Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old November 16th, 2018, 11:06 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
Unhappy malwarebytes found many trojan.Emotet.generic

I sent them to quarantine but should I delete them? It said if I delete them they will be off my computer.Which is better quarantine or deleting them?

Thank you.
Reply With Quote


  #2  
Old November 17th, 2018, 12:11 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Hi perplexed,

They can stay in quarantine.

Also,can you post a fresh FRST logfile for checked,please. ? (Frst.txt and Additional.txt)

Thank you.
Reply With Quote
  #3  
Old November 17th, 2018, 01:36 AM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
thanks may I ask how to do that step by step.
Reply With Quote
  #4  
Old November 17th, 2018, 09:08 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Quote:
Originally Posted by perplexed View Post
thanks may I ask how to do that step by step.

I am sorry.



Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.

Reply With Quote
  #5  
Old November 17th, 2018, 10:12 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
Thanks here you are.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.11.2018
Ran by jmg (administrator) on OFFICE (17-11-2018 15:05:09)
Running from C:\Users\jmg\Desktop
Loaded Profiles: jmg (Available Profiles: jmg)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCr ashHandler.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCr ashHandler64.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1382\DSAPI.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1382\pcdrwi.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI. exe
(Farbar) C:\Users\jmg\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [519256 2014-02-16] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-04] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-16] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-29] (Qualcomm®Atheros®)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A62EFFCB-5730-42F7-A9FF-4B20ADA9865F}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131185127034534805&GUID=317 5D329-290A-4058-9108-F19927BCFEB0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131185127034545114&GUID=317 5D329-290A-4058-9108-F19927BCFEB0
HKU\S-1-5-21-2761475689-2294761232-4051373204-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131185127034569122&GUID=317 5D329-290A-4058-9108-F19927BCFEB0
HKU\S-1-5-21-2761475689-2294761232-4051373204-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> DefaultScope {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-19] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-19] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522 [2018-11-17]
FF Homepage: Mozilla\Firefox\Profiles\lv6it3ka.default-1471530361522 -> hxxps://att.yahoo.com/
FF Extension: (Avast SafePrice) - C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522\Extensions\sp@avast.com.xpi [2018-06-21]
FF Extension: (Avast Online Security) - C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522\Extensions\wrc@avast.com.xpi [2018-07-24]
FF Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2018-11-08]
FF Extension: (Firefox Monitor) - C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522\features\{2fb77d14-81fe-461a-8390-12a26073a428}\fxmonitor@mozilla.org.xpi [2018-11-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_ 148.dll [2018-11-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_ 148.dll [2018-11-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1 .dll [2017-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2761475689-2294761232-4051373204-1001: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\jmg\AppData\Roaming\RevTrax\RevTraxPrintM yCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2016-01-18] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)

