Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

VWjWXCSoATEBQ trojan detected - Can not delete

This is a discussion on VWjWXCSoATEBQ trojan detected - Can not delete within the Resolved HJT Threads forums, part of the Tech Support Forum category. Malwarebytes detected this trojan and deleted it. However after restarting computer the trojan is detected again. Virus program says that


 
 
Thread Tools Search this Thread
Old 12-09-2018, 03:05 PM   #1
Registered Member
 
Join Date: May 2010
Posts: 14
OS: Win 10



Malwarebytes detected this trojan and deleted it. However after restarting computer the trojan is detected again. Virus program says that it is deleted again, then does a scan an and reports no infection. However, trojan has been detected again. Above procedure performed 3 times. I need help permanently deleting this infection. Thank you.

My Dell Computer is running Windows 10, I do not have install disc.

DDS.TXT:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.17134.1
Run by Ernie at 15:37:15 on 2018-12-09
Microsoft Windows 10 Home 10.0.17134.0.1252.1.1033.18.8109.4617 [GMT -7:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
svchost.exe
C:\WINDOWS\system32\DbxSvc.exe
C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NgcSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeApp.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\File Association Helper\FAHWindow.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Ernie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\pcdrwi.exe
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s wcncsvc
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k bcastdvruserservice -s BcastDVRUserService
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\WINDOWS\system32\compattelrunner.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\backgroundTaskHost.exe
svchost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [49970B42564150BDCC41BBA61336D91435261BB6._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8
uRun: [OneDrive] "C:\Users\Ernie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [SansaDispatch] C:\Users\Ernie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [AvastBrowserAutoLaunch_67950D4370B0FBD7974EA65F32997878] "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" --restore-last-session
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
dRun: [GarminExpress] "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized
StartupFolder: C:\Users\Ernie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EOSUTI~1.LNK - C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
StartupFolder: C:\Users\Ernie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{f95db78b-50ec-40c2-9a32-7bfe08cd847b} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {30C521FB-255B-46C8-9F0D-EE5AE371C9AA} - "C:\Program Files (x86)\AVAST Software\Browser\Application\70.0.917.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\957\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;C:\WINDOWS\System32\drivers\aswbidsha.sys [2018-7-27 201768]
R0 aswblog;aswblog;C:\WINDOWS\System32\drivers\aswbloga.sys [2018-7-27 346592]
R0 aswbuniv;aswbuniv;C:\WINDOWS\System32\drivers\aswbuniva.sys [2018-7-27 59496]
R0 aswElam;aswElam;C:\WINDOWS\System32\drivers\aswElam.sys [2018-7-6 15360]
R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\drivers\aswRvrt.sys [2018-7-27 87432]
R0 aswVmm;aswVmm;C:\WINDOWS\System32\drivers\aswVmm.sys [2018-7-27 381144]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-6-23 1455552]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2018-4-11 177192]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2018-4-11 58272]
R0 SgrmAgent;System Guard Runtime Monitor Agent;C:\WINDOWS\System32\drivers\SgrmAgent.sys [2018-4-11 63896]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2018-4-11 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2018-7-27 72768]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2018-4-11 18472]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2018-4-11 209816]
R1 afunix;afunix;C:\WINDOWS\System32\drivers\afunix.sys [2018-4-11 39424]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-11 254464]
R1 aswArPot;aswArPot;C:\WINDOWS\System32\drivers\aswArPot.sys [2018-7-27 201240]
R1 aswbidsdriver;aswbidsdriver;C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [2018-7-27 230344]
R1 aswHdsKe;aswHdsKe;C:\WINDOWS\System32\drivers\aswHdsKe.sys [2018-4-4 239840]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\drivers\aswKbd.sys [2018-10-15 42288]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2018-7-27 1028680]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2018-7-27 467904]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-4-11 60320]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2014-2-27 91712]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2018-4-11 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-4-11 8192]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2018-7-5 83768]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2018-7-27 163208]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2018-7-27 208640]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-11-28 324000]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R2 CDPUserSvc_31fb4;CDPUserSvc_31fb4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-7-27 414720]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2018-4-11 51288]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2018-11-28 51024]
R2 DDVCollectorSvcApi;Dell Data Vault Service API;C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [2018-10-22 209392]
R2 DDVDataCollector;Dell Data Vault Collector;C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2018-10-22 3347440]
R2 DDVRulesProcessor;Dell Data Vault Processor;C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [2018-10-22 218096]
R2 Dell Hardware Support;Dell Hardware Support;C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [2018-11-7 1002816]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2014-1-14 198664]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2018-4-11 51288]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-6-23 18856]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2017-3-13 382456]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2016-9-7 21216]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 OneSyncSvc_31fb4;OneSyncSvc_31fb4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 osrss;Windows 10 Update Facilitation Service;C:\WINDOWS\System32\svchost.exe -k osrss [2018-4-11 51288]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-8-4 312056]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-7-27 760888]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2016-1-5 2065808]
R2 SgrmBroker;System Guard Runtime Monitor Broker;C:\WINDOWS\System32\SgrmBroker.exe [2018-4-11 163336]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2018-4-11 82432]
R2 SupportAssistAgent;Dell SupportAssist;C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2018-10-25 38872]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-4-11 151960]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 WpnUserService_31fb4;WpnUserService_31fb4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [2013-8-22 16176]
R2 WyseRemoteAccess;Wyse RemoteAccess;C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [2013-8-19 1785344]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-11-28 8188768]
R3 BcastDVRUserService_31fb4;BcastDVRUserService_31fb4;C:\WINDOWS\System32\svchost.exe -k BcastDVRUserService [2018-4-11 51288]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2017-1-5 266240]
R3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [2018-10-20 36400]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2018-4-11 20992]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 PimIndexMaintenanceSvc_31fb4;PimIndexMaintenanceSvc_31fb4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2014-2-27 263896]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-12-15 896752]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2018-7-27 29600]
R3 UnistoreSvc_31fb4;UnistoreSvc_31fb4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 UserDataSvc_31fb4;UserDataSvc_31fb4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2018-4-11 25088]
R4 NetfilterSvc;NetfilterSvc;C:\Windows\iNetfilterSvc [2018-12-9 70152]
