25 July 2018 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
IFEO\Acrobat.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\acrodist.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dslauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\formdesigner.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {01A1EE1B-76B3-4BF1-8EB6-8BD836347560} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {142AA3BF-EB7B-4697-B52A-C17DFD51870F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2803A0BD-3C95-48CB-B84A-A5A1A98C70EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5474D253-7C23-4E98-8E7A-B4733350C8ED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6038471A-587D-40D9-8FE1-0FB49A0CE3D1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {77258A6C-0CDF-4FC5-B8D6-262DCA62F082} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {80017C3A-086D-4910-B3E8-02B2C221A948} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {8AD31853-89B0-439D-B8D5-3A4FCBE07228} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {919AC3E1-EE96-4710-80C0-42474E7BC425} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BFB07AEC-CA73-4E64-ABFF-2EB5396C1904} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C085DD87-98C8-4CCB-99F6-146386C8F083} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C216DE79-979C-444D-943D-67290389576E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EBC41324-1AA1-4CB4-9CD3-017DE5C92A59} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D21F91FD [128]

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know what problem persists.

#4 Dessertmints

Dessertmints
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 25 July 2018 - 10:49 AM

Hello Nasdaq, thanks for the reply!

 

That seemed to make a big difference with the browser - the general load times are slow along with a consistently high resource usage in the task manager (don't know if that is at all related).  Here are the new logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by John (25-07-2018 10:23:30) Run:1
Running from C:\Users\John\Downloads
Loaded Profiles: John & DefaultAppPool (Available Profiles: John & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
IFEO\Acrobat.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\acrodist.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dslauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\formdesigner.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
 
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {01A1EE1B-76B3-4BF1-8EB6-8BD836347560} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {142AA3BF-EB7B-4697-B52A-C17DFD51870F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2803A0BD-3C95-48CB-B84A-A5A1A98C70EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5474D253-7C23-4E98-8E7A-B4733350C8ED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6038471A-587D-40D9-8FE1-0FB49A0CE3D1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {77258A6C-0CDF-4FC5-B8D6-262DCA62F082} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {80017C3A-086D-4910-B3E8-02B2C221A948} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {8AD31853-89B0-439D-B8D5-3A4FCBE07228} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {919AC3E1-EE96-4710-80C0-42474E7BC425} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BFB07AEC-CA73-4E64-ABFF-2EB5396C1904} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C085DD87-98C8-4CCB-99F6-146386C8F083} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C216DE79-979C-444D-943D-67290389576E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EBC41324-1AA1-4CB4-9CD3-017DE5C92A59} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D21F91FD [128]
 
Reboot:
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Acrobat.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\acrodist.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dropbox.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dslauncher.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\formdesigner.exe" => removed successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01A1EE1B-76B3-4BF1-8EB6-8BD836347560}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01A1EE1B-76B3-4BF1-8EB6-8BD836347560}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{142AA3BF-EB7B-4697-B52A-C17DFD51870F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{142AA3BF-EB7B-4697-B52A-C17DFD51870F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2803A0BD-3C95-48CB-B84A-A5A1A98C70EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2803A0BD-3C95-48CB-B84A-A5A1A98C70EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5474D253-7C23-4E98-8E7A-B4733350C8ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5474D253-7C23-4E98-8E7A-B4733350C8ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6038471A-587D-40D9-8FE1-0FB49A0CE3D1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6038471A-587D-40D9-8FE1-0FB49A0CE3D1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77258A6C-0CDF-4FC5-B8D6-262DCA62F082}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77258A6C-0CDF-4FC5-B8D6-262DCA62F082}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80017C3A-086D-4910-B3E8-02B2C221A948}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80017C3A-086D-4910-B3E8-02B2C221A948}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AD31853-89B0-439D-B8D5-3A4FCBE07228}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AD31853-89B0-439D-B8D5-3A4FCBE07228}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{919AC3E1-EE96-4710-80C0-42474E7BC425}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{919AC3E1-EE96-4710-80C0-42474E7BC425}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFB07AEC-CA73-4E64-ABFF-2EB5396C1904}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFB07AEC-CA73-4E64-ABFF-2EB5396C1904}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C085DD87-98C8-4CCB-99F6-146386C8F083}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C085DD87-98C8-4CCB-99F6-146386C8F083}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C216DE79-979C-444D-943D-67290389576E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C216DE79-979C-444D-943D-67290389576E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBC41324-1AA1-4CB4-9CD3-017DE5C92A59}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBC41324-1AA1-4CB4-9CD3-017DE5C92A59}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
C:\ProgramData\TEMP => ":D21F91FD" ADS removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 10:24:50 ====


#5 Dessertmints

Dessertmints
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 25 July 2018 - 11:08 AM

There is also a file called 'Alcohol 120' that seems nefarious, not sure if I should just delete it?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 25 July 2018 - 01:29 PM

Hi,

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 forum.alcohol-soft.com
127.0.0.1 support.alcohol-soft.com
127.0.0.1 users.alcohol-soft.com
127.0.0.1 shop.alcohol-soft.com
127.0.0.1 vodka.alcohol-soft.com
127.0.0.1 *.alcohol-soft.com
127.0.0.1 *.alcohol-soft.*


Was Alcohol 120 previously installed on your computer.
These entries are in your HOST file.
===

Restart the computer normally.

If the problem persists execute this.

Dpwnload and run the Avast Removal tool.
https://www.avast.com/en-ca/uninstall-utility

When done restart the computer normally.

If the problem is solved you can reinstall Avast.
Make sure all programs and open windows are closed before proceeding.

Keep me posted.

#7 Dessertmints

Dessertmints
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 26 July 2018 - 04:54 PM

Hey Nasdaq, 

 

Apologies for the delay in response.

 

Avast has been uninstalled, however it seems to have made load times worse?  Disk usage is always at 100%, as well. There are some funky things happening - windows update is always running, but never updating.  There are some questionable programs running in the task manager - but the most strange of all are random screenshots being taken?  I only knew because as I was sitting here the Microsoft OneDrive notification popped up, when I went to mspaint and hit ctrl+v, a photo of my screen had shown up.  Is it time to burn it to the ground? 

 

Please advise...and many thanks


Edited by Dessertmints, 26 July 2018 - 07:58 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 27 July 2018 - 06:34 AM

Hi,

Lets start by repairing the Windows Update issue.

Try this. Follow the instructions on each step.

Locate the CMD.EXE and run it as an Administrator.

At the DOS prompt execute these Command in bold.

:step1: net stop wuauserv

:step2: Renames the C:\Windows\SoftwareDistribution folder to C:\Windows\SoftwareDistribution.old , essentially clearing the Windows Update download cache so that it can start over.

:step3: Restart the Windows Update service net start wuauserv

Restart the computer normally.

How is the computer running now?
<<<>>>

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 02 August 2018 - 07:38 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users