Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Degraded performance, slow switching between programs, internet browsing

This is a discussion on Degraded performance, slow switching between programs, internet browsing within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, thank you in advance for your help. As stated in the title, I am having significant performance issues. I


 
 
Thread Tools Search this Thread
Old 07-02-2017, 04:51 PM   #1
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



Hello, thank you in advance for your help. As stated in the title, I am having significant performance issues. I am not sure if it is malware/virus, or something similar, or if it is, at least in part, the age of the machine.

My laptop is more than 4 years old and is running Windows 10. It seems to me that performance has been worse since upgrade to Windows 10 months ago.

In any event, your help and direction is greatly appreciated.

Here is the information requested to start the process.

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.131.2
Run by Dell Inspiron at 19:19:26 on 2017-07-02
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8049.1154 [GMT -4:00]
.
AV: Avira Antivirus *Enabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Enabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\EscSvc64.exe
C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\SysWow64\perfhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\WINDOWS\system32\TieringEngineService.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Avira\Antivirus\avscan.exe
C:\Program Files (x86)\Avira\Antivirus\avscan.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Like: {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
BHO: Simple: {886bf106-6ebf-4ef4-8676-6663caabbda4} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [EPLTarget\P0000000000000002] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIJHE.EXE /EPT "EPLTarget\P0000000000000002" /M "WF-3540 Series"
uRunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://www.facebook.com/n/?email%2F...INHpzFCLtwiMMx
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
mRun: [Avira System Speedup User Starter] "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{839a14cb-e4fa-4c2b-9890-97338570ccca} : DHCPNameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{c49f85b0-4b0d-42a0-bce6-d03c89396128} : DHCPNameServer = 64.233.217.2 64.233.217.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
x64-TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.com┬*-┬*This website is for sale!┬*-┬*spywareinfo Resources and Information.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\7gzxff73.default-1488972710950\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avdevprot;avdevprot;C:\WINDOWS\System32\drivers\avdevprot.sys [2017-6-13 60920]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.sys [2016-5-30 44488]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgntflt.sys [2016-5-30 167504]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avnetflt.sys [2016-5-30 88488]
R3 AMPPAL;Intel« Centrino« Wireless Bluetooth« + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2012-9-13 162344]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2016-9-30 168448]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-5-10 249856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-06-29 00:23:13 -------- d-----w- C:\ProgramData\McAfee Security Scan
2017-06-25 22:20:19 -------- d-s---w- C:\WINDOWS\UpdateAssistantV2
2017-06-14 14:39:59 691200 ----a-w- C:\WINDOWS\System32\ieproxy.dll
2017-06-13 14:39:52 60920 ----a-w- C:\WINDOWS\System32\drivers\avdevprot.sys
2017-06-04 03:38:58 17404160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2017-06-03 22:16:59 71112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\IA2Marshal.dll
.
==================== Find3M ====================
.
2017-06-13 14:32:52 38048 ----a-w- C:\WINDOWS\System32\drivers\avusbflt.sys
2017-06-13 14:32:52 167504 ----a-w- C:\WINDOWS\System32\drivers\avgntflt.sys
2017-06-03 10:50:15 192856 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 10:16:14 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2017-06-03 10:14:28 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-03 10:14:27 629088 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-06-03 10:14:27 1564512 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-06-03 10:14:27 1214816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-06-03 10:14:26 96608 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-06-03 10:14:26 544096 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-06-03 10:14:26 334176 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-06-03 10:14:26 233824 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-06-03 10:14:26 136032 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-06-03 10:14:25 136024 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2017-06-03 10:14:23 335712 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-06-03 10:14:20 34648 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-06-03 10:11:29 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-06-03 10:11:25 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 10:09:08 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-06-03 10:08:10 7783256 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-03 1040 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 10:01:49 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-03 09:59:51 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-03 09:59:40 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-06-03 09:59:25 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-03 09:58:13 340832 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-06-03 09:55:19 780640 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-03 09:54:24 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2017-06-03 09:53:07 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-06-03 09:52:57 1021784 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-06-03 09:51:09 2187104 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 09:51:02 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-06-03 09:50:35 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-03 09:50:15 381792 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-06-03 09:49:28 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-03 09:49:27 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-06-03 09:48:48 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-06-03 09:48:44 1112416 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2017-06-03 09:48:39 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-06-03 09:48:28 857952 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-06-03 09:48:26 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-06-03 09:44:54 1412640 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-06-03 09:44:50 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 09:44:34 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-03 09:40:36 1566552 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-06-03 09:40:33 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-03 09:39:35 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-06-03 09:39:09 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-06-03 09:39:04 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-06-03 09:33:14 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-06-03 09:32:12 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-06-03 09:31:50 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-06-03 09:28:56 232448 ----a-w- C:\WINDOWS\SysWow64\edputil.dll
2017-06-03 09:28:32 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-06-03 09:26:16 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:26:00 100352 ----a-w- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
2017-06-03 09:23:57 306688 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-06-03 09:22:56 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- C:\WINDOWS\SysWow64\tcpipcfg.dll
2017-06-03 09:22:36 327168 ----a-w- C:\WINDOWS\SysWow64\netcorehc.dll
2017-06-03 09:22:29 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-03 09:20:21 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2017-06-03 09:19:49 1164288 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2017-06-03 09:18:28 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-06-03 09:16:30 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-06-03 09:16:27 709120 ----a-w- C:\WINDOWS\SysWow64\CPFilters.dll
2017-06-03 09:16:24 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-06-03 09:15:41 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-06-03 09:15:38 53248 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2017-06-03 09:15:21 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-06-03 09:15:20 41472 ----a-w- C:\WINDOWS\System32\drivers\BasicRender.sys
2017-06-03 09:14:44 124416 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2017-06-03 09:14:35 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
2017-06-03 09:14:18 98304 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2017-06-03 09:14:01 238592 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2017-06-03 09:12:49 27136 ----a-w- C:\WINDOWS\SysWow64\fdProxy.dll
2017-06-03 09:12:28 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2017-06-03 09:11:56 353792 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2017-06-03 09:10:54 117760 ----a-w- C:\WINDOWS\System32\AuthBrokerUI.dll
2017-06-03 09:10:51 252928 ----a-w- C:\WINDOWS\System32\edputil.dll
2017-06-03 09:10:19 261120 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2017-06-03 09:10:06 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2017-06-03 09:09:57 489472 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2017-06-03 09:09:50 337408 ----a-w- C:\WINDOWS\System32\NetworkBindingEngineMigPlugin.dll
2017-06-03 09:09:13 441344 ----a-w- C:\WINDOWS\System32\netcorehc.dll
2017-06-03 09:08:28 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-06-03 09:08:25 1221120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2017-06-03 09:08:24 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:08:23 2643968 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-06-03 09:07:55 552960 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2017-06-03 09:07:32 456192 ----a-w- C:\WINDOWS\System32\puiobj.dll
2017-06-03 09:07:14 255488 ----a-w- C:\WINDOWS\System32\HNetCfgClient.dll
2017-06-03 0911 198144 ----a-w- C:\WINDOWS\System32\dpapisrv.dll
2017-06-03 0906 3664384 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-06-03 09:05:25 295424 ----a-w- C:\WINDOWS\SysWow64\hnetcfg.dll
2017-06-03 09:05:10 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
.
============= FINISH: 19:45:28.55 ===============
Attached Files
File Type: txt attach.txt (9.7 KB, 8 views)
JoshandDad is offline  
Sponsored Links
Advertisement
 