S2 avast;%1!s! Update Service (avast);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-5-29 164984]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-1-5 143144]
S2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2016-6-23 2572024]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-4-11 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2018-4-11 1135520]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2018-4-11 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2018-4-11 51288]
S3 aswHwid;aswHwid;C:\WINDOWS\System32\drivers\aswHwid.sys [2018-7-27 46384]
S3 avastm;%1!s! Update Service (avastm);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-5-29 164984]
S3 AvastWscReporter;AvastWscReporter;C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [2018-11-28 57504]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2018-4-11 9728]
S3 bindflt;Windows Bind Filter Driver;C:\WINDOWS\System32\drivers\bindflt.sys [2018-4-11 92056]
S3 BluetoothUserService_31fb4;BluetoothUserService_31fb4;C:\WINDOWS\System32\svchost.exe -k BthAppGroup [2018-4-11 51288]
S3 BTAGService;Bluetooth Audio Gateway Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
S3 BthAvctpSvc;AVCTP service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2018-4-11 38304]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-4-11 39936]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2018-4-11 60320]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2018-4-11 123392]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-4-11 321432]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-4-11 1836952]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-1-5 143144]
S3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2018-5-8 41208]
S3 DevicePickerUserSvc_31fb4;DevicePickerUserSvc_31fb4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevicesFlowUserSvc_31fb4;DevicesFlowUserSvc_31fb4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-8-17 90624]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2018-4-11 51288]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2018-4-11 51288]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-4-11 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2018-4-11 51288]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-4-11 50592]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2018-4-11 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2018-4-11 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2018-4-11 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-4-11 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-4-11 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-4-11 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-4-11 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2018-4-11 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2018-4-11 113152]
S3 iaStorAVC;Intel Chipset SATA RAID Controller;C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-4-11 885144]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2018-4-11 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-4-11 38912]
S3 InstallService;Microsoft Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-9-18 42288]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2018-4-11 32256]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 ItSas35i;ItSas35i;C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-4-11 145816]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-4-11 124312]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-4-11 128408]
S3 LxpSvc;Language Experience Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2018-4-11 51288]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2018-4-11 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2018-4-11 56736]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-4-11 75160]
S3 megasas35i;megasas35i;C:\WINDOWS\System32\drivers\megasas35i.sys [2018-4-11 82328]
S3 MessagingService_31fb4;MessagingService_31fb4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-4-11 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2018-4-11 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2018-4-11 175104]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-4-11 197632]
S3 nvdimm;Microsoft NVDIMM device driver;C:\WINDOWS\System32\drivers\nvdimm.sys [2018-4-11 104448]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2018-4-11 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2018-4-11 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2018-4-11 16896]
S3 PrintWorkflowUserSvc_31fb4;PrintWorkflowUserSvc_31fb4;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2018-4-11 51288]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2018-4-11 39840]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2018-7-27 1921944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2018-7-27 945568]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2018-4-11 51288]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2018-4-11 104448]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2018-4-11 51288]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2018-8-17 128920]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2018-4-11 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2018-4-11 1273344]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2018-4-11 154528]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2018-4-11 51288]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-4-11 57752]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-7-27 976384]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-7-27 105368]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-7-27 48544]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2018-4-11 303616]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-4-11 128512]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2018-4-11 152576]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-4-11 57856]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2018-4-11 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2018-4-11 282008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2018-4-11 98200]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2018-4-11 144288]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2018-4-11 29088]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-4-11 67992]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2018-4-11 28064]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 VacSvc;Volumetric Audio Compositor Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2018-11-27 36352]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2018-8-17 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 WaaSMedicSvc;Windows Update Medic Service;C:\WINDOWS\System32\svchost.exe -k wusvcs -p [2018-4-11 51288]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-4-11 82944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-11-27 787456]
S3 WdmCompanionFilter;WdmCompanionFilter;C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [2018-4-11 21408]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2018-4-11 44032]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2018-4-11 4451616]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2018-4-11 51288]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2018-4-11 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-11-27 228864]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2018-4-11 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 WpcMonSvc;Parental Controls;C:\WINDOWS\System32\svchost.exe -k LocalService [2018-4-11 51288]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2018-4-11 264192]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2018-4-11 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2018-7-27 295424]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2018-4-11 46592]
S4 hvcrash;hvcrash;C:\WINDOWS\System32\drivers\hvcrash.sys [2018-4-11 33184]
S4 sedsvc;Windows Remediation Service;C:\Program Files\rempl\sedsvc.exe [2018-11-8 322712]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S4 ssh-agent;OpenSSH Authentication Agent;C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-4-12 495616]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-12-09 22:04:30 -------- d-----w- C:\WINDOWS\SSL
2018-12-09 22:04:29 70152 ----a-w- C:\WINDOWS\iNetfilterSvc
2018-12-09 22:04:29 -------- d-----w- C:\WINDOWS\nss
2018-11-28 20:52:00 -------- d-----w- C:\Users\Ernie\AppData\Local\mbam
2018-11-28 20:51:19 -------- d-----w- C:\Users\Ernie\AppData\Local\mbamtray
2018-11-28 16:25:11 -------- d-----w- C:\Users\Ernie\AppData\Local\D3DSCache
2018-11-28 16:20:21 -------- d-----w- C:\ProgramData\itranslator
2018-11-28 13:09:04 51024 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2018-11-28 13:09:04 47792 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2018-11-28 13:09:04 47792 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2018-11-28 13:09:04 45752 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2018-11-27 15:40:59 13873664 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
.
==================== Find3M ====================
.
2018-12-09 22:05:50 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-11-28 16:37:29 239840 ----a-w- C:\WINDOWS\System32\drivers\aswHdsKe.sys
2018-11-28 16:25:31 87432 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2018-11-28 16:25:30 46384 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2018-11-28 16:25:30 201240 ----a-w- C:\WINDOWS\System32\drivers\aswArPot.sys
2018-11-28 16:25:30 163208 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2018-11-28 16:25:29 111800 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2018-11-28 16:24:44 42288 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
2018-11-28 16:24:29 1028680 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2018-11-28 16:24:16 59496 ----a-w- C:\WINDOWS\System32\drivers\aswbuniva.sys
2018-11-28 16:24:16 346592 ----a-w- C:\WINDOWS\System32\drivers\aswbloga.sys
2018-11-28 16:24:15 230344 ----a-w- C:\WINDOWS\System32\drivers\aswbidsdrivera.sys
2018-11-28 16:24:15 201768 ----a-w- C:\WINDOWS\System32\drivers\aswbidsha.sys
2018-11-16 23:00:55 834960 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-11-16 23:00:55 179600 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-11-01 11:49:26 348160 ----a-w- C:\WINDOWS\System32\MusNotifyIcon.exe
2018-11-01 11:45:21 4527776 ----a-w- C:\WINDOWS\System32\sppsvc.exe
2018-11-01 11:45:20 1376672 ----a-w- C:\WINDOWS\System32\ole32.dll
2018-11-01 11:45:04 1617320 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2018-11-01 11:32:09 64000 ----a-w- C:\WINDOWS\System32\iemigplugin.dll
2018-11-01 11:31:51 6602240 ----a-w- C:\WINDOWS\System32\twinui.dll
2018-11-01 11:30:26 122368 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2018-11-01 11:30:15 29696 ----a-w- C:\WINDOWS\System32\msisip.dll
2018-11-01 11:29:05 73728 ----a-w- C:\WINDOWS\System32\SMSRouter.dll
2018-11-01 11:28:55 253952 ----a-w- C:\WINDOWS\System32\prnntfy.dll
2018-11-01 11:28:25 4491264 ----a-w- C:\WINDOWS\System32\xpsrchvw.exe
2018-11-01 11:28:09 3649024 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2018-11-01 11:27:22 878592 ----a-w- C:\WINDOWS\System32\CPFilters.dll
2018-11-01 11:27:01 1121792 ----a-w- C:\WINDOWS\System32\TSWorkspace.dll
2018-11-01 11:26:51 1364992 ----a-w- C:\WINDOWS\System32\bcastdvruserservice.dll
2018-11-01 11:26:21 503296 ----a-w- C:\WINDOWS\System32\sppcext.dll
2018-11-01 11:25:57 577024 ----a-w- C:\WINDOWS\System32\SppExtComObj.Exe
2018-11-01 10:09:54 1027000 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2018-11-01 09:59:13 5669888 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2018-11-01 09:56:37 24576 ----a-w- C:\WINDOWS\SysWow64\msisip.dll
2018-11-01 09:56:03 226304 ----a-w- C:\WINDOWS\SysWow64\prnntfy.dll
2018-11-01 09:54:26 3397632 ----a-w- C:\WINDOWS\SysWow64\xpsrchvw.exe
2018-11-01 09:53:44 908288 ----a-w- C:\WINDOWS\SysWow64\TSWorkspace.dll
2018-11-01 09:52:45 2892800 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2018-11-01 09:15:23 23861760 ----a-w- C:\WINDOWS\System32\Hydrogen.dll
2018-11-01 09:13:39 19525120 ----a-w- C:\WINDOWS\System32\HologramCompositor.dll
2018-11-01 07:39:00 1035256 ----a-w- C:\WINDOWS\System32\ApplyTrustOffline.exe
2018-11-01 07:38:08 269336 ----a-w- C:\WINDOWS\System32\SgrmEnclave_secure.dll
2018-11-01 07:37:57 272408 ----a-w- C:\WINDOWS\System32\SgrmEnclave.dll
2018-11-01 07:28:29 1029944 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-11-01 07:28:20 1221432 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-11-01 07:28:17 134968 ----a-w- C:\WINDOWS\System32\hvloader.dll
2018-11-01 07:28:13 566568 ----a-w- C:\WINDOWS\System32\tcblaunch.exe
2018-11-01 07:28:11 76088 ----a-w- C:\WINDOWS\System32\drivers\hvservice.sys
2018-11-01 07:28:09 1062712 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2018-11-01 07:27:52 491200 ----a-w- C:\WINDOWS\System32\mf.dll
2018-11-01 07:27:36 1017152 ----a-w- C:\WINDOWS\System32\msmpeg2adec.dll
2018-11-01 07:26:42 3180080 ----a-w- C:\WINDOWS\System32\d3d11.dll
2018-11-01 07:26:28 3291640 ----a-w- C:\WINDOWS\System32\combase.dll
2018-11-01 07:26:22 1363536 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2018-11-01 07:26:01 7432120 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-11-01 07:09:59 25855488 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2018-11-01 07:03:03 34816 ----a-w- C:\WINDOWS\System32\dusmtask.exe
2018-11-01 07:03:00 3397120 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2018-11-01 07:02:22 47104 ----a-w- C:\WINDOWS\System32\dusmapi.dll
2018-11-01 07:02:21 23552 ----a-w- C:\WINDOWS\System32\CSystemEventsBrokerClient.dll
2018-11-01 07:01:20 7057408 ----a-w- C:\WINDOWS\System32\mos.dll
2018-11-01 07:01:10 9084928 ----a-w- C:\WINDOWS\System32\BingMaps.dll
2018-11-01 07:00:25 8189440 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2018-11-01 07:00:16 433664 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2018-11-01 07:00:14 3392000 ----a-w- C:\WINDOWS\System32\tquery.dll
2018-11-01 07:00:11 6031360 ----a-w- C:\WINDOWS\System32\d2d1.dll
2018-11-01 07:00:10 209408 ----a-w- C:\WINDOWS\System32\AppXApplicabilityBlob.dll
2018-11-01 06:59:14 241152 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2018-11-01 06:59:09 107520 ----a-w- C:\WINDOWS\System32\dab.dll
2018-11-01 06:59:04 176128 ----a-w- C:\WINDOWS\System32\WPTaskScheduler.dll
2018-11-01 06:59:02 192000 ----a-w- C:\WINDOWS\System32\scrrun.dll
2018-11-01 06:59:00 322048 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2018-11-01 06:58:48 4383744 ----a-w- C:\WINDOWS\System32\EdgeContent.dll
2018-11-01 06:58:43 530432 ----a-w- C:\WINDOWS\System32\MapConfiguration.dll
2018-11-01 06:58:43 154112 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-11-01 06:58:42 149504 ----a-w- C:\WINDOWS\System32\dssvc.dll
2018-11-01 06:58:11 273408 ----a-w- C:\WINDOWS\System32\ubpm.dll
2018-11-01 06:58:10 4867072 ----a-w- C:\WINDOWS\System32\jscript9.dll
2018-11-01 06:58:03 7573504 ----a-w- C:\WINDOWS\System32\Chakra.dll
2018-11-01 06:57:53 835584 ----a-w- C:\WINDOWS\System32\PhoneService.dll
2018-11-01 06:57:47 356352 ----a-w- C:\WINDOWS\System32\dusmsvc.dll
2018-11-01 06:57:44 898560 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2018-11-01 06:57:42 2364928 ----a-w- C:\WINDOWS\System32\OpcServices.dll
2018-11-01 06:57:41 3381248 ----a-w- C:\WINDOWS\System32\MapRouter.dll
2018-11-01 06:57:41 265728 ----a-w- C:\WINDOWS\System32\psmsrv.dll
2018-11-01 06:57:38 2825728 ----a-w- C:\WINDOWS\System32\MapGeocoder.dll
2018-11-01 06:57:27 726528 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
2018-11-01 06:57:19 894464 ----a-w- C:\WINDOWS\System32\webplatstorageserver.dll
2018-11-01 06:57:16 1708544 ----a-w- C:\WINDOWS\System32\MSPhotography.dll
2018-11-01 06:57:14 808448 ----a-w- C:\WINDOWS\System32\EdgeManager.dll
2018-11-01 06:57:04 281600 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2018-11-01 06:56:57 1768448 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2018-11-01 06:56:53 2172928 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2018-11-01 06:56:33 506880 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll
2018-11-01 06:56:25 2929664 ----a-w- C:\WINDOWS\System32\xpsservices.dll
2018-11-01 06:56:19 1395200 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2018-11-01 06:55:23 2738688 ----a-w- C:\WINDOWS\System32\mssrch.dll
2018-11-01 06:55:15 684544 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2018-11-01 06:55:09 1058304 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
.
============= FINISH: 15:38:06.76 ===============
Attached Files
File Type: txt attach.txt (11.9 KB, 5 views)
EP_AZ is offline  
Sponsored Links
Advertisement
 