Chrome:
=======
CHR Profile: C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default [2018-11-01]
CHR Extension: (Docs) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2018-11-01]
CHR Extension: (Google Drive) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-08-09]
CHR Extension: (YouTube) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-03-30]
CHR Extension: (Google Search) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-09-29]
CHR Extension: (Sheets) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2018-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2018-11-01]
CHR Extension: (Avast Online Security) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2018-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2018-11-01]
CHR Extension: (Gmail) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2018-11-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-16] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-29] (Windows (R) Win 7 DDK provider) [File not signed]
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-16] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1382\DSAPI.exe [1002816 2018-11-02] (PC-Doctor, Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv. exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [38872 2018-10-25] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185072 2018-11-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-16] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-29] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-16] (Malwarebytes)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U3 McMPFSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-17 15:05 - 2018-11-17 15:05 - 000018626 _____ C:\Users\jmg\Desktop\FRST.txt
2018-11-17 15:04 - 2018-11-17 15:05 - 000000000 ____D C:\FRST
2018-11-17 14:58 - 2018-11-17 14:58 - 002416128 _____ (Farbar) C:\Users\jmg\Desktop\FRST64(1).exe
2018-11-16 18:46 - 2018-11-16 18:46 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-16 18:46 - 2018-11-16 18:46 - 000000000 ___RD C:\Users\jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\BT Devices
2018-11-16 18:41 - 2018-11-16 18:41 - 000052328 _____ () C:\Windows\system32\Drivers\staport.sys
2018-11-16 18:37 - 2018-11-16 18:37 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-14 16:53 - 2018-10-17 20:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 16:53 - 2018-10-17 20:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-14 16:53 - 2018-10-12 13:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-14 16:53 - 2018-10-12 13:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-14 16:53 - 2018-10-11 19:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 16:53 - 2018-09-23 10:24 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 15:29 - 2018-10-24 18:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 15:29 - 2018-10-24 18:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-14 15:29 - 2018-10-15 21:46 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 15:29 - 2018-10-15 21:39 - 002171800 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-11-14 15:29 - 2018-10-15 21:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 15:29 - 2018-10-15 21:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-11-14 15:29 - 2018-10-15 21:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 15:29 - 2018-10-15 21:02 - 001563584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-11-14 15:29 - 2018-10-15 21:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-14 15:29 - 2018-10-12 14:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 15:29 - 2018-10-12 14:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-14 15:29 - 2018-10-12 14:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-14 15:29 - 2018-10-12 13:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-11-14 15:29 - 2018-10-11 20:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 15:29 - 2018-10-11 20:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 15:29 - 2018-10-11 20:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 15:29 - 2018-10-11 19:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 15:29 - 2018-10-11 19:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 15:29 - 2018-10-11 19:17 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 15:29 - 2018-10-11 19:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 15:29 - 2018-10-06 12:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-14 15:29 - 2018-10-06 12:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-14 15:29 - 2018-10-06 12:04 - 001308976 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 15:29 - 2018-10-06 12:03 - 000356288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 15:29 - 2018-10-06 10:48 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 15:29 - 2018-10-06 09:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 15:29 - 2018-10-06 09:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 15:29 - 2018-10-06 09:32 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 15:29 - 2018-09-28 07:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-11-14 15:29 - 2018-09-28 07:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-11-14 15:29 - 2018-09-23 10:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 15:29 - 2018-09-23 10:45 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 15:29 - 2018-09-23 10:37 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 15:29 - 2018-09-23 10:23 