Old 07-04-2017, 09:40 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing anything in your logs. Your problems may be beyond malware.

I don't see a System Restore section in your log.

Is System Restore enabled? Can you enable it?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-08-2017, 04:27 AM   #3
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



Thanks for your help. For some reason, this post is not showing up in my account, and I did not receive notification of your response, even though I subscribed to the thread. Hence, the delay. I have unsubscribed and resubscribed to the thread, with notification. Hopefully, that will "take".

Thinking that somehow this post was not visible, not posted, or something, I re-posted this thread this morning, 07/08/17. Please mark that thread as Resolved to avoid duplication of efforts. I apologize for that.

As for System Restore, when I went to check, it is showing as turned on for drive C. A successful System Restore was created on 07/05/17, so I think that is OK.

Since my original post, my AV program detected and successfully removed a virus threat. As a result, performance improved significantly, but is still slower than I would expect. Let's continue with this process.

Finally, here are the logs requested:

AdwCleaner:

# AdwCleaner v6.047 - Logfile created 08/07/2017 at 06:53:18
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-07.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Dell Inspiron - DELL_I17
# Running from : C:\Users\Dell Inspiron\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: DrvAgent64


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mallpejgeafdahhflmliiahjdpgbegpk
[-] Folder deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp
[-] Folder deleted: C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp
[-] Folder deleted: C:\Users\the6o_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysWOW64\drivers\DRVAGENT64.SYS
[-] File deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal
[-] File deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipmkfpcnmccejididiaagpgchgjfajgp_0.localstorage
[-] File deleted: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipmkfpcnmccejididiaagpgchgjfajgp_0.localstorage-journal
[-] File deleted: C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipmkfpcnmccejididiaagpgchgjfajgp_0.localstorage
[-] File deleted: C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipmkfpcnmccejididiaagpgchgjfajgp_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp


***** [ Web browsers ] *****

[-] [C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ipmkfpcnmccejididiaagpgchgjfajgp
[-] [C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.yahoo.com
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearchdial.com_
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: start.mysearchdial.com
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearchdial.com
[-] [C:\Users\gamin_000\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ipmkfpcnmccejididiaagpgchgjfajgp
[-] [C:\Users\the6o_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\the6o_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\the6o_000\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ipmkfpcnmccejididiaagpgchgjfajgp


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [22999 Bytes] - [19/09/2016 16:25:44]
C:\AdwCleaner\AdwCleaner[C2].txt - [4058 Bytes] - [08/07/2017 06:53:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [19556 Bytes] - [19/09/2016 16:08:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [4509 Bytes] - [08/07/2017 06:49:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4278 Bytes] ##########