Old 12-09-2018, 06:07 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-10-2018, 02:44 PM   #3
Registered Member
 
Join Date: May 2010
Posts: 14
OS: Win 10



AdwCleaner Log:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-10-2018
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 25
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\itranslator
Deleted C:\Program Files (x86)\OSTotoSoft\DriverTalent
Deleted C:\Program Files (x86)\OSTotoSoft
Deleted C:\OSTotoFolder
Deleted C:\Users\Ernie\Favorites\Security Systems
Deleted C:\Users\Ernie\Favorites\Search

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted HKCU\Software\OSTotoSoft
Deleted HKLM\Software\Wow6432Node\OSTotoSoft
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
Deleted HKLM\Software\Wow6432Node\Taronja
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\winamp.en.softonic.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\merge-mp3.en.softonic.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3294 octets] - [10/12/2018 15:29:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

AdwCleaner Scan Log:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-10-2018
# Duration: 00:00:18
# OS: Windows 10 Home
# Scanned: 32299
# Detected: 25


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.ITranslator C:\ProgramData\itranslator
PUP.Optional.DriveTheLife C:\Program Files (x86)\OSTotoSoft\DriverTalent
PUP.Optional.DriverTalent C:\Program Files (x86)\OSTotoSoft
PUP.Optional.DriverTalent C:\OSTotoFolder
PUP.Optional.Legacy C:\Users\Ernie\Favorites\Security Systems
PUP.Optional.OtherSearch C:\Users\Ernie\Favorites\Search

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AmazonAssistant HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
PUP.Optional.BrowseFox.A HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
PUP.Optional.DriverTalent HKCU\Software\OSTotoSoft
PUP.Optional.DriverTalent HKLM\Software\Wow6432Node\OSTotoSoft
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Taronja
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
PUP.Optional.SofTonicAssistant HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\winamp.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\merge-mp3.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
EP_AZ is offline  
Sponsored Links
Advertisement
 
Old 12-10-2018, 02:54 PM   #4
Registered Member
 
Join Date: May 2010
Posts: 14
OS: Win 10



Farbar Recovery Scan Tool Log:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-10-2018
# Duration: 00:00:18
# OS: Windows 10 Home
# Scanned: 32299
# Detected: 25


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.ITranslator C:\ProgramData\itranslator
PUP.Optional.DriveTheLife C:\Program Files (x86)\OSTotoSoft\DriverTalent
PUP.Optional.DriverTalent C:\Program Files (x86)\OSTotoSoft
PUP.Optional.DriverTalent C:\OSTotoFolder
PUP.Optional.Legacy C:\Users\Ernie\Favorites\Security Systems
PUP.Optional.OtherSearch C:\Users\Ernie\Favorites\Search

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AmazonAssistant HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
PUP.Optional.BrowseFox.A HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
PUP.Optional.DriverTalent HKCU\Software\OSTotoSoft
PUP.Optional.DriverTalent HKLM\Software\Wow6432Node\OSTotoSoft
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Taronja
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
PUP.Optional.SofTonicAssistant HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\winamp.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\merge-mp3.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Attached Files
File Type: txt FRST.txt (72.3 KB, 4 views)
EP_AZ is offline  
Old 12-10-2018, 06:36 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello EP_AZ. It appears you didn't attach the second FRST log, named Addition.txt, to your last reply.

I need to see the Addition.txt log before we proceed.

It should be located on your Desktop. Please attach it to your next reply. Thanks.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-11-2018, 08:27 AM   #6
Registered Member
 
Join Date: May 2010
Posts: 14
OS: Win 10



Sorry, here it is.

Addition.txt :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Ernie (10-12-2018 15:48:57)
Running from C:\Users\Ernie\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-07-28 13:34:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1079757796-977599338-1025423941-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1079757796-977599338-1025423941-503 - Limited - Disabled)
Ernie (S-1-5-21-1079757796-977599338-1025423941-1001 - Administrator - Enabled) => C:\Users\Ernie
Guest (S-1-5-21-1079757796-977599338-1025423941-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1079757796-977599338-1025423941-1009 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1079757796-977599338-1025423941-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{A0FBF1DF-1805-44C9-91AE-C2F9047D443D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.102 - AVAST Software)
Backup and Sync from Google (HKLM\...\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}) (Version: 3.43.1584.4446 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J430W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.0.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 62.4.103 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
FlacSquisher 1.3.1 (HKLM-x32\...\FlacSquisher) (Version: 1.3.1 - FlacSquisher)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.957 - Citrix Online, a division of Citrix Systems, Inc.)
iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1079757796-977599338-1025423941-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.80 - DJI Interprises, LLC)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Sansa Media Converter (HKLM-x32\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.263 - )
Sansa Updater (HKU\S-1-5-21-1079757796-977599338-1025423941-1001\...\Sansa Updater) (Version: - SanDisk Corporation)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-28] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-28] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-28] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (Nico Mak Computing)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-06-26] (Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-28] (AVAST Software)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-28] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-13] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-28] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E9C3EFD-771F-4DD3-8077-832B99E1AC09} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {1A0ED26C-EDBD-4EBB-9506-9CBFF431F0CD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {1D1436AD-F152-414B-9873-3692572EF467} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {27F761DB-4CBE-4AAC-AE63-5F30B56122E0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3CF71F86-FA8C-45DC-B682-6FA7981CDAB9} - \WPD\SqmUpload_S-1-5-21-1079757796-977599338-1025423941-1001 -> No File <==== ATTENTION
Task: {3FEA4BFE-1E88-4F27-B736-7FDACEBCF3F0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-05] (Dropbox, Inc.)
Task: {40F168C3-02DE-4A0E-B3A5-4005DB315475} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {584FAFA2-77F4-42C5-B2BB-BA97FF0C29FE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6984500F-8BCF-4680-BFC0-4EF8C7AECDCA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {6C338452-DE7A-46E5-AC38-7E2BDB9D2A40} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-10-29] (AVAST Software)
Task: {6EE8EB8A-AABE-4F74-BE17-B777F7EFFEBE} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe]
Task: {736C68DA-BBD8-46A7-949A-A9D367F3693C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {75785100-9290-4B87-9E18-00DC7BC1487D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {78E1A240-7E5F-4F2E-AC1C-1CD1056192E3} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-29] (AVAST Software)
Task: {7C286606-C5A4-463F-8DB9-CDAC1CC9889D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-06-26] (Apple Inc.)
Task: {822336DC-FF65-49B3-A219-BA4E57BE5B49} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {82B4FCAE-A460-4053-BFBB-F809B8669730} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-05] (Dropbox, Inc.)
Task: {B65257F9-471F-4912-8261-852E909F1906} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {B8564D6C-9307-4DD5-9AA2-C478AC5FC68D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: {CDE9E60E-FB7C-41A3-B3A4-A9668785771A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-10-24] ()
Task: {D09FFCB0-3B5C-43B0-8EF6-11BA206779DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DB16CBCE-56CE-4BA3-B843-E5252D0ED8B9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-29] (AVAST Software)
Task: {DF74204F-0FD6-4C65-A1F5-E1AC1760ECAF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E59C6AC3-17F3-465F-B684-ECDBE3E8D178} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-28] (AVAST Software)
Task: {F6575132-CC11-4FCC-AB3D-F93B8383EBDC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F6B124BE-9DB3-40FC-A216-9EF3EEF86DAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-13] (Google Inc.)
Task: {F6D5CC67-726E-4501-89ED-17FF73E99931} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Ernie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chromebook Recovery Utility.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai

==================== Loaded Modules (Whitelisted) ==============

2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-02-15 21:01 - 2016-02-15 21:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2017-01-05 11:19 - 2005-04-21 21:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2013-08-22 12:40 - 2013-08-22 12:40 - 000016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-11-27 08:40 - 2018-10-31 23:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-09 06:11 - 2018-12-09 06:11 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-09 06:11 - 2018-12-09 06:11 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-15 17:46 - 2018-10-15 17:46 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-09 06:11 - 2018-12-09 06:11 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-09 06:11 - 2018-12-09 06:11 - 010885632 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-12-09 06:11 - 2018-12-09 06:11 - 002850816 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\skypert.dll
2018-12-09 06:11 - 2018-12-09 06:11 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-09 13:48 - 2018-07-09 13:48 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2012-08-30 13:46 - 2013-10-03 10:42 - 000069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2018-11-07 14:28 - 2018-11-07 14:28 - 002587976 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\libprotobuf.dll
2014-02-27 00:57 - 2013-03-04 20:40 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 000015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-04-04 10:45 - 2018-04-04 10:45 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-28 09:24 - 2018-11-28 09:24 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2012-08-30 13:39 - 2013-10-03 10:42 - 000112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2017-01-05 11:19 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-01-14 00:03 - 2014-01-14 00:03 - 000110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-24 01:07 - 2015-06-24 01:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-01-05 10:17 - 2015-12-18 16:52 - 001607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-02-27 01:08 - 2012-11-25 23:19 - 001153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2016-01-05 10:17 - 2014-02-18 13:12 - 000117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:404F5D20 [121]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2018-11-15 11:52 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1079757796-977599338-1025423941-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Dell\Win LtBlue 1920x1200.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1079757796-977599338-1025423941-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1079757796-977599338-1025423941-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-1079757796-977599338-1025423941-1001\...\StartupApproved\Run: => "49970B42564150BDCC41BBA61336D91435261BB6._service_run"
HKU\S-1-5-21-1079757796-977599338-1025423941-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1079757796-977599338-1025423941-1001\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-1079757796-977599338-1025423941-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-1079757796-977599338-1025423941-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_67950D4370B0FBD7974EA65F32997878"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{856D652F-1C18-4B8C-81F8-BAB9056B6009}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E0281C5E-340D-478F-9321-AA19C48E06A9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CC14BC7B-8C08-4CD2-AAFA-589BA4161705}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{812D3F8E-AD28-476E-8A97-BFBF4EEB99B5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{219D3D60-4B25-4A78-9ED8-E2A16DD131FC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6B11B0A5-BCDE-4AFD-8FEA-136222357948}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B91271A7-08B0-42F8-81CC-14D462ED4BB5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{17B3FC92-1CD7-4D79-90E6-25A0CE9F3138}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6BB7C834-5581-4469-B5C3-0657F358C414}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0DA3F7F6-49C1-45D8-95C2-7934D97C4698}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E53400F-1498-4E44-A70F-6C9F70B88560}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BB92EF78-1A50-42CF-8938-5C6288EBB4D1}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{EF0DA438-B5BE-4454-BB7E-41E89C5E41CA}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{7FE62AA1-FEED-4D41-A616-F85C8102415B}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{7147F127-3258-4686-BF28-F35EF3B00763}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{59FA9E99-51CE-472E-A7E6-7665AF54C06C}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{001F51A6-A534-4E37-B639-AA498F65DDD0}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{EDCBC9CD-A44B-4658-A9B2-6FF29EB8969A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{267950ED-18D0-42D4-8853-65C8296B5CF8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{4ECCD322-55AD-4F57-9EE5-0C6457A4E1AF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{89772DD8-3197-4748-BB10-E5EA9A1DDC6F}] => (Allow) LPort=2869
FirewallRules: [{1CDD5DB3-63C0-4F21-9D99-494B5CA1A39A}] => (Allow) LPort=1900
FirewallRules: [{8518BD85-D874-4AEA-954F-3FF7DA157EA5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0014B9D7-28BD-4700-8CA5-4C9DEB8BA685}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{42FC249B-60B6-4252-AA48-FF0861A7F708}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{21008D92-F376-43C8-AEFB-56F72524982A}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{420449DD-9279-4421-BBC2-63C2D9D8D4DD}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{A83B6378-339E-4F13-B503-2902ED981767}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{04C0A59C-93CC-4AA4-AB20-F31C40CA4974}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{82333237-DD19-4C10-A9CF-BA61BA393717}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2B266C1F-3FBC-45EC-B380-C3B353E87D01}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{98AA758D-5E4E-4A1D-A870-670226619C5A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D53BB8AF-F675-483F-8468-C248FC2B4AA6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A9F015CB-B085-4E32-912A-951D7EFB2F57}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{B7DC2592-6CAD-4666-BB52-5F693FF0BCE8}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{75166C32-2B63-440E-A49D-4CA9C3C83B1B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{95318119-F199-49EF-A020-CE2E059B8712}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{EB7F1132-A38F-46E5-BCA4-64A8EF58CD48}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{C6C9E0AA-1CBD-4937-B3FD-946221F905F5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{E2909016-88B3-41C8-990E-E919B1CB9B2A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{4C55CA44-90F9-459E-B35E-2B4536C03202}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{19A53114-B1F9-4A31-A78C-2B32DB6DA0BA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [TCP Query User{40D5A5EC-2264-4EB8-9BE2-A35033BB52F0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{767AA3A4-B227-4C6C-AC4F-C708D9EDE24D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{C3D42177-45BF-4D1C-B516-60BEA21D45DB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{69E0F9BB-F1A6-4F72-B069-FA11015BD778}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7D940804-A3BF-4E95-A445-B027AE28430F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{AD253549-9B77-4056-B366-9BAD6A2FECDD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{177041B1-093B-450A-81A7-E214780636E0}] => (Allow) LPort=54925
FirewallRules: [{421BC53C-C7FA-433C-889A-A82A7C611A69}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{38720CB3-63FB-4A5C-9EAA-D202BA44BF54}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B6E0A17E-A116-4BBD-96C5-37D201D58AF2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{E999DD5B-96F7-42E8-9774-FF11DF82939C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{7B5B196B-D9EF-49A2-B65B-9DCB40AE6E18}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{C65BA9D9-47C6-4992-AA4E-F9A91256C2B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B5050029-E99E-4046-BFBC-7FBE7EB6000D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

01-10-2018 12:49:17 Windows Update
15-10-2018 18:07:30 Windows Update
24-10-2018 13:46:28 Windows Update
24-10-2018 13:48:19 Windows Update
18-11-2018 07:53:00 Windows Update
27-11-2018 08:27:23 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2018 03:26:50 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/10/2018 03:26:21 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/09/2018 03:35:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2afc

Start Time: 01d4900d5ba26ab7

Termination Time: 9

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: bb1d2424-8c32-474d-88c3-7909711c34db

Faulting package full name:

Faulting package-relative application ID:

Error: (12/09/2018 03:26:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/09/2018 02:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.11001.20091, time stamp: 0x5bdbefe7
Faulting module name: HxOutlookBackground.dll, version: 16.0.11001.20104, time stamp: 0x5be69c37
Exception code: 0xc0000005
Fault offset: 0x000000000002be94
Faulting process id: 0xddc
Faulting application start time: 0x01d4900a62d3b17b
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe\HxTsr.exe
Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe\HxOutlookBackground.dll
Report Id: 64a07cad-b772-4907-bb74-3b8dd3b18bd0
Faulting package full name: microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/09/2018 02:58:47 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (12/09/2018 02:58:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LockApp.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b7c

Start Time: 01d48fdde497495b

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

Report Id: 10f32e5a-6dc5-4cca-8c3f-4e6949ae4089

Faulting package full name: Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy

Faulting package-relative application ID: WindowsDefaultLockScreen

Error: (12/09/2018 09:40:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8266


System errors:
=============
Error: (12/10/2018 03:33:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/10/2018 03:30:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (12/10/2018 03:30:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/10/2018 03:30:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/10/2018 03:30:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).

Error: (12/10/2018 03:30:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s).

Error: (12/10/2018 03:30:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/10/2018 03:30:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Hardware Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================

Date: 2018-12-10 15:34:06.523
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-10 15:33:52.348
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-10 15:33:51.781
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-10 15:30:23.182
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-10 15:21:14.804
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-10 15:21:13.949
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-10 15:21:13.428
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-09 16:13:07.831
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8108.94 MB
Available physical RAM: 4967.71 MB
Total Virtual: 9388.94 MB
Available Virtual: 5639.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.9 GB) (Free:750.84 GB) NTFS
Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive x: (PBR Image) (Fixed) (Total:7.99 GB) (Free:0.72 GB) NTFS

\\?\Volume{21c70cfe-2e8e-4386-b76a-464a188b1a72}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS
\\?\Volume{d563f2c9-a5a7-4da9-9341-fd47a2ae49fc}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A36BF4D0)

Partition: GPT.

==================== End of Addition.txt ============================
Attached Files
File Type: txt Addition.txt (48.8 KB, 7 views)
EP_AZ is offline  
Old 12-11-2018, 06:28 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, EP_AZ. Thanks. Not a problem.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
    Task: {27F761DB-4CBE-4AAC-AE63-5F30B56122E0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {3CF71F86-FA8C-45DC-B682-6FA7981CDAB9} - \WPD\SqmUpload_S-1-5-21-1079757796-977599338-1025423941-1001 -> No File <==== ATTENTION
    Task: {584FAFA2-77F4-42C5-B2BB-BA97FF0C29FE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D09FFCB0-3B5C-43B0-8EF6-11BA206779DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {DF74204F-0FD6-4C65-A1F5-E1AC1760ECAF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {F6575132-CC11-4FCC-AB3D-F93B8383EBDC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:404F5D20 [121]
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKLM -> DefaultScope {FEFBC959-362F-444E-82B8-F9D5CE376F7C} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {FEFBC959-362F-444E-82B8-F9D5CE376F7C} URL = 
    C:\ProgramData\VWjwXCSoAteBQ
    S4 VWjwXCSoAteBQ; \??\C:\ProgramData\VWjwXCSoAteBQ [X]
    Folder: C:\Users\Ernie\Desktop\New Crack
    Folder: C:\ProgramData\VWjwXCSoAteBQ
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-12-2018, 04:28 AM   #8
Registered Member
 
Join Date: May 2010
Posts: 14
OS: Win 10



Here is fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Ernie (12-12-2018 05:12:44) Run:1
Running from C:\Users\Ernie\Desktop
Loaded Profiles: Ernie (Available Profiles: Ernie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
Task: {27F761DB-4CBE-4AAC-AE63-5F30B56122E0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3CF71F86-FA8C-45DC-B682-6FA7981CDAB9} - \WPD\SqmUpload_S-1-5-21-1079757796-977599338-1025423941-1001 -> No File <==== ATTENTION
Task: {584FAFA2-77F4-42C5-B2BB-BA97FF0C29FE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D09FFCB0-3B5C-43B0-8EF6-11BA206779DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DF74204F-0FD6-4C65-A1F5-E1AC1760ECAF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F6575132-CC11-4FCC-AB3D-F93B8383EBDC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:404F5D20 [121]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {FEFBC959-362F-444E-82B8-F9D5CE376F7C} URL =
SearchScopes: HKLM-x32 -> DefaultScope {FEFBC959-362F-444E-82B8-F9D5CE376F7C} URL =
C:\ProgramData\VWjwXCSoAteBQ
S4 VWjwXCSoAteBQ; \??\C:\ProgramData\VWjwXCSoAteBQ [X]
Folder: C:\Users\Ernie\Desktop\New Crack
Folder: C:\ProgramData\VWjwXCSoAteBQ
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27F761DB-4CBE-4AAC-AE63-5F30B56122E0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27F761DB-4CBE-4AAC-AE63-5F30B56122E0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CF71F86-FA8C-45DC-B682-6FA7981CDAB9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CF71F86-FA8C-45DC-B682-6FA7981CDAB9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1079757796-977599338-1025423941-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{584FAFA2-77F4-42C5-B2BB-BA97FF0C29FE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{584FAFA2-77F4-42C5-B2BB-BA97FF0C29FE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D09FFCB0-3B5C-43B0-8EF6-11BA206779DA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D09FFCB0-3B5C-43B0-8EF6-11BA206779DA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF74204F-0FD6-4C65-A1F5-E1AC1760ECAF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF74204F-0FD6-4C65-A1F5-E1AC1760ECAF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6575132-CC11-4FCC-AB3D-F93B8383EBDC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6575132-CC11-4FCC-AB3D-F93B8383EBDC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
C:\ProgramData\Temp => ":404F5D20" ADS removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\ProgramData\VWjwXCSoAteBQ => moved successfully
HKLM\System\CurrentControlSet\Services\VWjwXCSoAteBQ => removed successfully
VWjwXCSoAteBQ => service removed successfully

========================= Folder: C:\Users\Ernie\Desktop\New Crack ========================

2018-07-06 07:03 - 2018-07-06 06:10 - 003056563 ____A [6CF92901CD47AD7AFC186373DF3ED1E9] () C:\Users\Ernie\Desktop\New Crack\20180706_061002.jpg
2018-07-06 07:03 - 2018-07-06 06:11 - 002771051 ____A [7C5BC5E60F069927052B4E79D8B41537] () C:\Users\Ernie\Desktop\New Crack\20180706_061127.jpg
2018-07-06 07:03 - 2018-07-06 06:11 - 002703701 ____A [644BF8BE1D56F90FA3BAF0101EA453E6] () C:\Users\Ernie\Desktop\New Crack\20180706_061147.jpg
2018-07-06 07:03 - 2018-07-06 06:16 - 002779894 ____A [4B466DE5B565DBBA349AF6B7F8B0DDCC] () C:\Users\Ernie\Desktop\New Crack\20180706_061600.jpg
2018-07-06 07:03 - 2018-07-06 06:16 - 003022143 ____A [1D625D2B92B592F90C2AC4D2E36335EE] () C:\Users\Ernie\Desktop\New Crack\20180706_061613.jpg
2018-07-06 07:03 - 2018-07-06 06:16 - 001772773 ____A [FBF1F2B73DF335BB174A86DBA6EA3B48] () C:\Users\Ernie\Desktop\New Crack\20180706_061625_001.jpg
2018-07-06 07:03 - 2018-07-06 06:16 - 001636283 ____A [DB673D89C379A73C234A98793AC8882D] () C:\Users\Ernie\Desktop\New Crack\20180706_061628_001.jpg
2018-07-06 07:03 - 2018-07-06 06:16 - 001937098 ____A [44AA151F68078C14949AE7D3CB9E5173] () C:\Users\Ernie\Desktop\New Crack\20180706_061646_001.jpg
2018-07-06 07:03 - 2018-07-06 06:16 - 001967149 ____A [FDEB48A28C42C3B99DB608D233B0CB20] () C:\Users\Ernie\Desktop\New Crack\20180706_061648_001.jpg
2018-07-06 07:03 - 2018-07-06 06:16 - 001966979 ____A [7163173CF3D98F5F09EE6E6B6BCE305A] () C:\Users\Ernie\Desktop\New Crack\20180706_061648_002.jpg
2018-07-06 07:03 - 2018-07-06 06:18 - 003457959 ____A [1819698660B615F387B5EA4D5A84D699] () C:\Users\Ernie\Desktop\New Crack\20180706_061824.jpg
2018-07-06 07:03 - 2018-07-06 06:21 - 002320444 ____A [3A40773A17DC625727533E4D5BA71BA9] () C:\Users\Ernie\Desktop\New Crack\20180706_062153_002.jpg
2018-07-06 07:03 - 2018-07-06 06:22 - 002113843 ____A [4ECE238AF764B43D40E179586CFB0DEB] () C:\Users\Ernie\Desktop\New Crack\20180706_062218_002.jpg
2018-07-06 07:03 - 2018-07-06 06:22 - 002112359 ____A [0D6D93797E22993481D3FE3F7DAD7685] () C:\Users\Ernie\Desktop\New Crack\20180706_062218_003.jpg
2018-07-06 07:03 - 2018-07-06 06:22 - 002111629 ____A [34FA1D9D3ADCE357F541C393F49E4900] () C:\Users\Ernie\Desktop\New Crack\20180706_062218_004.jpg
2018-07-06 07:03 - 2018-07-06 06:22 - 002110959 ____A [4EC790DDD0F40D2605BFDD353B702303] () C:\Users\Ernie\Desktop\New Crack\20180706_062218_005.jpg
2018-07-06 07:03 - 2018-07-06 06:22 - 002094605 ____A [2E45E196C054DA1634D79351382E81C1] () C:\Users\Ernie\Desktop\New Crack\20180706_062246_001.jpg
2018-10-26 10:16 - 2018-10-26 10:16 - 002926665 ____A [AB4BB67368846FF20DD3754BB845EDE9] () C:\Users\Ernie\Desktop\New Crack\20181026_084400Frt.jpg
2018-10-26 10:16 - 2018-10-26 10:16 - 003318195 ____A [73A0D976D0A8C9B92B3C7C492E81BB3E] () C:\Users\Ernie\Desktop\New Crack\20181026_084833Rear.jpg
2018-07-06 07:03 - 2018-07-06 06:22 - 002093616 ____A [39B3E5519E2F2BE9F46FE10DA405940E] () C:\Users\Ernie\Desktop\New Crack\Front.jpg
2018-07-06 07:03 - 2018-07-06 06:24 - 002515981 ____A [22CE5874EDA6AB082E92D7A43178C488] () C:\Users\Ernie\Desktop\New Crack\LH Side.jpg
2018-07-06 07:03 - 2018-07-06 06:19 - 123760312 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Ernie\Desktop\New Crack\LH Side_Video.mp4
2018-07-06 07:32 - 2018-07-06 07:20 - 001774908 ____A [07F568115D04B72C89197023AF7499F2] () C:\Users\Ernie\Desktop\New Crack\Photo_001.jpg
2018-07-06 07:32 - 2018-07-06 07:19 - 001695532 ____A [8F9DB3CD4ADB0E3992BBEFA9C3DC81C0] () C:\Users\Ernie\Desktop\New Crack\Photo_002.jpg
2018-07-06 07:32 - 2018-07-06 07:18 - 001673253 ____A [A29D5E719C3180143FEF551C26411D84] () C:\Users\Ernie\Desktop\New Crack\Photo_003.jpg
2018-07-06 07:48 - 2018-07-06 07:48 - 003711997 ____A [766F82B078954C7DBB2068236EDDA926] () C:\Users\Ernie\Desktop\New Crack\Photo_Labled_001.jpg
2018-07-06 07:03 - 2018-07-06 06:21 - 002319771 ____A [E56EFF6E3E01669757B6F3A528E94519] () C:\Users\Ernie\Desktop\New Crack\Rear.jpg
2018-07-06 07:03 - 2018-07-06 06:22 - 002116035 ____A [A840AA8B4743B084B7F999E478FB4DB7] () C:\Users\Ernie\Desktop\New Crack\RH Side.jpg
2018-07-06 07:03 - 2018-07-06 06:09 - 134801593 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Ernie\Desktop\New Crack\RH Side_Video.mp4
2018-10-24 13:37 - 2018-10-24 13:37 - 001039283 ____A [AEACADF6B45F7783B3BA24C256BDD5DF] () C:\Users\Ernie\Desktop\New Crack\Straight Line Suspension Invoice.pdf

====== End of Folder: ======


========================= Folder: C:\ProgramData\VWjwXCSoAteBQ ========================

not found.