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-14 15:29 - 2018-09-23 10:23 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 15:29 - 2018-09-23 10:20 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-14 15:29 - 2018-09-23 10:00 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 15:29 - 2018-09-23 10:00 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 15:29 - 2018-09-23 09:58 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 15:29 - 2018-09-23 09:56 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 15:29 - 2018-09-23 09:51 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-14 15:29 - 2018-09-23 09:50 - 000709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 15:29 - 2018-09-12 12:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-14 15:29 - 2018-09-11 09:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-14 15:29 - 2018-08-25 21:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-14 15:29 - 2018-08-25 21:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-14 15:29 - 2018-08-25 21:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-14 15:29 - 2018-08-25 21:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-14 15:29 - 2018-08-25 19:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-14 15:29 - 2018-08-25 19:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-14 15:29 - 2018-08-21 07:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 15:29 - 2018-08-21 07:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-14 15:29 - 2018-08-19 10:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-14 15:29 - 2018-08-19 09:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-14 15:28 - 2018-10-24 18:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 15:28 - 2018-10-24 18:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-14 15:28 - 2018-10-12 14:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-14 15:28 - 2018-10-12 14:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-14 15:28 - 2018-10-12 14:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-14 15:28 - 2018-10-12 14:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-14 15:28 - 2018-10-12 14:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-14 15:28 - 2018-10-12 14:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-14 15:28 - 2018-10-12 13:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-14 15:28 - 2018-10-12 13:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 15:28 - 2018-10-12 13:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-11-14 15:28 - 2018-10-12 13:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-14 15:28 - 2018-10-12 13:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 15:28 - 2018-10-11 20:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 15:28 - 2018-10-11 20:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 15:28 - 2018-10-11 19:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 15:28 - 2018-10-11 19:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 15:28 - 2018-10-11 19:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 15:28 - 2018-10-11 19:35 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-14 15:28 - 2018-10-11 19:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 15:28 - 2018-10-11 19:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 15:28 - 2018-10-11 19:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 15:28 - 2018-10-11 19:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-11-14 15:28 - 2018-10-11 18:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 15:28 - 2018-09-23 10:45 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 15:28 - 2018-09-23 10:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-14 15:28 - 2018-09-23 09:53 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 15:28 - 2018-08-19 09:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-10 08:26 - 2018-11-10 08:26 - 000157096 _____ C:\ProgramData\SPL6F9F.tmp
2018-11-02 14:38 - 2018-11-02 14:38 - 000002140 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-10-31 06:40 - 2018-10-31 06:40 - 002515861 _____ C:\Users\jmg\Downloads\2018-10-30.zip
2018-10-22 19:50 - 2018-11-02 14:48 - 000835168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-22 19:50 - 2018-11-02 14:48 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-22 17:01 - 2018-10-22 17:01 - 000000000 ____D C:\Users\jmg\AppData\Local\mbamtray
2018-10-22 17:00 - 2018-11-01 09:51 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-10-22 17:00 - 2018-10-22 17:00 - 000001845 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-22 17:00 - 2018-10-22 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-21 15:41 - 2018-10-21 15:41 - 000000000 ____D C:\Users\jmg\Documents\Bluetooth Folder
2018-10-20 21:22 - 2018-11-16 18:36 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-17 15:04 - 2016-11-16 11:11 - 000000000 ____D C:\Users\jmg\AppData\LocalLow\Mozilla
2018-11-17 13:02 - 2016-11-16 10:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-17 13:02 - 2015-10-23 14:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 12:39 - 2015-09-29 16:41 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{05281CB9-93D2-4AED-B231-8DB7EF02C794}
2018-11-16 18:53 - 2014-11-20 22:42 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-16 18:53 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf
2018-11-16 18:48 - 2018-06-02 13:33 - 000000000 ____D C:\Users\jmg\AppData\Local\AVAST Software
2018-11-16 18:46 - 2015-12-12 14:01 - 000000000 __SHD C:\Users\jmg\IntelGraphicsProfiles
2018-11-16 18:45 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-16 18:40 - 2017-02-07 10:48 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-11-16 18:37 - 2017-11-09 15:07 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-11-16 18:37 - 2015-09-29 17:36 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-11-16 18:36 - 2018-01-03 09:50 - 000185072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-11-16 18:36 - 2017-02-07 10:48 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-11-16 18:36 - 2017-02-07 10:48 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-11-16 18:36 - 2017-02-07 10:48 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-11-16 18:36 - 2017-02-07 10:48 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-11-16 18:36 - 2015-09-29 17:36 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-11-16 16:57 - 2013-08-22 08:44 - 000346416 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-16 16:10 - 2015-09-30 06:25 - 000000000 ____D C:\Windows\system32\MRT
2018-11-16 16:10 - 2013-08-22 09:20 - 000000000 ____D C:\Windows\CbsTemp
2018-11-16 16:07 - 2015-09-30 06:25 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-16 15:53 - 2015-09-29 15:24 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2761475689-2294761232-4051373204-1001
2018-11-16 15:03 - 2018-05-17 17:40 - 000004202 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-11-13 17:32 - 2018-03-13 17:28 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-13 17:32 - 2016-04-12 10:03 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-13 17:32 - 2016-01-29 18:38 - 000003126 _____ C:\Windows\System32\Tasks\{E5492E51-8779-4F6A-AB90-419C09CCAA4F}
2018-11-13 17:32 - 2015-12-28 19:46 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-13 17:32 - 2015-12-12 14:13 - 000003440 _____ C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337
2018-11-13 17:32 - 2015-12-04 18:28 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-13 17:32 - 2015-09-30 08:58 - 000003174 _____ C:\Windows\System32\Tasks\Installation App Launcher
2018-11-13 17:32 - 2015-09-29 17:36 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
2018-11-13 17:32 - 2015-09-29 17:36 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2018-11-13 17:32 - 2015-08-06 04:31 - 000003204 _____ C:\Windows\System32\Tasks\CLVDLauncher
2018-11-13 17:32 - 2015-08-06 04:31 - 000003204 _____ C:\Windows\System32\Tasks\CLMLSvc_P2G8
2018-11-13 17:17 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-13 17:17 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-13 11:20 - 2016-04-12 10:03 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-12 17:09 - 2015-09-29 17:37 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-12 17:09 - 2015-09-29 17:37 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-11 06:53 - 2015-09-29 16:43 - 000000000 ____D C:\ProgramData\lx_Cats
2018-11-10 08:32 - 2013-08-22 07:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-11-02 14:42 - 2015-08-06 04:42 - 000000000 ____D C:\ProgramData\PCDr
2018-11-02 14:38 - 2015-08-06 04:42 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-11-02 14:34 - 2017-06-25 07:40 - 000000000 ____D C:\ProgramData\SupportAssist
2018-10-31 10:55 - 2015-11-21 15:14 - 000316928 ___SH C:\Users\jmg\Desktop\Thumbs.db
2018-10-26 08:31 - 2018-06-02 13:36 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-10-23 13:53 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2016-02-12 20:48 - 2016-09-13 13:48 - 000000270 _____ () C:\Users\jmg\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
2017-01-09 13:06 - 2017-01-09 13:06 - 000737856 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-08-06 08:17 - 2017-08-06 08:17 - 000740416 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-23 01:53 - 2017-10-23 01:53 - 001856576 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-10-19 14:44 - 2018-10-19 14:44 - 001892728 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u191-windows-au.exe
2016-04-20 05:51 - 2016-04-20 05:51 - 000739904 _____ (Oracle Corporation) C:\Users\jmg\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-06-04 04:45 - 2015-06-04 04:45 - 000119312 _____ (McAfee, Inc.) C:\Users\jmg\AppData\Local\Temp\McCSPInstall.dll
2015-09-29 18:04 - 2015-06-04 04:45 - 000161528 _____ (McAfee Inc.) C:\Users\jmg\AppData\Local\Temp\mccspuninstall.exe
2018-06-02 13:38 - 2018-06-02 13:38 - 001553920 _____ (Opera Software) C:\Users\jmg\AppData\Local\Temp\safezone_installer _2018623855860.dll
2018-10-03 10:19 - 2018-10-03 10:19 - 013693440 _____ (PC-Doctor, Inc.) C:\Users\jmg\AppData\Local\Temp\tmp48C.tmp.exe
2018-11-02 14:39 - 2018-11-02 14:39 - 074766336 _____ (PC-Doctor, Inc.) C:\Users\jmg\AppData\Local\Temp\tmp6D34.tmp.exe
2017-03-19 19:15 - 2017-03-19 19:15 - 000049152 _____ () C:\Users\jmg\AppData\Local\Temp\unwszn5n.dll
2016-11-08 17:39 - 2016-11-08 17:39 - 002550648 _____ (Google Inc.) C:\Users\jmg\AppData\Local\Temp\{8B5A4ED1-249A-4655-9B82-E62024154B11}-54.0.2840.99_54.0.2840.71_chrome_updater.exe
2016-06-15 04:18 - 2016-06-15 04:18 - 002698328 _____ (Google Inc.) C:\Users\jmg\AppData\Local\Temp\{95A1A5D1-FB77-4C10-8A0D-74F692F1A681}-51.0.2704.103_51.0.2704.84_chrome_updater.exe
2016-09-24 23:00 - 2016-09-24 23:00 - 001246584 _____ (Google Inc.) C:\Users\jmg\AppData\Local\Temp\{F702D5C5-4D4D-4AF1-8973-1C6671A6EE29}-53.0.2785.143_53.0.2785.116_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-16 16:25

==================== End of FRST.txt ============================
Reply With Quote
  #6  
Old November 17th, 2018, 10:13 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by jmg (17-11-2018 15:07:02)
Running from C:\Users\jmg\Desktop
Windows 8.1 (Update) (X64) (2015-09-29 21:18:38)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-2761475689-2294761232-4051373204-500 - Administrator - Disabled)
Guest (S-1-5-21-2761475689-2294761232-4051373204-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2761475689-2294761232-4051373204-1003 - Limited - Enabled)
jmg (S-1-5-21-2761475689-2294761232-4051373204-1001 - Administrator - Enabled) => C:\Users\jmg

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.148 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 69.1.867.100 - AVAST Software)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30174 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
RevTraxPrintMyCoupon (HKLM-x32\...\{A3F9A883-1D51-4D0F-83F6-2D060A26C8E9}) (Version: 1.0.0.0 - RevTrax)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.d ll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackupe d.dll [2014-12-30] (Softthinks SAS)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2013-10-29] (Qualcomm®Atheros®)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2013-10-29] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18B72D10-B92F-4E14-9E6F-449C5DCD7795} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {2408894C-2289-48AF-A528-90B62CA2F064} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {392EFF75-2CD9-4A1E-926F-E8607CAFCC39} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {41948DC2-34B7-4986-B7E9-2DE2C63A1D17} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-16] (AVAST Software)
Task: {520016B5-2CFF-4DE5-9791-A5C09E0120D0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {94CEB3A3-B184-4F3A-9A4F-77F81203A8FB} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {9B7A262F-46B3-45F5-B7D6-9AC6B10D94FA} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-02] (AVAST Software)
Task: {A4C16320-3CD5-4AB2-8451-39ED9882D95E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2018-11-13] (Adobe Systems Incorporated)
Task: {BDCFCB3C-8DC4-4E86-8D18-FFAC07A89DBB} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {C671EDF4-B0DC-43D4-9135-6F95AE2FD3B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {D7828EF7-EFA8-409B-AC66-FB083D3E0E4E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_ 0_0_148_Plugin.exe [2018-11-13] (Adobe Systems Incorporated)
Task: {DC80C678-E810-4E2C-A746-C7D3FFA1E162} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
Task: {E4BD6283-3A53-44ED-BCD3-08D27741F2A7} - System32\Tasks\{E5492E51-8779-4F6A-AB90-419C09CCAA4F} => C:\Windows\system32\pcalua.exe -a C:\Users\jmg\Downloads\delUserDevMode(2).exe -d C:\Users\jmg\Downloads
Task: {E8FFAACD-10BF-406F-A0A4-0F5F9C7CD228} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {ECF8AE46-0D60-4C42-B9A1-46A819654C18} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2015-12-12] () <==== ATTENTION
Task: {ED518A89-66E1-407E-9D6A-CBD177066322} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-11-10] (AVAST Software)
Task: {EE6D0222-9008-4D42-8F18-92D9165EB5AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {FE9EA6F5-7B5A-48B7-8DE2-0E2C973689CB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistIns taller.exe [2018-10-25] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-10 16:10 - 2009-08-13 06:06 - 000177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dl l
2015-08-06 04:33 - 2014-04-14 17:59 - 000253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-23 18:54 - 2009-07-23 18:54 - 001024512 _____ () C:\Windows\system32\lxdndrs64.dll
2009-05-14 12:47 - 2009-05-14 12:47 - 000025088 _____ () C:\Windows\system32\lxdncaps64.dll
2007-10-02 13:51 - 2007-10-02 13:51 - 000054784 _____ () C:\Windows\system32\lxdncnv464.dll
2018-10-22 17:00 - 2018-11-01 09:51 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-10-29 22:11 - 2013-10-29 22:11 - 000011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesk topDebugger.dll
2013-10-29 22:07 - 2013-10-29 22:07 - 000086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-29 22:15 - 2013-10-29 22:15 - 000012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2016-10-10 16:09 - 2010-02-04 03:05 - 000660136 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
2016-10-10 16:09 - 2010-02-04 03:05 - 000025256 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
2018-11-02 14:40 - 2018-11-02 14:40 - 002587976 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1382\libprotobuf.dll
2016-10-10 16:09 - 2009-07-23 13:48 - 000380928 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll
2016-10-10 16:09 - 2007-05-29 01:39 - 000589824 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll
2016-10-10 16:09 - 2007-03-26 01:39 - 000073728 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll
2016-10-10 16:09 - 2009-07-23 13:49 - 000782336 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll
2016-10-10 16:09 - 2009-05-14 07:46 - 000081920 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll
2016-10-10 16:09 - 2007-10-02 08:51 - 000069632 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll
2016-10-10 16:09 - 2010-02-03 04:21 - 000028672 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll
2016-10-10 16:09 - 2010-02-03 04:21 - 000036864 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll
2016-10-10 16:09 - 2010-02-03 04:20 - 000065536 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
2016-10-10 16:09 - 2009-06-26 07:17 - 000012288 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2018-03-11 16:16 - 2018-03-11 16:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-16 18:36 - 2018-11-16 18:36 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2015-08-06 04:30 - 2014-12-08 01:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 14:28 - 2014-12-08 14:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2016-09-09 07:32 - 2016-09-09 07:32 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-03-16 10:28 - 2015-03-16 10:28 - 000155528 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 12:41 - 2018-03-27 12:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2018-11-15 16:46 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2761475689-2294761232-4051373204-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C321F42F-587D-40D0-B08E-E8DC94DB8685}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{0C97D2DC-D6ED-4D59-A6BA-601DCA6F1882}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{14F844D1-9CF7-491C-951A-6849CE95CDD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAD59ADD-DBCF-437F-8C20-08174F2D988A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3120BEA0-45CE-4DC0-9A6E-B37267BBA687}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00CE9CC7-1992-4742-A52B-0D7B9FA83F6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{12EF2C3D-7A20-43F6-AFF4-AA98421B788F}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{2C10AD11-0DA2-474A-8EC7-FFAA9FD13A68}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{31BD9CD7-6832-43E6-8866-EFC48ABD9C45}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.e xe
FirewallRules: [{E7D1A961-BA14-4851-95C8-1E4AFF4B373C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.e xe
FirewallRules: [{E8924E82-D635-487B-B1DD-DB9D8EF5E8E2}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{F6B789CF-A84B-45D0-ADD5-28AEA54B52F7}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{1D415069-797C-4BE6-A731-5D571BF323DA}] => (Allow) C:\Windows\system32\lxdncoms.exe
FirewallRules: [{BA9281EB-8F2C-4AC2-ABAB-E6C67AAA2F1B}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdnpswx.e xe
FirewallRules: [{4CA9E03C-1796-41D1-88D6-C57785CDF308}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdntime.e xe
FirewallRules: [{3BA9832B-71FD-41FB-B4F8-B02B6D4C1154}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{4EBB13C4-B8A4-43FB-A4E4-2142BDCF73F9}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{55499334-3C79-4E21-9D20-2209B69DBF9E}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{A5FFEA03-C626-42B7-B127-4B8F5DCA896A}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.e xe
FirewallRules: [{E9BFFF94-0C15-4901-832E-155E125C687D}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.e xe
FirewallRules: [{2C60303D-6B34-491C-9185-829962E484EE}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{4DDE82EE-7336-4689-A8B4-981BEE8EBFF6}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{79937022-A09C-451E-83EB-267C80F86194}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{82F4C592-87E7-4D6B-83DE-0DEB3F29EF1F}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{5A014947-0258-43DD-B54B-FB7B9E057183}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{9F245D1E-5891-4307-B68C-D408C795584F}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{943FF3D9-2A9A-431D-A2A6-A2CF444351FC}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{CFA0B3A9-3F9C-4BC8-9DA6-BEDA088AF4E9}] => (Allow) C:\Windows\system32\lxdncoms.exe
FirewallRules: [{279E9EE0-6EC1-4EE7-AE24-BD5FFC4D9057}] => (Allow) C:\Windows\system32\lxdncoms.exe
FirewallRules: [{DA28B4A5-4743-48A9-A372-AC28AF1E5FD3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{958834AF-A562-4F20-A74E-5BE07D1361D9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{869F26C9-7E9A-4073-8F95-CAB776D8285B}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{65FF2BC2-0449-47A1-BB39-0319CD095C72}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{38A7333E-5938-4F54-9EE2-DB9EF24A2396}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{BE52ADE9-C91A-4727-AB8C-60A6F202BA6B}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{84F6B9FF-498A-48DE-AD64-2CF8FC7866C9}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\frun.exe
FirewallRules: [{873765BB-2019-4D1F-81B1-AA92B4405A80}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\frun.exe
FirewallRules: [{CA32CE28-96D1-432A-8B9B-1429C19E0D08}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{4170FE83-FD9F-457D-B429-D1AB486E1B7C}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{F18FC2C4-662A-437F-AEFB-05D69E33F8DB}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{490FD5F9-D132-4824-AA1E-34872D308D26}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{A3274A82-13D7-458B-8D46-BC42B3D483A3}] => (Allow) C:\Windows\system32\lxdncoms.exe
FirewallRules: [{998C2C61-3C57-4359-8E4F-056B1CE2983A}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdnpswx.e xe
FirewallRules: [{6C4D7296-2C86-4B5E-BAD3-44BA6C94A38A}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdntime.e xe
FirewallRules: [{BE5508C9-7247-4767-83B8-CF800C4C5F90}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{0DD56E58-A0D1-4556-BE2E-F2D4C8DD5661}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.e xe
FirewallRules: [{CCC25922-16D0-4C31-BB07-E26224EE589F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.e xe
FirewallRules: [{92326BC4-70C3-4B40-B176-30AF83F7602D}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdntime.e xe
FirewallRules: [{6825C261-1190-49D0-8977-7D32EC2A6716}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdntime.e xe
FirewallRules: [{9CDF7248-43BC-4485-A74C-A90894EB4D52}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.e xe
FirewallRules: [{2EE400BF-610E-4EC0-BC33-DE84F10E1A20}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.e xe
FirewallRules: [TCP Query User{9C08ADED-5D59-4CC1-A6C7-F9C92AE05231}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [UDP Query User{CA1B7590-7F6B-4D3A-B8C2-6987576F8086}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [{489A09BF-4672-4A51-953C-33240D4B0AC7}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{45DB1784-A793-4D83-A767-3376A01150C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{604FF0CE-86E3-43A3-AA35-78C96EDD6DF8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{CDB35AA5-2D4C-46CA-8863-1AD0076859A4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

22-10-2018 19:20:11 Windows Update
16-11-2018 15:53:25 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2018 03:00:09 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/17/2018 12:46:28 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/17/2018 12:39:50 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/17/2018 06:40:33 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/17/2018 06:23:55 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/17/2018 03:55:38 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/17/2018 03:54:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DDVDataCollector.exe, version: 5.2.7.93, time stamp: 0x5bce2506
Faulting module name: DDVDataCollector.exe, version: 5.2.7.93, time stamp: 0x5bce2506
Exception code: 0xc0000409
Fault offset: 0x00000000001cd3cb
Faulting process id: 0x16f4
Faulting application start time: 0x01d47e0fa4a08c5c
Faulting application path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Faulting module path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Report Id: cafd2a7c-ea4e-11e8-831f-40b89a8d9a8a
Faulting package full name:
Faulting package-relative application ID:

Error: (11/16/2018 06:52:03 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (11/17/2018 03:54:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).

Error: (11/16/2018 06:45:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/16/2018 06:45:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (11/16/2018 04:57:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/16/2018 04:57:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (11/16/2018 04:55:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
The service has not been started.

Error: (11/16/2018 04:26:11 PM) (Source: DCOM) (EventID: 10010) (User: office)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (11/16/2018 03:58:08 PM) (Source: DCOM) (EventID: 10010) (User: office)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================

Date: 2018-07-28 14:41:03.723
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:41:01.395
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:58.676
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:56.223
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:53.629
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:51.066
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:48.566
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-07-28 14:40:46.097
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU J1800 @ 2.41GHz
Percentage of memory in use: 32%
Total physical RAM: 3987.2 MB
Available physical RAM: 2703.77 MB
Total Virtual: 6068.32 MB
Available Virtual: 3524.39 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.37 GB) (Free:397.73 GB) NTFS

\\?\Volume{89d378f7-ec53-4a06-b80c-614176e9f68b}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.43 GB) NTFS
\\?\Volume{6943363d-35da-475f-ad64-c6c549765eb5}\ (PBR Image) (Fixed) (Total:8.01 GB) (Free:0.71 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 465.8 GB) (Disk ID: 646E9541)

Partition: GPT.

==================== End of Addition.txt ============================
Reply With Quote
  #7  
Old November 18th, 2018, 12:06 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Hi perplexed,

I see you use RevoUninstaller.

Uninstall some programs

Note: Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove:

Java 8 Update 111
Java 8 Update 131
Java 8 Update 151
Coupon Printer for Windows
Bing

And restart PC.

================================================== ===

Run FRST fixlist:
Note:Run the tool (FRST) from your DeskTop based on the instructions given.Farbar Recovery Scan Tool and Fixlist file should be on the desktop.

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

Code:
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
Task: {ECF8AE46-0D60-4C42-B9A1-46A819654C18} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2015-12-12] () <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => ""=""
Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131185127034534805&GUID=317 5D329-290A-4058-9108-F19927BCFEB0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131185127034545114&GUID=317 5D329-290A-4058-9108-F19927BCFEB0
HKU\S-1-5-21-2761475689-2294761232-4051373204-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131185127034569122&GUID=317 5D329-290A-4058-9108-F19927BCFEB0
SearchScopes: HKLM -> DefaultScope {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> DefaultScope {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
FF Extension: (Firefox Monitor) - C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522\features\{2fb77d14-81fe-461a-8390-12a26073a428}\fxmonitor@mozilla.org.xpi [2018-11-14]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1 .dll [2017-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-19] (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
U3 McMPFSvc; no ImagePath
C:\ProgramData\SPL6F9F.tmp
C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337
C:\Users\jmg\AppData\Roaming\WB.CFG
C:\Users\jmg\AppData\Local\Temp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-19] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF ProfilePath: C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522 [2018-11-17]
FF Homepage: Mozilla\Firefox\Profiles\lv6it3ka.default-1471530361522 -> hxxps://att.yahoo.com/
Folder: C:\Windows\System32\Tasks\{E5492E51-8779-4F6A-AB90-419C09CCAA4F}
CMD: ipconfig /flushdns
 EmptyTemp:
NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press theFix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

-----------------------------------------------------------------------------------

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
Important:
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
-------------------------------------------------------------------------

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
Reply With Quote
  #8  
Old November 18th, 2018, 12:40 AM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
Are you sure I can do this it looks complicated. I will take it step by step thanks

I don't even know what RevoUninstaller is or how to use it but I will do manually .

okay did not see bing to uninstall and when I tried to remove coupon printer got a avast warning so I tried again and it said something like may have already been removed . Do I want to delete from list and I said yes.

Last edited by perplexed; November 18th, 2018 at 12:52 AM.
Reply With Quote
  #9  
Old November 18th, 2018, 01:04 AM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
I am lost sorry, how do I do this I see a tool. I see Frst 64 (1) it says recovery scan tool is that right?

I hope this is right, I am unsure I did this correctly. I hope I did and thank you for your patience.I have not done adwcleaner yet . I will wait to hear from you.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by jmg (17-11-2018 19:34:41) Run:1
Running from C:\Users\jmg\Desktop
Loaded Profiles: jmg (Available Profiles: jmg)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
Task: {ECF8AE46-0D60-4C42-B9A1-46A819654C18} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2015-12-12] () <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => ""=""
Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131185127034534805&GUID=317 5D329-290A-4058-9108-F19927BCFEB0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131185127034545114&GUID=317 5D329-290A-4058-9108-F19927BCFEB0
HKU\S-1-5-21-2761475689-2294761232-4051373204-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131185127034569122&GUID=317 5D329-290A-4058-9108-F19927BCFEB0
SearchScopes: HKLM -> DefaultScope {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> DefaultScope {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2761475689-2294761232-4051373204-1001 -> {52CFC1EE-ABE9-46C9-8A61-D82BF096965A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
FF Extension: (Firefox Monitor) - C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522\features\{2fb77d14-81fe-461a-8390-12a26073a428}\fxmonitor@mozilla.org.xpi [2018-11-14]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1 .dll [2017-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-19] (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
U3 McMPFSvc; no ImagePath
C:\ProgramData\SPL6F9F.tmp
C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337
C:\Users\jmg\AppData\Roaming\WB.CFG
C:\Users\jmg\AppData\Local\Temp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-19] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF ProfilePath: C:\Users\jmg\AppData\Roaming\Mozilla\Firefox\Profi les\lv6it3ka.default-1471530361522 [2018-11-17]
FF Homepage: Mozilla\Firefox\Profiles\lv6it3ka.default-1471530361522 -> hxxps://att.yahoo.com/
Folder: C:\Windows\System32\Tasks\{E5492E51-8779-4F6A-AB90-419C09CCAA4F}
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECF8AE 46-0D60-4C42-B9A1-46A819654C18}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECF8AE 46-0D60-4C42-B9A1-46A819654C18}" => removed successfully
C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstal lDDS-C960901F-CE14-4DE1-9729-1305F719A337" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2761475689-2294761232-4051373204-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52CFC1EE-ABE9-46C9-8A61-D82BF096965A} => removed successfully
HKLM\Software\Classes\CLSID\{52CFC1EE-ABE9-46C9-8A61-D82BF096965A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully



Sorry I am trying to do this correctly. What do i do with the fixlist.txt that I copied and saved from above? Thanks


Do I post a copy of log AdwCleaner.exe when I first do it? I see you request it after my second scan? How willl I know if I have false positives? What am I looking for?
Also I have malwarebytes already on my computer.

Last edited by perplexed; November 18th, 2018 at 01:35 PM.
Reply With Quote
  #10  
Old November 18th, 2018, 08:16 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
The operation with Farbar fixlist is successful. No problem.
---------------------------------------------------------------
Quote:
I don't even know what RevoUninstaller is or how to use it but I will do manually .
Please try to run;

Programs to remove with RevoUninstaller

Java 8 Update 111
Java 8 Update 131
Java 8 Update 151
Coupon Printer for Windows
Bing

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
---------------------------------------------------------------
Quote:
Do I post a copy of log AdwCleaner.exe when I first do it? I see you request it after my second scan? How willl I know if I have false positives? What am I looking for?
If there hesitate any line,do not delete or you can delete they. Please send both reports.

Quote:
Also I have malwarebytes already on my computer.
Just update.Make the settings I recommend and scan the system. If you have malware found, mark them and delete.
Reply With Quote
  #11  
Old November 18th, 2018, 09:35 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
Thanks I found RevoUninstaller in program files and when I clicked on it I was asked to purchase a license. I even did a search nothing came up.Where else could it be on my computer'

Forgot to mention I did remove manually
Java 8 Update 111
Java 8 Update 131
Java 8 Update 151

I did not see the other 2 mentioned. thanks so much.

Last edited by perplexed; November 18th, 2018 at 09:52 PM.
Reply With Quote
  #12  
Old November 18th, 2018, 10:17 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
That you use is Revo Uninstaller Pro 3.1.5 software. If you do not have a license, you can use the Free version.


https://www.revouninstaller.com/revo..._download.html
Reply With Quote
  #13  
Old November 18th, 2018, 10:49 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
Thanks I did download and ran the uninstaller and none of these were listed I looked twice. What could be the problem? I know I deleted the 3 Java's never saw the other 2.
Java 8 Update 111-I uninstalled all 3
Java 8 Update 131
Java 8 Update 151

was not in list
Coupon Printer for Windows
Bing


I see two downloads for the adware cleaner which do I choose please ?

Last edited by perplexed; November 18th, 2018 at 10:51 PM.
Reply With Quote
  #14  
Old November 18th, 2018, 10:58 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
No problem. Please send other logs.
Reply With Quote
  #15  
Old November 18th, 2018, 11:27 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,347
thanks there are two downloads for adware don't see one by explode. I see one by bleeping computer and other has no name. I thank you.

Last edited by perplexed; November 19th, 2018 at 12:00 AM.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 11:20 PM.