Farbar:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Dell Inspiron (administrator) on DELL_I17 (08-07-2017 07:09:37)
Running from C:\Users\Dell Inspiron\Downloads
Loaded Profiles: Dell Inspiron (Available Profiles: Dell Inspiron & gamin_000 & the6o_000)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(Microsoft Corporation) C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\TieringEngineService.exe
Failed to access process -> McTkSchedulerService.exe
(Microsoft Corporation) C:\WINDOWS\System32\WerFault.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(Intel Corporation) C:\WINDOWS\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATIJHE.EXE
(Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATIMDE.EXE
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbengine.exe
(Microsoft Corporation) C:\WINDOWS\System32\vds.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\SrTasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [717688 2015-11-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [*zejcdfmh<*>] => "C:\Users\Dell Inspiron\AppData\Local\c93d\b5e8.cda22" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\MountPoints2: {fd26286e-4b79-11e7-bf62-5cf9dd5bada2} - "E:\windows\AutoRun.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-06-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.584\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\gamin_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.6.lnk [2013-06-14]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel« Corporation)
Startup: C:\Users\the6o_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.6.lnk [2013-06-14]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel« Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.233.217.2 64.233.217.3
Tcpip\..\Interfaces\{839a14cb-e4fa-4c2b-9890-97338570ccca}: [DhcpNameServer] 64.233.217.2 64.233.217.3
Tcpip\..\Interfaces\{c49f85b0-4b0d-42a0-bce6-d03c89396128}: [DhcpNameServer] 64.233.217.2 64.233.217.3

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKU\S-1-5-21-4145260611-1649676698-564753963-1001 -> DefaultScope {FF47A76A-350C-44DF-AC75-5C1D0FB27176} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4145260611-1649676698-564753963-1001 -> {FF47A76A-350C-44DF-AC75-5C1D0FB27176} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-31] (Oracle Corporation)
BHO-x32: Simple -> {886bf106-6ebf-4ef4-8676-6663caabbda4} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-31] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab

FireFox:
========
FF ProfilePath: C:\Users\Dell Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\7gzxff73.default-1488972710950 [2017-07-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-10-16] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.cbssports.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default [2017-07-08]
CHR Extension: (Google Docs) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18]
CHR Extension: (YouTube) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-18]
CHR Extension: (Google Search) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-26]
CHR Extension: (Pinterest Save Button) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dell Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [335088 2017-06-23] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG)
R2 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-25] ()
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-05-09] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.584\McCHSvc.exe [404368 2017-06-23] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
S2 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-23] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2015-04-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) [File not signed]
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.) [File not signed]
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-10-05] (GFI Software)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-12] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-13] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-08 07:09 - 2017-07-08 07:13 - 00027317 _____ C:\Users\Dell Inspiron\Downloads\FRST.txt
2017-07-08 07:08 - 2017-07-08 07:09 - 02437120 _____ (Farbar) C:\Users\Dell Inspiron\Downloads\FRST64.exe
2017-07-08 06:43 - 2017-07-08 06:44 - 04110280 _____ C:\Users\Dell Inspiron\Downloads\AdwCleaner.exe
2017-07-06 05:11 - 2017-07-06 05:11 - 00190234 _____ C:\Users\Dell Inspiron\Downloads\statement.pdf
2017-07-04 23:09 - 2017-07-05 04:00 - 00000000 ____D C:\Users\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013
2017-07-03 21:58 - 2017-07-03 22:11 - 00000000 ____D C:\Users\Dell Inspiron\Documents\2017
2017-07-03 17:54 - 2017-07-03 17:54 - 00291180 _____ C:\Users\Dell Inspiron\Downloads\EligibilityResultsNotice.pdf
2017-07-02 19:46 - 2017-07-02 19:46 - 00009900 _____ C:\Users\Dell Inspiron\Desktop\attach.txt
2017-07-02 19:46 - 2017-07-02 19:45 - 00025628 _____ C:\Users\Dell Inspiron\Desktop\dds.txt
2017-07-02 19:17 - 2017-07-02 19:18 - 00688992 ____R (Swearware) C:\Users\Dell Inspiron\Downloads\dds (2).scr
2017-06-28 20:23 - 2017-06-28 20:23 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-06-28 20:23 - 2017-06-28 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-06-28 20:23 - 2017-06-28 20:23 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-06-25 18:20 - 2017-06-25 18:23 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-22 18:08 - 2017-06-22 18:08 - 00001205 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-06-20 20:25 - 2017-07-08 07:04 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-14 10:40 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 10:40 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 10:40 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 10:40 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 10:40 - 2017-06-03 06:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 10:40 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 10:40 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 10:40 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 10:40 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 10:40 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 10:40 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 10:40 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 10:40 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 10:40 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 10:40 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 10:40 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 10:40 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 10:40 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 10:40 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 10:40 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 10:40 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 10:40 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 10:40 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 10:40 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 10:40 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 10:40 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 10:40 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 10:40 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 10:40 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 10:40 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 10:40 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 10:40 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 10:40 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 10:40 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 10:40 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 10:40 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 10:40 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 10:40 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 10:40 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 10:40 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 10:40 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 10:40 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 10:40 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 10:40 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 10:40 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 10:40 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 10:40 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 10:40 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 10:40 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 10:40 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 10:40 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 10:40 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 10:40 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 10:40 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 10:40 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 10:40 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 10:40 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 10:40 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 10:40 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 10:40 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 10:40 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 10:40 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 10:40 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 10:40 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 10:40 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 10:40 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 10:40 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 10:40 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 10:40 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 10:40 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 10:40 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 10:40 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 10:40 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 10:40 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 10:40 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 10:40 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 10:39 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 10:39 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 10:39 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 10:39 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 10:39 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 10:39 - 2017-06-03 06:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 10:39 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 10:39 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 10:39 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 10:39 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 10:39 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 10:39 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 10:39 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 10:39 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 10:39 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 10:39 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 10:39 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 10:39 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 10:39 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 10:39 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 10:39 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 10:39 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 10:39 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 10:39 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 10:39 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 10:39 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 10:39 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 10:39 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 10:39 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 10:39 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 10:39 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 10:39 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 10:39 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 10:39 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 10:39 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 10:39 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 10:39 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 10:39 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 10:39 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 10:39 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 10:39 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 10:39 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 10:39 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 10:39 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 10:39 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 10:39 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 10:39 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 10:39 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 10:39 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 10:39 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 10:39 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 10:39 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 10:39 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 10:39 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 10:39 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 10:39 - 2017-06-03 02:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-13 10:54 - 2017-06-13 10:57 - 00422308 _____ C:\WINDOWS\Minidump\061317-36296-01.dmp