====== End of Folder: ======


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 117575233 B
Java, Flash, Steam htmlcache => 4301 B
Windows/system/drivers => 5113347 B
Edge => 957686 B
Chrome => 64368342 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 20044 B
LocalService => 0 B
NetworkService => 3650 B
NetworkService => 0 B
Ernie => 796814833 B

RecycleBin => 10668902 B
EmptyTemp: => 956.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 05:15:10 ====
EP_AZ is offline  
Old 12-12-2018, 06:05 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, EP_AZ. How is the machine behaving? Any improvement?

------------------------------------------------------

I recommend installing Cybereason Ransom Free. I use it on all my machines.

It recently detected, and prevented, an attempted ransomware infection on one of my laptops.

Download RansomFree and save it to your desktop.

Right-click CybereasonRansomFree.msi > Install and follow the prompts to install it.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mb3-setup-1878.1878-3.6.1.2711.exe and follow the prompts to install the program.
    • A 14 day trial of the Premium features(a full-fledged, real-time antivirus application) will be installed.
    • You may end the free trial later by going to Settings > Account Details > Deactivate Premium Trial > Yes > I don't need real-time protection > OK.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart, wait for MBAM to open back up, then click Export Summary
  • If no threats were found, simply click Export Summary
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-13-2018, 09:08 AM   #10
Registered Member
 
Join Date: May 2010
Posts: 14
OS: Win 10



Our machine seems to be operating well. The trojan has not been detected and there are no scans being suggested. Before your assistance, each time we restarted our machine, the trojan was detected and a scan was started. All appears normal. Thank you!!

MBAM Log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/13/18
Scan Time: 5:49 AM
Log File: 94c6ca2a-fed5-11e8-8248-c81f664b26fd.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.8295
License: Free

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: DESKTOP-DEN\Ernie

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 317544
Threats Detected: 18
Threats Quarantined: 18
Time Elapsed: 8 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Adware.Injector, C:\WINDOWS\SSL, Quarantined, [3994], [607892],1.0.8295
Adware.Injector, C:\WINDOWS\NSS, Quarantined, [3994], [607893],1.0.8295

File: 16
Adware.Injector, C:\WINDOWS\SSL\SAMPLE CA 2.CER, Quarantined, [3994], [607892],1.0.8295
Adware.Injector, C:\Windows\SSL\cert.db, Quarantined, [3994], [607892],1.0.8295
Adware.Injector, C:\Windows\SSL\x.db, Quarantined, [3994], [607892],1.0.8295
Adware.Injector, C:\WINDOWS\NSS\SQLITE3.DLL, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\certutil.exe, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\freebl3.dll, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\libnspr4.dll, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\libplc4.dll, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\libplds4.dll, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\nss3.dll, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\nssckbi.dll, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\nssdbm3.dll, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\nssutil3.dll, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\smime3.dll, Quarantined, [3994], [607893],1.0.8295
Adware.Injector, C:\Windows\nss\softokn3.dll, Quarantined, [3994], [607893],1.0.8295
Rootkit.Agent.PUA, C:\WINDOWS\INETFILTERSVC, Quarantined, [407], [610987],1.0.8295

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


ESET Report:

C:\FRST\Quarantine\C\ProgramData\VWjwXCSoAteBQ.xBAD a variant of Win32/Packed.VMProtect.ABD trojan
EP_AZ is offline  
Old 12-13-2018, 05:41 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, EP_AZ. You're very welcome!

The ESET find has already been quarantined by FRST. It will get deleted when we uninstall the tools.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go Settings > Remove AdwCleaner > Remove

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-14-2018, 05:48 AM   #12
Registered Member
 
Join Date: May 2010
Posts: 14
OS: Win 10



Chemist,

All steps in your last post have been accomplished. Our machine is operating like new!

Please consider this problem resolved and you may close this thread. Thank you so much for your prompt and professional help.

EP_AZ
EP_AZ is offline  
Old 12-15-2018, 09:06 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, EP_AZ ! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] In Needed of Help
Hi, I have tried a couple of times to post this.. After being connected to the internet for more than 20 min.. I get the dialog box that started all my problems.. Once, I clicked cancel for more times than I can recall, and the dialog boxes went to the back and I was able to keep typing. But...
caddman Resolved HJT Threads 71 11-15-2014 03:46 AM
please help get rid of "Smart Guard" (fake anti-virus)
my laptop is infected by "Smart Guard Protection". it blocked everything. i cant run internet browser, mbam, dds, gmer. (i read the instruction, but i cant get the programs to run. please tell me what to do so i can provide the logs). dell inspiron 1525 windows vista home premium 2007 ...
plyp Resolved HJT Threads 39 06-07-2014 02:23 PM
Help with Virus.Win64.ZAccess.a
Hi I noticed my browser started doing weird things (redirecting to other sites etc) and I thoiught I had some Malware to get rid of. Tried Spybot etc to remove and nothing worked so I tried TDSSKiller to see if it was a root virus. After running TDSSKiller stated I had a Virus.Win64.ZAccess.a...
FDR Resolved HJT Threads 20 12-22-2012 06:59 AM
Help with blue screen and bug check
My machine bug checked tonight, it has been freezing for a long time but finally generated a dmp file tonight, so I am happy about that. Windbg says the following, can anyone help me determine what is causing this, or translate the windbg file? System specs are at the bottom, thank you.
gte BSOD, App Crashes And Hangs 27 04-18-2012 10:19 PM
Google redirect
I have some kind of virus that is causing my computer to run very slowly whenever I am connected to the internet. (Everything I do when disconnected from my [email protected] DSL line seems fine) The virus also causes redirects on Goole searches. I have run scans with Microsoft Internet Essentials, Spybot...
uptowndowntown Resolved HJT Threads 30 01-30-2012 03:20 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:30 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts