Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #61  
Old December 2nd, 2018, 11:55 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Uninstall : ByteFence software

=====================================

Please delete all items listed in the ZHPCleaner, Adwcleaner and MalwareBytes
Why aren't you deleting them, i am not understand you ? Please delete them all.
Reply With Quote


  #62  
Old December 3rd, 2018, 12:11 AM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
I would love to delete them my options are

malwarebytes-quarantine
adware-clean and repair

no where do I see delete or I would.
Reply With Quote
  #63  
Old December 3rd, 2018, 12:35 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Quote:
Originally Posted by perplexed View Post
I would love to delete them my options are

malwarebytes-quarantine
adware-clean and repair

no where do I see delete or I would.
I've sent you the software instructions before. Read them again.
Every information is in the instructions.
Reply With Quote
  #64  
Old December 3rd, 2018, 12:49 AM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
I found delete in both malware scans and ZHPCleaner and did as you requested. if I continue to have issues I will contact a person here that can delve in places I choose not to go on my machine. I thank you so much for all your efforts and time and talent that you give.

Last edited by perplexed; December 3rd, 2018 at 01:44 AM.
Reply With Quote
  #65  
Old December 3rd, 2018, 08:03 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Quote:
Originally Posted by perplexed View Post
I found delete in both malware scans and ZHPCleaner and did as you requested. if I continue to have issues I will contact a person here that can delve in places I choose not to go on my machine. I thank you so much for all your efforts and time and talent that you give.
But, i can't see the deletion in the logs.We can't make any progress.
Reply With Quote
  #66  
Old December 3rd, 2018, 09:21 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
I hope this is right thank you.
~ ZHPCleaner v2018.11.30.201 by Nicolas Coolman (2018/11/30)
~ Run by jmg (Administrator) (02/12/2018 18:28:46)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\jmg\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\jmg\AppData\Roaming\ZHP\ZHPCleaner_Reg.tx t
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit (Build 9600)


---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (23)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (180)
MOVED file: C:\Users\jmg\AppData\Local\Temp\bytefence-installer-5.4.0.3.exe [Byte Technologies LLC - ByteFence Anti-Malware] =>.SUP.ByteFence
MOVED file: C:\Users\jmg\AppData\Local\Temp\~DF4118F02D8E14460 6.TMP =>.SUP.Temporary.Other
MOVED file^: C:\Users\jmg\AppData\Local\Temp\~DF773BB8BB3A9B9FE C.TMP =>.SUP.Temporary.Other
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-165 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-166 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-167 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-168 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-169 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-17 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-170 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-171 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-172 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-173 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-174 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-175 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-176 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-177 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-178 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-179 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-18 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-180 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-181 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-182 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-183 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-184 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-185 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-186 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-187 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-188 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-189 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-19 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-190 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-191 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-192 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-193 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-194 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-195 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-196 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-197 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-198 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-199 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-2 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-20 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-200 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-201 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-202 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-203 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-204 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-205 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-206 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-207 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-208 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-209 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-21 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-210 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-211 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-212 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-213 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-214 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-215 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-216 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-217 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-218 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-22 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-23 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-24 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-25 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-26 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-27 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-28 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-29 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-3 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-30 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-31 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-32 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-33 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-34 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-35 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-36 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-37 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-38 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-39 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-4 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-40 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-41 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-42 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-43 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-44 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-45 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-46 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-47 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-48 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-49 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-5 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-50 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-51 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-52 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-53 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-54 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-55 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-56 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-57 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-58 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-59 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-6 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-60 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-61 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-62 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-63 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-64 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-65 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-66 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-67 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-68 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-69 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-7 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-70 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-71 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-72 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-73 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-74 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-75 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-76 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-77 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-78 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-79 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-8 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-80 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-81 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-82 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-83 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-84 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-85 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-86 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-87 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-88 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-89 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-9 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-90 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-91 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-92 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-93 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-94 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-95 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-96 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-97 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-98 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Users\jmg\AppData\Local\Temp\plugtmp-99 =>.SUP.Empty.PluginViewer
MOVED folder: C:\Windows\Installer\MSI180.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI291F.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI34D8.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI3AB5.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI3C8B.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI3E42.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI415C.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI444E.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI473D.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI48A5.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI5123.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI52E9.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI5DAB.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI7622.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI7B82.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI9D58.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIAC10.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIBFEE.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIC4D9.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIC677.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIC928.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSICBA9.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSID308.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSID50E.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIE81A.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIEA1E.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIF1C7.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIF42B.tmp- =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIFFCB.tmp- =>.SUP.Empty
MOVED folder: C:\Users\jmg\AppData\LocalLow\EmieBrowserModeList =>.SUP.Empty
MOVED folder: C:\Users\jmg\AppData\LocalLow\EmieSiteList =>.SUP.Empty
MOVED folder: C:\Users\jmg\AppData\LocalLow\EmieUserList =>.SUP.Empty


---\\ Registry ( Key, Value, Data) (24)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector [Protector Class] =>Adware.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [Protector Class] =>Adware.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [ProtectorLib Class] =>Adware.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [ProtectorLib Class] =>Adware.BProtector
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\01FA40D665B73684D985D010B1695026 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\0ABDF18916EB1CC4282FA2499DA8E936 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\zh-CN\Amazon1ButtonUpdater.resources.dll (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\0AEDE77A5648DCC429E03A3E4AF59227 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\18113832F73994E49BECE48E8800ADC2 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en\Amazon1ButtonUpda ter.resources.dll (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\19F19267BD6FDEE47AFD783F22976A63 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbar App.exe (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\1DBF701DC437934418C3305DAD3AA426 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\1E84896ECEDDEC84AA03D5F0D498B947 [01:\Software\Microsoft\Amazon1ButtonApp\installed (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\223C32D7D9935A64295B47687385F12E [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\fr\Amazon1ButtonUpda ter.resources.dll (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\24FFA4E450BBF344387EE783B3A6067F [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\en-CA\Amazon1ButtonUpdater.resources.dll (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\25BE089ED4115854096CEE5EF03DAED2 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ja-JP\Amazon1ButtonUpdater.resources.dll (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\281462E32DEE82C4D95540112F7D8139 [02:\Software\AppDataLow\Software\Amazon\Amazon1But tonApp\InstalledTaskbar (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\2BB8BC8D44CA1714A89E1F5E5E05118E [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonUpdater .exe.config (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\353EA374382134A4F8909E25FD2DCCB9 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_com_logo .png (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\3AECFAB38B71EB94C99E6631375663C2 [01:\Software\NowUSeeItPlayer\installed (Not File)] =>.SUP.NowUSeeItPlayer
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\407846F8494055D489B6F73E438D600A [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\53B9B2C48E4D94D40ABDA2F69B76FB9F [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\64A244D8E461C6346BE1B4AB013EEF9A [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\CommandLine.xml (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\676CC98BEA601104AB8468A623FEE0D4 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\ (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\6F507A4CFD6A0A847BE10AF8C122C624 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIEManaged.d ll (Not File)] =>.SUP.Amazon1ButtonApp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Installer\UserData\S-1-5-18\Components\6FBC321EE47F2464CAA059F56F60B0D0 [C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Resources\a_fr_logo. png (Not File)] =>.SUP.Amazon1ButtonApp


---\\ Summary of the elements found (7)
https://nicolascoolman.eu/2017/03/13...ous-bytefence/ =>.SUP.ByteFence
https://nicolascoolman.eu/2017/01/20...els-superflus/ =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/01/20...els-superflus/ =>.SUP.Empty.PluginViewer
https://nicolascoolman.eu/2017/01/20...els-superflus/ =>.SUP.Empty
https://nicolascoolman.eu/2017/04/12/adware-bprotector/ =>Adware.BProtector
https://nicolascoolman.eu/2017/12/01...zon1buttonapp/ =>.SUP.Amazon1ButtonApp
https://www.anti-malware.top/2016/04...wuseeitplayer/ =>.SUP.NowUSeeItPlayer


---\\ Other deletions. (8)
~ Registry Keys Tracing deleted (8)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 907
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 479980816


~ End of clean in 00h01mn57s

---\\ Reports (6)
ZHPCleaner-[R]-02122018-17_51_53.txt
ZHPCleaner-[S]-02122018-15_16_05.txt
ZHPCleaner-[S]-02122018-17_27_46.txt
ZHPCleaner-[S]-02122018-17_45_15.txt
ZHPCleaner-[S]-02122018-18_22_46.txt
ZHPCleaner-[R]-02122018-18_30_43.txt

Last edited by perplexed; December 3rd, 2018 at 09:24 PM.
Reply With Quote
  #67  
Old December 3rd, 2018, 09:24 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-16-2018
# Database: 2018-12-03.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-03-2018
# Duration: 00:00:27
# OS: Windows 8.1
# Scanned: 32298
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [2419 octets] - [19/11/2018 14:31:53]
AdwCleaner[S01].txt - [2480 octets] - [21/11/2018 15:04:54]
AdwCleaner[C01].txt - [2408 octets] - [21/11/2018 15:08:26]
AdwCleaner[S02].txt - [1429 octets] - [21/11/2018 15:22:30]
AdwCleaner[S03].txt - [1713 octets] - [02/12/2018 15:30:55]
AdwCleaner[S04].txt - [1774 octets] - [02/12/2018 15:52:37]
AdwCleaner[C04].txt - [1904 octets] - [02/12/2018 17:55:36]
AdwCleaner[S05].txt - [1673 octets] - [02/12/2018 19:47:49]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/3/18
Scan Time: 2:01 PM
Log File: 3dbda3e4-f736-11e8-a488-40b89a8d9a8a.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.8145
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: office\jmg

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 249669
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 12 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
Reply With Quote
  #68  
Old December 4th, 2018, 07:21 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Thanks.



Please post a fresh FRST logfile for my review. (Frst.txt and Additional.txt)
Reply With Quote
  #69  
Old December 4th, 2018, 10:14 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
Thank you

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by jmg (administrator) on OFFICE (04-12-2018 15:09:16)
Running from C:\Users\jmg\Desktop
Loaded Profiles: jmg (Available Profiles: jmg)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCr ashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCr ashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1382\DSAPI.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1382\pcdrwi.exe
() C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI. exe
(Farbar) C:\Users\jmg\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [519256 2014-02-16] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-04] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-16] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-29] (Qualcomm®Atheros®)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A62EFFCB-5730-42F7-A9FF-4B20ADA9865F}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2761475689-2294761232-4051373204-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> DefaultScope {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-26] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-26] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522 [2018-12-04]
FF Homepage: Mozilla\Firefox\Profiles\lv6it3ka.default-1471530361522 -> hxxps://att.yahoo.com/
FF Extension: (Avast SafePrice) - C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522\Extensions\sp@avast.com.xpi [2018-06-21]
FF Extension: (Avast Online Security) - C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522\Extensions\wrc@avast.com.xpi [2018-11-17]
FF Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2018-11-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_ 153.dll [2018-11-20] ()
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1 .dll [2018-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-26] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_ 153.dll [2018-11-20] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-16] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-29] (Windows (R) Win 7 DDK provider) [File not signed]
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-16] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1382\DSAPI.exe [1002816 2018-11-02] (PC-Doctor, Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] ()
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv. exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [38872 2018-10-25] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-16] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-29] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-12-02] (Malwarebytes)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-04 15:09 - 2018-12-04 15:10 - 000015427 _____ C:\Users\jmg\Desktop\FRST.txt
2018-12-03 14:15 - 2018-12-03 14:15 - 000001202 _____ C:\Users\jmg\Desktop\malwarebytes.txt
2018-12-03 06:42 - 2018-12-03 06:42 - 000000076 _____ C:\Users\jmg\Documents\ERIC.txt
2018-12-02 19:45 - 2018-12-02 19:45 - 000000000 ___RD C:\Users\jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\BT Devices
2018-12-02 18:32 - 2018-12-02 18:32 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-02 16:09 - 2018-12-02 16:10 - 010597096 _____ (McAfee, Inc.) C:\Users\jmg\Downloads\MCPR.exe
2018-12-02 15:16 - 2018-12-02 18:30 - 000022606 _____ C:\Users\jmg\Desktop\ZHPCleaner.txt
2018-12-02 12:57 - 2018-12-02 12:57 - 000000000 _____ C:\Windows\invcol.tmp
2018-12-01 15:23 - 2018-12-02 18:39 - 000000000 ____D C:\Users\jmg\AppData\Roaming\ZHP
2018-12-01 15:23 - 2018-12-01 15:27 - 000000876 _____ C:\Users\jmg\Desktop\ZHPCleaner.lnk
2018-12-01 15:23 - 2018-12-01 15:23 - 000000000 ____D C:\Users\jmg\AppData\Local\ZHP
2018-12-01 15:21 - 2018-12-01 15:22 - 003293568 _____ C:\Users\jmg\Downloads\ZHPCleaner.exe
2018-12-01 12:47 - 2018-12-01 12:48 - 000000000 ____D C:\Program Files (x86)\Dell
2018-12-01 12:46 - 2018-12-01 12:46 - 000000000 ____D C:\Windows\{E9E39016-F1A4-4947-BF49-E0DACA61F95C}
2018-11-29 17:56 - 2018-12-01 13:43 - 000066290 _____ C:\Users\jmg\Desktop\Search.txt
2018-11-29 15:02 - 2018-11-29 15:02 - 000285752 _____ C:\Windows\Minidump\112918-144078-01.dmp
2018-11-29 14:58 - 2018-11-29 14:59 - 000000975 _____ C:\Users\jmg\Desktop\Fixlog.txt
2018-11-29 14:53 - 2018-11-29 14:58 - 000000272 _____ C:\Users\jmg\Desktop\fixlist.txt
2018-11-28 12:27 - 2018-11-28 12:27 - 000003456 _____ C:\Users\jmg\Desktop\RKlog.txt
2018-11-27 11:46 - 2018-11-27 14:21 - 000000000 ____D C:\ProgramData\RogueKiller
2018-11-27 11:46 - 2018-11-27 11:46 - 000000832 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-11-27 11:46 - 2018-11-27 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-11-27 11:46 - 2018-11-27 11:46 - 000000000 ____D C:\Program Files\RogueKiller
2018-11-27 11:44 - 2018-11-27 11:45 - 029072136 _____ (Adlice Software ) C:\Users\jmg\Downloads\RogueKiller_setup_ref3(2).e xe
2018-11-27 11:39 - 2018-11-27 11:39 - 029072136 _____ (Adlice Software ) C:\Users\jmg\Downloads\RogueKiller_setup_ref3(1).e xe
2018-11-27 11:34 - 2018-11-27 11:35 - 029072136 _____ (Adlice Software ) C:\Users\jmg\Downloads\RogueKiller_setup_ref3.exe
2018-11-26 21:33 - 2018-11-26 21:33 - 001211216 _____ (Oracle Corporation) C:\Users\jmg\Downloads\JavaUninstallTool.exe
2018-11-26 21:31 - 2018-11-26 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-11-26 21:31 - 2018-11-26 21:30 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-11-26 21:30 - 2018-11-26 21:30 - 000000000 ____D C:\Program Files\Java
2018-11-26 21:27 - 2018-11-26 21:28 - 074618232 _____ (Oracle Corporation) C:\Users\jmg\Downloads\jre-8u191-windows-x64(1).exe
2018-11-26 21:25 - 2018-11-26 21:26 - 074618232 _____ (Oracle Corporation) C:\Users\jmg\Downloads\jre-8u191-windows-x64.exe
2018-11-26 14:49 - 2018-11-26 14:49 - 000000219 _____ C:\Users\jmg\Desktop\holiday.txt
2018-11-19 17:52 - 2018-11-19 17:52 - 000854504 _____ C:\ProgramData\SPL82B.tmp
2018-11-19 14:48 - 2018-11-19 14:48 - 000001250 _____ C:\Users\jmg\Desktop\adwcleaner_7.2.5.0 - Shortcut.lnk
2018-11-19 14:30 - 2018-11-21 15:08 - 000000000 ____D C:\AdwCleaner
2018-11-19 14:29 - 2018-11-19 14:29 - 007326928 _____ (Malwarebytes) C:\Users\jmg\Downloads\adwcleaner_7.2.5.0.exe
2018-11-18 15:39 - 2018-11-18 15:39 - 000001012 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-11-18 15:39 - 2018-11-18 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-11-18 15:35 - 2018-11-18 15:38 - 007197480 _____ (VS Revo Group ) C:\Users\jmg\Downloads\revosetup.exe
2018-11-17 19:38 - 2018-11-17 19:38 - 000285752 _____ C:\Windows\Minidump\111718-26859-01.dmp
2018-11-17 15:04 - 2018-12-04 15:09 - 000000000 ____D C:\FRST
2018-11-17 14:58 - 2018-12-01 12:34 - 002417152 _____ (Farbar) C:\Users\jmg\Desktop\FRST64(1).exe
2018-11-16 18:41 - 2018-11-16 18:41 - 000052328 _____ () C:\Windows\system32\Drivers\staport.sys
2018-11-16 18:37 - 2018-11-16 18:37 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-14 16:53 - 2018-10-17 20:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 16:53 - 2018-10-17 20:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-14 16:53 - 2018-10-12 13:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-14 16:53 - 2018-10-12 13:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-14 16:53 - 2018-10-11 19:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 16:53 - 2018-09-23 10:24 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 15:29 - 2018-10-24 18:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 15:29 - 2018-10-24 18:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-14 15:29 - 2018-10-15 21:46 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 15:29 - 2018-10-15 21:39 - 002171800 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-11-14 15:29 - 2018-10-15 21:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 15:29 - 2018-10-15 21:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-11-14 15:29 - 2018-10-15 21:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 15:29 - 2018-10-15 21:02 - 001563584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-11-14 15:29 - 2018-10-15 21:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-14 15:29 - 2018-10-12 14:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 15:29 - 2018-10-12 14:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-14 15:29 - 2018-10-12 14:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-14 15:29 - 2018-10-12 13:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-11-14 15:29 - 2018-10-11 20:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 15:29 - 2018-10-11 20:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 15:29 - 2018-10-11 20:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 15:29 - 2018-10-11 19:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 15:29 - 2018-10-11 19:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 15:29 - 2018-10-11 19:17 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 15:29 - 2018-10-11 19:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 15:29 - 2018-10-06 12:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-14 15:29 - 2018-10-06 12:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-14 15:29 - 2018-10-06 12:04 - 001308976 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 15:29 - 2018-10-06 12:03 - 000356288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 15:29 - 2018-10-06 10:48 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 15:29 - 2018-10-06 09:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 15:29 - 2018-10-06 09:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 15:29 - 2018-10-06 09:32 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 15:29 - 2018-09-28 07:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-11-14 15:29 - 2018-09-28 07:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-11-14 15:29 - 2018-09-23 10:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 15:29 - 2018-09-23 10:45 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 15:29 - 2018-09-23 10:37 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 15:29 - 2018-09-23 10:23 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-14 15:29 - 2018-09-23 10:23 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 15:29 - 2018-09-23 10:20 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-14 15:29 - 2018-09-23 10:00 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 15:29 - 2018-09-23 10:00 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 15:29 - 2018-09-23 09:58 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 15:29 - 2018-09-23 09:56 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 15:29 - 2018-09-23 09:51 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-14 15:29 - 2018-09-23 09:50 - 000709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 15:29 - 2018-09-12 12:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-14 15:29 - 2018-09-11 09:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-14 15:29 - 2018-08-25 21:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-14 15:29 - 2018-08-25 21:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-14 15:29 - 2018-08-25 21:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-14 15:29 - 2018-08-25 21:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-14 15:29 - 2018-08-25 19:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-14 15:29 - 2018-08-25 19:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-14 15:29 - 2018-08-21 07:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 15:29 - 2018-08-21 07:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-14 15:29 - 2018-08-19 10:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-14 15:29 - 2018-08-19 09:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-14 15:28 - 2018-10-24 18:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 15:28 - 2018-10-24 18:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-14 15:28 - 2018-10-12 14:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-14 15:28 - 2018-10-12 14:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-14 15:28 - 2018-10-12 14:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-14 15:28 - 2018-10-12 14:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-14 15:28 - 2018-10-12 14:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-14 15:28 - 2018-10-12 14:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-14 15:28 - 2018-10-12 13:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-14 15:28 - 2018-10-12 13:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 15:28 - 2018-10-12 13:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-11-14 15:28 - 2018-10-12 13:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-14 15:28 - 2018-10-12 13:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 15:28 - 2018-10-11 20:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 15:28 - 2018-10-11 20:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 15:28 - 2018-10-11 19:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 15:28 - 2018-10-11 19:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 15:28 - 2018-10-11 19:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 15:28 - 2018-10-11 19:35 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-14 15:28 - 2018-10-11 19:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 15:28 - 2018-10-11 19:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 15:28 - 2018-10-11 19:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 15:28 - 2018-10-11 19:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-11-14 15:28 - 2018-10-11 18:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 15:28 - 2018-09-23 10:45 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 15:28 - 2018-09-23 10:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-14 15:28 - 2018-09-23 09:53 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 15:28 - 2018-08-19 09:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-10 08:26 - 2018-11-10 08:26 - 000157096 _____ C:\ProgramData\SPL6F9F.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-04 15:08 - 2016-11-16 11:11 - 000000000 ____D C:\Users\jmg\AppData\LocalLow\Mozilla
2018-12-04 11:07 - 2015-09-29 16:41 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{05281CB9-93D2-4AED-B231-8DB7EF02C794}
2018-12-04 11:05 - 2017-02-07 10:48 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-03 15:10 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf
2018-12-02 20:53 - 2014-11-20 22:42 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-02 19:47 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Registration
2018-12-02 19:46 - 2018-06-02 13:33 - 000000000 ____D C:\Users\jmg\AppData\Local\AVAST Software
2018-12-02 19:44 - 2015-12-12 14:01 - 000000000 __SHD C:\Users\jmg\IntelGraphicsProfiles
2018-12-02 19:44 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-02 15:21 - 2015-10-14 05:44 - 000000000 ____D C:\Users\jmg\AppData\Local\CrashDumps
2018-12-01 13:00 - 2015-09-29 15:24 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2761475689-2294761232-4051373204-1001
2018-12-01 12:48 - 2015-08-06 06:54 - 000000000 ____D C:\ProgramData\Dell
2018-12-01 12:48 - 2015-08-06 04:42 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-12-01 12:48 - 2015-08-06 04:30 - 000000000 ____D C:\ProgramData\Temp
2018-11-30 16:42 - 2018-05-17 17:40 - 000004202 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-11-29 15:03 - 2015-11-21 15:14 - 000402432 ___SH C:\Users\jmg\Desktop\Thumbs.db
2018-11-29 15:02 - 2016-11-07 14:03 - 478241120 _____ C:\Windows\MEMORY.DMP
2018-11-29 15:02 - 2016-11-07 14:03 - 000000000 ____D C:\Windows\Minidump
2018-11-29 14:59 - 2013-08-22 07:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-11-27 18:04 - 2015-09-29 17:37 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-27 18:04 - 2015-09-29 17:37 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-27 15:44 - 2013-08-22 09:20 - 000000000 ____D C:\Windows\CbsTemp
2018-11-26 21:29 - 2016-01-20 14:40 - 000000000 ____D C:\ProgramData\Oracle
2018-11-26 10:57 - 2018-01-03 09:50 - 000239840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-11-26 10:15 - 2018-03-13 17:28 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-26 10:15 - 2016-04-12 10:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-26 10:15 - 2016-01-29 18:38 - 000003126 _____ C:\Windows\System32\Tasks\{E5492E51-8779-4F6A-AB90-419C09CCAA4F}
2018-11-26 10:15 - 2015-12-28 19:46 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-26 10:15 - 2015-12-04 18:28 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-26 10:15 - 2015-09-30 08:58 - 000003174 _____ C:\Windows\System32\Tasks\Installation App Launcher
2018-11-26 10:15 - 2015-09-29 17:36 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
2018-11-26 10:15 - 2015-09-29 17:36 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2018-11-26 10:15 - 2015-08-06 04:31 - 000003204 _____ C:\Windows\System32\Tasks\CLVDLauncher
2018-11-26 10:15 - 2015-08-06 04:31 - 000003204 _____ C:\Windows\System32\Tasks\CLMLSvc_P2G8
2018-11-23 06:21 - 2018-06-02 13:36 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-21 05:23 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\rescache
2018-11-20 20:46 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-20 20:46 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-19 17:58 - 2015-09-29 16:43 - 000000000 ____D C:\ProgramData\lx_Cats
2018-11-18 15:39 - 2016-01-14 17:54 - 000000000 ____D C:\Program Files\VS Revo Group
2018-11-17 19:39 - 2016-02-12 19:48 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-11-17 19:36 - 2013-08-22 09:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-11-17 19:36 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-11-17 17:55 - 2016-11-16 10:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-17 17:55 - 2015-10-23 14:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-16 18:37 - 2017-11-09 15:07 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-11-16 18:36 - 2018-10-20 21:22 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-11-16 18:36 - 2017-02-07 10:48 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-11-16 18:36 - 2017-02-07 10:48 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-11-16 18:36 - 2017-02-07 10:48 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-11-16 18:36 - 2017-02-07 10:48 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-11-16 18:36 - 2015-09-29 17:36 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-11-16 16:57 - 2013-08-22 08:44 - 000346416 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-16 16:10 - 2015-09-30 06:25 - 000000000 ____D C:\Windows\system32\MRT
2018-11-16 16:07 - 2015-09-30 06:25 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-16 15:29 - 2018-10-22 19:50 - 000834960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-16 15:29 - 2018-10-22 19:50 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-13 11:20 - 2016-04-12 10:03 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-02-12 20:48 - 2016-09-13 13:48 - 000000270 _____ () C:\Users\jmg\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
2017-01-09 13:06 - 2017-01-09 13:06 - 000737856 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-08-06 08:17 - 2017-08-06 08:17 - 000740416 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-23 01:53 - 2017-10-23 01:53 - 001856576 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-10-19 14:44 - 2018-10-19 14:44 - 001892728 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u191-windows-au.exe
2016-04-20 05:51 - 2016-04-20 05:51 - 000739904 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-06-04 04:45 - 2015-06-04 04:45 - 000119312 _____ (McAfee, Inc.) C:\Users\jmg\AppData\Local\Temp\McCSPInstall.dll
2015-09-29 18:04 - 2015-06-04 04:45 - 000161528 _____ (McAfee Inc.) C:\Users\jmg\AppData\Local\Temp\mccspuninstall.exe
2018-06-02 13:38 - 2018-06-02 13:38 - 001553920 _____ (Opera Software) C:\Users\jmg\AppData\Local\Temp\safezone_installer _2018623855860.dll
2018-10-03 10:19 - 2018-10-03 10:19 - 013693440 _____ (PC-Doctor, Inc.) C:\Users\jmg\AppData\Local\Temp\tmp48C.tmp.exe
2018-11-02 14:39 - 2018-11-02 14:39 - 074766336 _____ (PC-Doctor, Inc.) C:\Users\jmg\AppData\Local\Temp\tmp6D34.tmp.exe
2017-03-19 19:15 - 2017-03-19 19:15 - 000049152 _____ () C:\Users\jmg\AppData\Local\Temp\unwszn5n.dll
2016-11-08 17:39 - 2016-11-08 17:39 - 002550648 _____ (Google Inc.) C:\Users\jmg\AppData\Local\Temp\{8B5A4ED1-249A-4655-9B82-E62024154B11}-54.0.2840.99_54.0.2840.71_chrome_updater.exe
2016-06-15 04:18 - 2016-06-15 04:18 - 002698328 _____ (Google Inc.) C:\Users\jmg\AppData\Local\Temp\{95A1A5D1-FB77-4C10-8A0D-74F692F1A681}-51.0.2704.103_51.0.2704.84_chrome_updater.exe
2016-09-24 23:00 - 2016-09-24 23:00 - 001246584 _____ (Google Inc.) C:\Users\jmg\AppData\Local\Temp\{F702D5C5-4D4D-4AF1-8973-1C6671A6EE29}-53.0.2785.143_53.0.2785.116_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-25 17:38

==================== End of FRST.txt ============================
Reply With Quote
  #70  
Old December 4th, 2018, 10:16 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by jmg (04-12-2018 15:11:03)
Running from C:\Users\jmg\Desktop
Windows 8.1 (Update) (X64) (2015-09-29 21:18:38)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-2761475689-2294761232-4051373204-500 - Administrator - Disabled)
Guest (S-1-5-21-2761475689-2294761232-4051373204-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2761475689-2294761232-4051373204-1003 - Limited - Enabled)
jmg (S-1-5-21-2761475689-2294761232-4051373204-1001 - Administrator - Enabled) => C:\Users\jmg

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.102 - AVAST Software)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30174 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
RogueKiller version 13.0.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.14.0 - Adlice Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.d ll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackupe d.dll [2014-12-30] (Softthinks SAS)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2013-10-29] (Qualcomm®Atheros®)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2013-10-29] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18B72D10-B92F-4E14-9E6F-449C5DCD7795} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {2408894C-2289-48AF-A528-90B62CA2F064} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {392EFF75-2CD9-4A1E-926F-E8607CAFCC39} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {41948DC2-34B7-4986-B7E9-2DE2C63A1D17} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-16] (AVAST Software)
Task: {520016B5-2CFF-4DE5-9791-A5C09E0120D0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {94CEB3A3-B184-4F3A-9A4F-77F81203A8FB} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {9B7A262F-46B3-45F5-B7D6-9AC6B10D94FA} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {A4C16320-3CD5-4AB2-8451-39ED9882D95E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {BDCFCB3C-8DC4-4E86-8D18-FFAC07A89DBB} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {C671EDF4-B0DC-43D4-9135-6F95AE2FD3B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {D7828EF7-EFA8-409B-AC66-FB083D3E0E4E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_ 0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {DC80C678-E810-4E2C-A746-C7D3FFA1E162} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
Task: {E4BD6283-3A53-44ED-BCD3-08D27741F2A7} - System32\Tasks\{E5492E51-8779-4F6A-AB90-419C09CCAA4F} => C:\Windows\system32\pcalua.exe -a C:\Users\jmg\Downloads\delUserDevMode(2).exe -d C:\Users\jmg\Downloads
Task: {E8FFAACD-10BF-406F-A0A4-0F5F9C7CD228} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {ED518A89-66E1-407E-9D6A-CBD177066322} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-11-10] (AVAST Software)
Task: {EE6D0222-9008-4D42-8F18-92D9165EB5AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {FE9EA6F5-7B5A-48B7-8DE2-0E2C973689CB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistIns taller.exe [2018-10-25] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-10 16:10 - 2009-08-13 06:06 - 000177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dl l
2015-08-06 04:33 - 2014-04-14 17:59 - 000253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-23 18:54 - 2009-07-23 18:54 - 001024512 _____ () C:\Windows\system32\lxdndrs64.dll
2009-05-14 12:47 - 2009-05-14 12:47 - 000025088 _____ () C:\Windows\system32\lxdncaps64.dll
2007-10-02 13:51 - 2007-10-02 13:51 - 000054784 _____ () C:\Windows\system32\lxdncnv464.dll
2018-10-22 17:00 - 2018-11-01 09:51 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-10-29 22:11 - 2013-10-29 22:11 - 000011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesk topDebugger.dll
2013-10-29 22:07 - 2013-10-29 22:07 - 000086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-29 22:15 - 2013-10-29 22:15 - 000012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2016-10-10 16:09 - 2010-02-04 03:05 - 000660136 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
2016-10-10 16:09 - 2010-02-04 03:05 - 000025256 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
2018-11-02 14:40 - 2018-11-02 14:40 - 002587976 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1382\libprotobuf.dll
2018-11-12 13:46 - 2018-11-12 13:46 - 000035976 _____ () C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
2016-10-10 16:09 - 2009-07-23 13:48 - 000380928 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll
2016-10-10 16:09 - 2007-05-29 01:39 - 000589824 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll
2016-10-10 16:09 - 2007-03-26 01:39 - 000073728 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll
2016-10-10 16:09 - 2009-07-23 13:49 - 000782336 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll
2016-10-10 16:09 - 2009-05-14 07:46 - 000081920 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll
2016-10-10 16:09 - 2007-10-02 08:51 - 000069632 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll
2016-10-10 16:09 - 2010-02-03 04:21 - 000028672 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll
2016-10-10 16:09 - 2010-02-03 04:21 - 000036864 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll
2016-10-10 16:09 - 2010-02-03 04:20 - 000065536 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
2016-10-10 16:09 - 2009-06-26 07:17 - 000012288 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2018-03-11 16:16 - 2018-03-11 16:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-16 18:36 - 2018-11-16 18:36 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2015-08-06 04:30 - 2014-12-08 01:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 14:28 - 2014-12-08 14:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2016-09-09 07:32 - 2016-09-09 07:32 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-03-16 10:28 - 2015-03-16 10:28 - 000155528 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2018-11-15 16:46 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2761475689-2294761232-4051373204-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C321F42F-587D-40D0-B08E-E8DC94DB8685}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{0C97D2DC-D6ED-4D59-A6BA-601DCA6F1882}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{14F844D1-9CF7-491C-951A-6849CE95CDD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAD59ADD-DBCF-437F-8C20-08174F2D988A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3120BEA0-45CE-4DC0-9A6E-B37267BBA687}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00CE9CC7-1992-4742-A52B-0D7B9FA83F6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{12EF2C3D-7A20-43F6-AFF4-AA98421B788F}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{2C10AD11-0DA2-474A-8EC7-FFAA9FD13A68}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{31BD9CD7-6832-43E6-8866-EFC48ABD9C45}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.e xe
FirewallRules: [{E7D1A961-BA14-4851-95C8-1E4AFF4B373C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.e xe
FirewallRules: [{E8924E82-D635-487B-B1DD-DB9D8EF5E8E2}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{F6B789CF-A84B-45D0-ADD5-28AEA54B52F7}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{1D415069-797C-4BE6-A731-5D571BF323DA}] => (Allow) C:\Windows\system32\lxdncoms.exe
FirewallRules: [{BA9281EB-8F2C-4AC2-ABAB-E6C67AAA2F1B}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdnpswx.e xe
FirewallRules: [{4CA9E03C-1796-41D1-88D6-C57785CDF308}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdntime.e xe
FirewallRules: [{3BA9832B-71FD-41FB-B4F8-B02B6D4C1154}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{4EBB13C4-B8A4-43FB-A4E4-2142BDCF73F9}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{55499334-3C79-4E21-9D20-2209B69DBF9E}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{A5FFEA03-C626-42B7-B127-4B8F5DCA896A}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.e xe
FirewallRules: [{E9BFFF94-0C15-4901-832E-155E125C687D}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.e xe
FirewallRules: [{2C60303D-6B34-491C-9185-829962E484EE}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{4DDE82EE-7336-4689-A8B4-981BEE8EBFF6}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{79937022-A09C-451E-83EB-267C80F86194}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{82F4C592-87E7-4D6B-83DE-0DEB3F29EF1F}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{5A014947-0258-43DD-B54B-FB7B9E057183}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{9F245D1E-5891-4307-B68C-D408C795584F}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{943FF3D9-2A9A-431D-A2A6-A2CF444351FC}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{CFA0B3A9-3F9C-4BC8-9DA6-BEDA088AF4E9}] => (Allow) C:\Windows\system32\lxdncoms.exe
FirewallRules: [{279E9EE0-6EC1-4EE7-AE24-BD5FFC4D9057}] => (Allow) C:\Windows\system32\lxdncoms.exe
FirewallRules: [{DA28B4A5-4743-48A9-A372-AC28AF1E5FD3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{958834AF-A562-4F20-A74E-5BE07D1361D9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{869F26C9-7E9A-4073-8F95-CAB776D8285B}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{65FF2BC2-0449-47A1-BB39-0319CD095C72}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{38A7333E-5938-4F54-9EE2-DB9EF24A2396}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{BE52ADE9-C91A-4727-AB8C-60A6F202BA6B}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{84F6B9FF-498A-48DE-AD64-2CF8FC7866C9}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\frun.exe
FirewallRules: [{873765BB-2019-4D1F-81B1-AA92B4405A80}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\frun.exe
FirewallRules: [{CA32CE28-96D1-432A-8B9B-1429C19E0D08}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{4170FE83-FD9F-457D-B429-D1AB486E1B7C}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{F18FC2C4-662A-437F-AEFB-05D69E33F8DB}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{490FD5F9-D132-4824-AA1E-34872D308D26}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{A3274A82-13D7-458B-8D46-BC42B3D483A3}] => (Allow) C:\Windows\system32\lxdncoms.exe
FirewallRules: [{998C2C61-3C57-4359-8E4F-056B1CE2983A}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdnpswx.e xe
FirewallRules: [{6C4D7296-2C86-4B5E-BAD3-44BA6C94A38A}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdntime.e xe
FirewallRules: [{BE5508C9-7247-4767-83B8-CF800C4C5F90}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{0DD56E58-A0D1-4556-BE2E-F2D4C8DD5661}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.e xe
FirewallRules: [{CCC25922-16D0-4C31-BB07-E26224EE589F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.e xe
FirewallRules: [{92326BC4-70C3-4B40-B176-30AF83F7602D}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdntime.e xe
FirewallRules: [{6825C261-1190-49D0-8977-7D32EC2A6716}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdntime.e xe
FirewallRules: [{9CDF7248-43BC-4485-A74C-A90894EB4D52}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.e xe
FirewallRules: [{2EE400BF-610E-4EC0-BC33-DE84F10E1A20}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.e xe
FirewallRules: [TCP Query User{9C08ADED-5D59-4CC1-A6C7-F9C92AE05231}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [UDP Query User{CA1B7590-7F6B-4D3A-B8C2-6987576F8086}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [{604FF0CE-86E3-43A3-AA35-78C96EDD6DF8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{CDB35AA5-2D4C-46CA-8863-1AD0076859A4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{00B06E76-DBD2-44B2-A6D8-6706E00BDA99}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{2C208700-059A-4C32-B10A-BC56C4AB2B5F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-11-2018 17:44:14 Removed Java 8 Update 111
17-11-2018 19:34:49 Restore Point Created by FRST
27-11-2018 15:42:56 Windows Update
29-11-2018 14:58:27 Restore Point Created by FRST
01-12-2018 12:46:15 Dell Update: Dell Update
02-12-2018 18:51:34 Revo Uninstaller's restore point - NowUSeeIt Player
02-12-2018 18:52:12 Removed NowUSeeIt Player
02-12-2018 18:56:49 Revo Uninstaller's restore point - NowUSeeIt Player
02-12-2018 18:58:35 Revo Uninstaller's restore point - RevTraxPrintMyCoupon
02-12-2018 18:59:07 Removed RevTraxPrintMyCoupon

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2018 03:11:11 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/04/2018 12:28:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/04/2018 11:04:50 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/04/2018 04:38:36 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/04/2018 04:33:50 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/03/2018 05:38:39 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/03/2018 05:06:21 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/03/2018 01:48:51 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (12/03/2018 05:21:43 PM) (Source: DCOM) (EventID: 10010) (User: office)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (12/02/2018 08:54:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).

Error: (12/02/2018 07:44:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/02/2018 07:44:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (12/02/2018 06:40:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).

Error: (12/02/2018 06:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/02/2018 06:32:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (12/02/2018 06:06:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================

Date: 2018-07-28 14:41:03.723
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:41:01.395
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:58.676
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:56.223
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:53.629
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:51.066
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:48.566
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:46.097
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU J1800 @ 2.41GHz
Percentage of memory in use: 31%
Total physical RAM: 3987.2 MB
Available physical RAM: 2729.98 MB
Total Virtual: 8083.2 MB
Available Virtual: 5600.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.37 GB) (Free:389.92 GB) NTFS

\\?\Volume{89d378f7-ec53-4a06-b80c-614176e9f68b}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.43 GB) NTFS
\\?\Volume{6943363d-35da-475f-ad64-c6c549765eb5}\ (PBR Image) (Fixed) (Total:8.01 GB) (Free:0.71 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 465.8 GB) (Disk ID: 646E9541)

Partition: GPT.

==================== End of Addition.txt ============================
Reply With Quote
  #71  
Old December 5th, 2018, 12:29 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Code:
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.102 - AVAST Software)
Did you install this process and are you using ? If you're using it, there's no problem. If you don't using it and want to remove it, the link i gave, can help you.

How to uninstall or remove Avast SafeZone Browser?
https://techdows.com/2016/02/uninsta...e-browser.html
--------------------------

Code:
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
It appears to have two separate versions installed. If you don't using paid, you can uninstall Revo Uninstaller Pro 3.1.5 version. Free version is enough.

--------------------------

Uninstall:

The Free Cash Back Shopping Assistant
ZHP
RogueKiller

And PC restart.

================================================== =====

Please do this.

How do I clear the Java cache?
Your operating system is windows 8.1
https://www.java.com/en/download/hel...ntrolpanel.xml

================================================== =====

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now check the contents of this folder. what do you see ? Which software belongs ?

C:\Windows\{E9E39016-F1A4-4947-BF49-E0DACA61F95C}

=========
Reply With Quote
  #72  
Old December 5th, 2018, 01:08 AM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
NO I did not install this Avast Secure Browser, do I need it for my avast virus to work? I can delete it if I don't need it. I do see under extensions it is disabled. I use firefox as my browser.

I uninstalled Revo Uninstaller Pro 3.1.5 and RogueKiller and
The Free Cash Back Shopping Assistant


I don't see this zhp listed in program and features or in revo uninstaller. I have looked everywhere and did searches to find out how to uninstall ZHP and I can't find out how to do it.

How do I remove it please? Where is it hiding?

I cleared Java cache

I did not do this Uncheck the Hide protected operating system files (recommended) option. -I got some warning that my computer may not work

I have no idea what to do here or what to look for-Now check the contents of this folder. what do you see ? Which software belongs ?

C:\Windows\{E9E39016-F1A4-4947-BF49-E0DACA61F95C} I put in search box and it takes me to dellupdate.msi, what am I looking for?



thanks so much.

Last edited by perplexed; December 5th, 2018 at 07:25 PM.
Reply With Quote
  #73  
Old December 5th, 2018, 07:36 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Quote:
I did not install this Avast Secure Browser, do I need it for my avast virus to work? I can delete it if I don't need it. I do see under extensions it is disabled.
You don't need any. You can uninstall this software.

Avast Secure Browser removal tool.
https://support.avast.com/en-ww/arti...Secure-Browser

================================================== ======
Quote:
I uninstalled Revo Uninstaller Pro 3.1.5 and RogueKiller and The Free Cash Back Shopping Assistant
Good.
Quote:
I cleared Java cache
very good.
Quote:
I have no idea what to do here or what to look for-Now check the contents of this folder. what do you see ? Which software belongs ?
I don't know why it's not working.
Quote:
I don't see this zhp listed in program and features or in revo uninstaller. I have looked everywhere and did searches to find out how to uninstall ZHP and I can't find out how to do it.
I'll remove it. But I am seeing the shortcut on the desktop.

===>> C:\Users\jmg\Desktop\ZHPCleaner.lnk
====================
Reply With Quote
  #74  
Old December 5th, 2018, 08:22 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
wait how can you remove it I am confused, how can you remove it? I see the ZHP icon on desktop . Do I right click and click delete? That is not uninstalling is it that is just deleting ? I found it in downloads but see no uninstall option. Thank you.

Last edited by perplexed; December 5th, 2018 at 08:37 PM.
Reply With Quote
  #75  
Old December 5th, 2018, 08:51 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Quote:
Originally Posted by perplexed View Post
wait how can you remove it I am confused, how can you remove it? I see the ZHP icon on desktop . Do I right click and click delete? That is not uninstalling is it that is just deleting ? I found it in downloads but see no uninstall option. Thank you.
You can try that:
*Right-click on the shortcut
*Click the properties in the incoming list.
*Then, open the file location click the button and delete the content.
-----------------


Did you run the Avast Secure Browser removal tool? Is it okay?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:19 AM.