2017-06-13 10:39 - 2017-06-13 10:32 - 00060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-06-08 08:09 - 2017-06-08 08:09 - 00001216 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-08 07:09 - 2014-12-30 02:32 - 00000000 ____D C:\FRST
2017-07-08 07:03 - 2014-08-22 12:00 - 00000000 ____D C:\Users\Dell Inspiron\AppData\Roaming\Skype
2017-07-08 07:00 - 2016-05-21 00:25 - 03054272 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-08 06:56 - 2016-05-21 00:56 - 00000000 __SHD C:\Users\Dell Inspiron\IntelGraphicsProfiles
2017-07-08 06:55 - 2016-09-30 05:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-08 06:54 - 2016-07-16 02:04 - 02621440 _____ C:\WINDOWS\system32\config\BBI
2017-07-08 06:53 - 2016-09-19 16:02 - 00000000 ____D C:\AdwCleaner
2017-07-08 06:49 - 2015-07-26 15:38 - 00000000 ____D C:\Users\Dell Inspiron\Desktop\Quicken Backups
2017-07-08 06:04 - 2016-09-30 04:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-08 00:29 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-07-07 17:16 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-07 06:32 - 2017-05-11 23:29 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-07 06:32 - 2017-05-11 23:29 - 00000000 ____D C:\Program Files\UNP
2017-07-06 12:21 - 2016-08-12 22:34 - 00001113 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-07-06 12:21 - 2016-05-30 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-06 12:20 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-06 06:16 - 2016-09-30 04:49 - 00000000 ____D C:\Users\Dell Inspiron
2017-07-06 05:05 - 2014-08-25 16:16 - 00000000 ____D C:\Users\Dell Inspiron\AppData\Local\Adobe
2017-07-06 02:12 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-04 22:19 - 2016-06-26 16:44 - 00000000 ____D C:\Program Files\TrueKey
2017-07-04 21:57 - 2016-06-26 16:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-07-01 04:18 - 2013-06-20 16:55 - 00000000 ____D C:\Users\Dell Inspiron\Documents\Turbo Lister Backup
2017-06-28 20:23 - 2017-05-19 20:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-06-27 15:50 - 2016-08-23 17:10 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-27 15:50 - 2013-06-17 18:41 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 22:35 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-25 21:38 - 2016-02-13 09:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-25 21:38 - 2014-01-19 04:00 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-25 18:31 - 2016-09-30 04:39 - 00344176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-25 18:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-25 18:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-25 18:21 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-24 00:40 - 2017-01-31 19:07 - 00000000 ____D C:\Users\Dell Inspiron\AppData\Local\188662
2017-06-20 20:25 - 2017-05-03 07:41 - 00003770 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2017-06-19 18:58 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-18 20:01 - 2016-09-30 04:49 - 00000000 ____D C:\Users\the6o_000
2017-06-18 20:01 - 2016-09-30 04:49 - 00000000 ____D C:\Users\gamin_000
2017-06-18 19:37 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-18 19:21 - 2013-06-15 00:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-18 19:21 - 2013-06-15 00:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-17 20:28 - 2017-05-19 20:04 - 00004602 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-17 20:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 20:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-14 11:24 - 2013-08-15 08:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 11:16 - 2013-06-14 22:30 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 11:15 - 2013-06-15 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 20:47 - 2015-06-11 21:35 - 00000000 ____D C:\Users\gamin_000\AppData\Local\Game Dev Tycoon - Steam
2017-06-13 19:53 - 2014-07-18 21:43 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-13 19:47 - 2015-04-07 19:19 - 00000000 ____D C:\Users\gamin_000\AppData\Roaming\Spotify
2017-06-13 19:09 - 2015-04-07 19:21 - 00000000 ____D C:\Users\gamin_000\AppData\Local\Spotify
2017-06-13 18:45 - 2016-06-07 18:15 - 00002413 _____ C:\Users\gamin_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-13 18:45 - 2014-01-21 20:04 - 00000000 __RDO C:\Users\gamin_000\SkyDrive
2017-06-13 18:34 - 2016-06-07 18:09 - 00000000 __SHD C:\Users\gamin_000\IntelGraphicsProfiles
2017-06-13 15:19 - 2016-12-09 17:33 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-13 15:19 - 2016-05-21 01:04 - 00002425 _____ C:\Users\Dell Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-13 15:19 - 2016-05-21 01:04 - 00000000 ___RD C:\Users\Dell Inspiron\OneDrive
2017-06-13 10:54 - 2017-06-02 21:59 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-13 10:54 - 2013-11-20 01:32 - 883853689 _____ C:\WINDOWS\MEMORY.DMP
2017-06-13 10:32 - 2016-10-06 14:32 - 00038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-06-13 10:32 - 2016-05-30 19:18 - 00167504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-06-13 10:32 - 2016-05-30 19:18 - 00164824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-06-12 18:55 - 2017-05-30 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-12 18:55 - 2017-05-30 06:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-12 18:55 - 2017-05-30 06:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-06-12 18:55 - 2016-09-30 04:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-12 18:55 - 2016-09-30 04:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-12 18:55 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-06-12 18:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-12 18:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-12 18:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-12 18:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-06-12 18:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Resources
2017-06-12 18:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-12 18:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\InputMethod
2017-06-12 18:55 - 2016-05-30 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-06-12 18:55 - 2016-05-04 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2016
2017-06-12 18:55 - 2016-03-13 13:56 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2017-06-12 18:55 - 2016-03-13 13:56 - 00000000 ____D C:\WINDOWS\system32\NV
2017-06-12 18:55 - 2016-02-13 09:03 - 00000000 ____D C:\WINDOWS\ShellNew
2017-06-12 18:55 - 2015-09-24 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-06-12 18:55 - 2015-01-19 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-06-12 18:55 - 2015-01-02 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-12 18:55 - 2014-12-06 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2017-06-12 18:55 - 2014-08-30 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
2017-06-12 18:55 - 2014-07-18 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-12 18:55 - 2014-07-15 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\theHunter
2017-06-12 18:55 - 2014-07-08 04:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-06-12 18:55 - 2014-06-05 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeHarborGames
2017-06-12 18:55 - 2014-01-17 18:25 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-06-12 18:55 - 2013-12-28 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
2017-06-12 18:55 - 2013-11-15 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2017-06-12 18:55 - 2013-10-20 00:23 - 00000000 ____D C:\WINDOWS\SysWOW64\css
2017-06-12 18:55 - 2013-09-19 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-12 18:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-06-12 18:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-06-12 18:55 - 2013-07-06 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2017-06-12 18:55 - 2013-07-06 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2017-06-12 18:55 - 2013-07-02 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-06-12 18:55 - 2013-06-22 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-06-12 18:55 - 2013-06-21 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\photofiltre
2017-06-12 18:55 - 2013-06-15 00:10 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-12 18:55 - 2013-06-14 23:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-06-12 18:55 - 2013-06-14 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
2017-06-12 18:54 - 2017-04-05 12:44 - 00000000 ____D C:\Users\Dell Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-12 18:54 - 2016-09-30 07:59 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-12 18:54 - 2016-09-30 04:44 - 00000000 ____D C:\Program Files\Intel
2017-06-12 18:54 - 2016-09-30 04:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-12 18:54 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-12 18:54 - 2014-11-08 09:34 - 00000000 ____D C:\Users\gamin_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJ
2017-06-12 18:54 - 2014-09-21 19:08 - 00000000 ____D C:\Users\gamin_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-12 18:54 - 2014-04-06 20:20 - 00000000 ____D C:\Users\gamin_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2017-06-12 18:54 - 2014-02-07 04:49 - 00000000 ____D C:\Users\Dell Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-06-12 18:54 - 2014-01-17 17:40 - 00000000 ____D C:\Users\Dell Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2017-06-12 18:54 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-12 15:11 - 2016-06-26 16:53 - 00001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-06-12 15:11 - 2016-06-26 16:53 - 00001228 _____ C:\Users\Public\Desktop\True Key.lnk
2017-06-12 15:06 - 2017-03-18 23:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-06-12 15:05 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-11 23:09 - 2016-09-30 08:38 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-11 22:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration
2017-06-11 22:55 - 2016-09-30 05:28 - 00022863 _____ C:\WINDOWS\diagwrn.xml
2017-06-11 22:55 - 2016-09-30 05:28 - 00022863 _____ C:\WINDOWS\diagerr.xml
2017-06-11 19:42 - 2013-08-28 14:19 - 00000000 ____D C:\Users\Dell Inspiron\Documents\Job Search
2017-06-11 16:06 - 2014-06-05 14:24 - 00000000 ____D C:\Program Files (x86)\SafeHarborGames

==================== Files in the root of some directories =======

2013-07-30 01:33 - 2013-11-20 00:38 - 0003708 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2017-02-16 16:30 - 2017-02-16 15:07 - 0012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2013-11-11 21:37 - 2013-11-20 23:44 - 0264488 _____ () C:\Users\Dell Inspiron\AppData\Roaming\h
2013-12-19 01:20 - 2015-01-07 22:46 - 0000055 _____ () C:\Users\Dell Inspiron\AppData\Roaming\WB.CFG
2013-07-02 22:29 - 2013-07-02 22:29 - 0000005 _____ () C:\Users\Dell Inspiron\AppData\Roaming\WBPU-TTL.DAT
2014-07-24 12:54 - 2014-07-24 12:54 - 0004096 ____H () C:\Users\Dell Inspiron\AppData\Local\keyfile3.drm

Some files in TEMP:
====================
2016-09-30 08:25 - 2016-09-30 08:25 - 0000000 ____D () C:\Users\Dell Inspiron\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-07 08:56

==================== End of FRST.txt ============================

Thanks for everything. Let me know how to proceed.
Attached Files
File Type: txt Addition.txt (78.0 KB, 10 views)
JoshandDad is offline  
Sponsored Links
Advertisement
 
Old 07-08-2017, 07:38 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello JoshandDad. You're very welcome!

I see no other post by you on this forum.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
    ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
    ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    Task: {19F0DAE6-A3C4-46A4-8E79-BC4B2A3CC35A} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\4 => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [2012-02-28] (SEIKO EPSON CORPORATION) <==== ATTENTION
    Task: {50680C61-1DDD-42D9-96CF-96232226D08D} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\9 => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [2013-12-16] (SEIKO EPSON CORPORATION) <==== ATTENTION
    Task: {60D1C451-13F3-48DF-9858-FE27D09FB058} - \WPD\SqmUpload_S-1-5-21-4145260611-1649676698-564753963-1003 -> No File <==== ATTENTION
    Task: {6E96A258-D84C-4004-B01E-E2667F3C3DEA} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\10 => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [2017-03-16] (Apple Inc.) <==== ATTENTION
    Task: {710C9883-DBDE-48E9-82BA-21B077DBB19A} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\7 => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [2017-05-09] (Apple Inc.) <==== ATTENTION
    Task: {71D73AC4-BB66-4A3F-AECB-C808891E212B} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\6 => C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-06-13] (Microsoft Corporation) <==== ATTENTION
    Task: {869D3281-C42B-4418-B527-493601E4F648} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\5 => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28] (Safer-Networking Ltd.) <==== ATTENTION
    Task: {87050343-D693-4340-8856-526559CE18EE} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\8 => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2017-05-09] (Apple Inc.) <==== ATTENTION
    Task: {94861F45-1A12-4ACC-ABD4-4A92CE7CC36D} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\3 => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHQA.EXE [2011-01-20] (SEIKO EPSON CORPORATION) <==== ATTENTION
    Task: {957BAA0D-E1B8-4D15-88A6-A1AD96F792C6} - \WPD\SqmUpload_S-1-5-21-4145260611-1649676698-564753963-1001 -> No File <==== ATTENTION
    Task: {A7DBD7DF-D59C-40E8-BB5B-9F65B9E6B548} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\11 => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2017-05-09] (Apple Inc.) <==== ATTENTION
    Task: {AE7DFB97-2AAA-460E-ABBD-F485BC579899} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\2 => C:\Program Files (x86)\Quicken\bagent.exe [2017-04-17] (Intuit Inc.) <==== ATTENTION
    Task: {D458FCB6-DC2E-4979-B345-A4915699AFF8} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\1 => C:\Users\Dell Inspiron\AppData\Roaming\mjusbsp\cdloader2.exe [2014-07-04] (magicJack L.P.) <==== ATTENTION
    Task: {F7D51DAA-44D8-4009-A573-E7DEBB09B19C} - \WPD\SqmUpload_S-1-5-21-4145260611-1649676698-564753963-1004 -> No File <==== ATTENTION
    HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [*zejcdfmh<*>] => "C:\Users\Dell Inspiron\AppData\Local\c93d\b5e8.cda22" <==== ATTENTION (Value Name with invalid characters)
    CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - hxxps://clients2.google.com/service/update2/crx
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-09-2017, 05:45 AM   #5
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Dell Inspiron (09-07-2017 08:11:43) Run:1
Running from C:\Users\Dell Inspiron\Desktop
Loaded Profiles: Dell Inspiron (Available Profiles: Dell Inspiron & gamin_000 & the6o_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
Task: {19F0DAE6-A3C4-46A4-8E79-BC4B2A3CC35A} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\4 => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [2012-02-28] (SEIKO EPSON CORPORATION) <==== ATTENTION
Task: {50680C61-1DDD-42D9-96CF-96232226D08D} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\9 => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [2013-12-16] (SEIKO EPSON CORPORATION) <==== ATTENTION
Task: {60D1C451-13F3-48DF-9858-FE27D09FB058} - \WPD\SqmUpload_S-1-5-21-4145260611-1649676698-564753963-1003 -> No File <==== ATTENTION
Task: {6E96A258-D84C-4004-B01E-E2667F3C3DEA} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\10 => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [2017-03-16] (Apple Inc.) <==== ATTENTION
Task: {710C9883-DBDE-48E9-82BA-21B077DBB19A} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\7 => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [2017-05-09] (Apple Inc.) <==== ATTENTION
Task: {71D73AC4-BB66-4A3F-AECB-C808891E212B} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\6 => C:\Users\Dell Inspiron\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-06-13] (Microsoft Corporation) <==== ATTENTION
Task: {869D3281-C42B-4418-B527-493601E4F648} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\5 => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28] (Safer-Networking Ltd.) <==== ATTENTION
Task: {87050343-D693-4340-8856-526559CE18EE} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\8 => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2017-05-09] (Apple Inc.) <==== ATTENTION
Task: {94861F45-1A12-4ACC-ABD4-4A92CE7CC36D} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\3 => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHQA.EXE [2011-01-20] (SEIKO EPSON CORPORATION) <==== ATTENTION
Task: {957BAA0D-E1B8-4D15-88A6-A1AD96F792C6} - \WPD\SqmUpload_S-1-5-21-4145260611-1649676698-564753963-1001 -> No File <==== ATTENTION
Task: {A7DBD7DF-D59C-40E8-BB5B-9F65B9E6B548} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\11 => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2017-05-09] (Apple Inc.) <==== ATTENTION
Task: {AE7DFB97-2AAA-460E-ABBD-F485BC579899} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\2 => C:\Program Files (x86)\Quicken\bagent.exe [2017-04-17] (Intuit Inc.) <==== ATTENTION
Task: {D458FCB6-DC2E-4979-B345-A4915699AFF8} - System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\1 => C:\Users\Dell Inspiron\AppData\Roaming\mjusbsp\cdloader2.exe [2014-07-04] (magicJack L.P.) <==== ATTENTION
Task: {F7D51DAA-44D8-4009-A573-E7DEBB09B19C} - \WPD\SqmUpload_S-1-5-21-4145260611-1649676698-564753963-1004 -> No File <==== ATTENTION
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\...\Run: [*zejcdfmh<*>] => "C:\Users\Dell Inspiron\AppData\Local\c93d\b5e8.cda22" <==== ATTENTION (Value Name with invalid characters)
CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - hxxps://clients2.google.com/service/update2/crx
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => key removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => key removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19F0DAE6-A3C4-46A4-8E79-BC4B2A3CC35A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19F0DAE6-A3C4-46A4-8E79-BC4B2A3CC35A} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\4 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\4 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50680C61-1DDD-42D9-96CF-96232226D08D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50680C61-1DDD-42D9-96CF-96232226D08D} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\9 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\9 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60D1C451-13F3-48DF-9858-FE27D09FB058} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60D1C451-13F3-48DF-9858-FE27D09FB058} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4145260611-1649676698-564753963-1003 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E96A258-D84C-4004-B01E-E2667F3C3DEA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E96A258-D84C-4004-B01E-E2667F3C3DEA} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\10 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\10 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{710C9883-DBDE-48E9-82BA-21B077DBB19A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{710C9883-DBDE-48E9-82BA-21B077DBB19A} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\7 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\7 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{71D73AC4-BB66-4A3F-AECB-C808891E212B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71D73AC4-BB66-4A3F-AECB-C808891E212B} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\6 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\6 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{869D3281-C42B-4418-B527-493601E4F648} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{869D3281-C42B-4418-B527-493601E4F648} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\5 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\5 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87050343-D693-4340-8856-526559CE18EE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87050343-D693-4340-8856-526559CE18EE} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\8 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\8 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94861F45-1A12-4ACC-ABD4-4A92CE7CC36D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94861F45-1A12-4ACC-ABD4-4A92CE7CC36D} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\3 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\3 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{957BAA0D-E1B8-4D15-88A6-A1AD96F792C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{957BAA0D-E1B8-4D15-88A6-A1AD96F792C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4145260611-1649676698-564753963-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7DBD7DF-D59C-40E8-BB5B-9F65B9E6B548} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7DBD7DF-D59C-40E8-BB5B-9F65B9E6B548} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\11 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\11 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE7DFB97-2AAA-460E-ABBD-F485BC579899} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE7DFB97-2AAA-460E-ABBD-F485BC579899} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D458FCB6-DC2E-4979-B345-A4915699AFF8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D458FCB6-DC2E-4979-B345-A4915699AFF8} => key removed successfully
C:\WINDOWS\System32\Tasks\Avira\System Speedup\Delayed Startup\Dell Inspiron\1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Dell Inspiron\1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7D51DAA-44D8-4009-A573-E7DEBB09B19C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7D51DAA-44D8-4009-A573-E7DEBB09B19C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4145260611-1649676698-564753963-1004 => key removed successfully
HKU\S-1-5-21-4145260611-1649676698-564753963-1001\Software\Microsoft\Windows\CurrentVersion\Run\\*zejcdfmh<*> => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\joefoganpblmedgjeigepgjfikhhdnnj => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29057963 B
Java, Flash, Steam htmlcache => 108920861 B
Windows/system/drivers => 131251909 B
Edge => 25411668 B
Chrome => 716256146 B
Firefox => 354737926 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 37040 B
LocalService => 31593256 B
NetworkService => 19190 B
Dell Inspiron => 1462292188 B
gamin_000 => 128044569 B
the6o_000 => 22166153 B

RecycleBin => 51016137867 B
EmptyTemp: => 50.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:37:10 ====
JoshandDad is offline  
Old 07-09-2017, 02:52 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, JoshandDad. Any change in behavior?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-11-2017, 04:09 AM   #7
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



The ESET scan has been running for 21 hours. Is that expected? Should I continue to run?

Performance is much better, back to within the expected range.
JoshandDad is offline  
Old 07-11-2017, 05:59 AM   #8
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



In the meantime, here is the MBAM log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/10/2017
Scan Time: 7:45 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.07.10.04
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Dell Inspiron

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432401
Time Elapsed: 1 hr, 12 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Adware.QIPApp, HKU\S-1-5-21-4145260611-1649676698-564753963-1003\SOFTWARE\TORCH, Quarantined, [811b6cf83f6a2d09bb5f52a60100ed13],

Registry Values: 1
Adware.QIPApp, HKU\S-1-5-21-4145260611-1649676698-564753963-1003\SOFTWARE\TORCH|home, C:\Users\gamin_000\AppData\Local\Torch, Quarantined, [811b6cf83f6a2d09bb5f52a60100ed13]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
JoshandDad is offline  
Old 07-11-2017, 12:09 PM   #9
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



ESET:

C:\AdwCleaner\quarantine\files\lraogohrjodxwlsrejijzqwbfxzcejrl.back Win32/Bundled.Toolbar.Ask.P potentially unsafe application,Win32/Bundled.Toolbar.Ask.Q potentially unsafe application
C:\AdwCleaner\quarantine\files\ntvvssnbyapdqumzornfhtnuzhpwxndr\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\ntvvssnbyapdqumzornfhtnuzhpwxndr\Toolbar\Updater\IDC\IdcLdr_x64.exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\ntvvssnbyapdqumzornfhtnuzhpwxndr\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\ntvvssnbyapdqumzornfhtnuzhpwxndr\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\ntvvssnbyapdqumzornfhtnuzhpwxndr\Toolbar\Updater\IDC\IdcSrvStub_x64.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\ntvvssnbyapdqumzornfhtnuzhpwxndr\Toolbar\Updater\IDC\IdcSrv_x64.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\shppqvgcbeflulmdxpxqlwzfsvbqbvhr\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\shppqvgcbeflulmdxpxqlwzfsvbqbvhr\Toolbar\Updater\IDC\IdcLdr_x64.exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\shppqvgcbeflulmdxpxqlwzfsvbqbvhr\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\shppqvgcbeflulmdxpxqlwzfsvbqbvhr\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\shppqvgcbeflulmdxpxqlwzfsvbqbvhr\Toolbar\Updater\IDC\IdcSrvStub_x64.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\AdwCleaner\quarantine\files\shppqvgcbeflulmdxpxqlwzfsvbqbvhr\Toolbar\Updater\IDC\IdcSrv_x64.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\FRST\Quarantine\C\Windows\System32\LavasoftTcpService64.dll.xBAD a variant of Win64/Packed.Komodia.A suspicious application
C:\FRST\Quarantine\C\Windows\SysWOW64\LavasoftTcpService.dll.xBAD a variant of Win32/Packed.Komodia.A suspicious application
C:\Users\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\HP_Owner\Desktop\AdventureBall-dm.exe a variant of Win32/Adware.Trymedia.A potentially unwanted application
C:\Users\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\Kids\Application Data\Mozilla\Firefox\Profiles\yk71whl9.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\Kids\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\Nikkey Rocks!!!!!!!\Application Data\Mozilla\Firefox\Profiles\hyhpucag.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\Nikkey Rocks!!!!!!!\Local Settings\temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\WINDOWS\Installer\482b0485.msi a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
G:\Backup\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
G:\Backup\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\HP_Owner\Desktop\AdventureBall-dm.exe a variant of Win32/Adware.Trymedia.A potentially unwanted application
G:\Backup\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\Kids\Application Data\Mozilla\Firefox\Profiles\yk71whl9.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
G:\Backup\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\Kids\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
G:\Backup\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\Nikkey Rocks!!!!!!!\Application Data\Mozilla\Firefox\Profiles\hyhpucag.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
G:\Backup\Dell Inspiron\Desktop\Geek Squad Backup 02-12-2013\Nikkey Rocks!!!!!!!\Local Settings\temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
G:\Backup\Dell Inspiron\Desktop\GS Data Recovery\00414-981600360\Level 2\Root\Users\Owner\Desktop\Backup\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
G:\Backup\Dell Inspiron\Desktop\GS Data Recovery\00414-981600360\Level 2\Root\Users\Owner\Desktop\Backup\HP_Owner\Desktop\AdventureBall-dm.exe a variant of Win32/Adware.Trymedia.A potentially unwanted application
JoshandDad is offline  
Old 07-12-2017, 01:07 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, JoshandDad. Glad to hear it.

Those first finds by ESET have been quarantined by AdwCleaner and FRST. Those will get deleted when we uninstall AdwCleaner and/or FRST.

I'm going to leave it up to you whether to delete those other finds in your backups.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-13-2017, 06:02 AM   #11
Registered Member
 
Join Date: Jun 2008
Posts: 40
OS: Windows 10



Resolved. Thank you.
JoshandDad is offline  
Old 07-13-2017, 01:34 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, JoshandDad! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Luhe.Sire.A infection
I tried to download both programs you advice to download and run, but each time I tried the pc wouldn't allow the download or even to run them direct...A pop up window said 'Item cannot be downloaded as it contained a virus'. when clicking on a tab within the message which said "Learn More" a...
Aw-Naw Resolved HJT Threads 43 06-06-2013 01:37 AM
Re: My PC is running very slow!
See original threads https://www.techsupportforum.com/forums/f100/trojan-horse-generic_r-bat-660143.html www.techsupportforum.com/forums/f112/my-pc-is-running-very-slow-660313.html Thanks for the reply. I downloaded the DDS and GMER software and ran the scans as instructed. All the scans went...
Hairymartin1966 Virus/Trojan/Spyware Help 20 08-22-2012 04:37 PM
Dell is running SO SLOW
Hi, I know next to nothing about most of what I'm finding on this site, but the step-by-steps are helpful! My Dell Insprion 1525 is running so slow, I can barely even run internal scans to find out what's wrong. It just took over 90 minutes to run my "Windows Experience Index." iTunes is no...
rebel150 Resolved HJT Threads 15 07-05-2012 09:28 AM
Viruses/Malware...google redirect/ad background/etc
Got a few problems on my hands and hope it is not beyond repairable, reformat. I have the google redirect that is happening, also have a talking ad background that I do not know where it comes from. All browsers are closed and it still comes up. Also, I get a bubble pop sound all the time,...
uofmx12 Inactive Malware Help Topics 8 02-10-2011 10:24 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:08 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts