User Tag List

reboot after 1 minute

This is a discussion on reboot after 1 minute within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hey Guys, Been a long time since I have been around but I got a msg the other day saying


 
 
Thread Tools Search this Thread
Old 05-20-2019, 07:00 AM   #1
TSF Enthusiast
 
blackduck30's Avatar
 
Join Date: Sep 2004
Location: Wollongong/Australia
Posts: 4,267
OS: XP pro SP3/Vista Ultimate

My System


Hey Guys,
Been a long time since I have been around but I got a msg the other day saying my computer will reboot in 1 minute. Just got into a loop and now can not do anything. I did get into the system via MSDART 10 but nothing helps there, can not restore, can noteven reset.
I have basically removed the disk and trying to get an old SSD back online but just wondering if you have come across this lately. I have seen some older posts back in 2012 and 2015. I want to plug the SSD into my laptop and see if I can nut it out but not sure what to hit it with as i have been out of the loop for quite a few years

Thanks in Advance

Jamie
blackduck30 is offline  
Sponsored Links
Advertisement
 
Old 05-20-2019, 12:03 PM   #2
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello..! If you think your problem is due to malware, please follow:


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
  • If you receive a SmartScreen warning, click on More Info and Run Anyway.
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.
icotonev is offline  
Old 05-20-2019, 11:56 PM   #3
TSF Enthusiast
 
blackduck30's Avatar
 
Join Date: Sep 2004
Location: Wollongong/Australia
Posts: 4,267
OS: XP pro SP3/Vista Ultimate

My System


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by User (21-05-2019 16:50:20)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1803 17134.706 (X64) (2018-06-06 12:37:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1797737637-2226211763-716302337-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1797737637-2226211763-716302337-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1797737637-2226211763-716302337-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1797737637-2226211763-716302337-501 - Limited - Disabled)
User (S-1-5-21-1797737637-2226211763-716302337-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1797737637-2226211763-716302337-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
CyberGhost 7 (HKLM\...\CyberGhost 7) (Version: 7.2.2.4294 - CyberGhost S.A.)
EcuFlash (HKLM-x32\...\EcuFlash) (Version: 1.44 - www.tactrix.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.157 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
LogWorks3 (HKLM-x32\...\{A55273A1-93BE-4E34-A23B-E350A5E6421C}) (Version: 3.3.7 - Innovate Motorsports)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1797737637-2226211763-716302337-1001\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 66.0.5 (x64 en-GB) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-GB)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 4.16 - NCH Software)
qBittorrent 4.1.3 (HKLM-x32\...\qBittorrent) (Version: 4.1.3 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RMPrepUSB (HKLM-x32\...\RMPrepUSB) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.182 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
Virtual Dyno (HKLM-x32\...\Virtual Dyno) (Version: - Pnuema Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Web Companion (HKLM-x32\...\{6b888aae-8276-4cc3-96e3-3667cf5fc180}) (Version: 4.2.1846.3481 - Lavasoft)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/22/2016 2.12.14) (HKLM\...\531071C0EA841F24E3153910483B979A22D470DF) (Version: 01/22/2016 2.12.14 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/22/2016 2.12.14) (HKLM\...\F461FC987DA10C6FFE565BA998FF674522D3B5D3) (Version: 01/22/2016 2.12.14 - FTDI)
Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0) (HKLM\...\73FC7E42C8F05A3B5235FB18804B1F5C84709230) (Version: 10/12/2009 1.4.1.0 - Innovate Motorsports)
Windows Driver Package - Tactrix Inc. (openport) VehiclePassThru (04/07/2014 1.0.0.4227) (HKLM\...\B61BD381C4D35DF8E06C58DC94AAB9C54DFD5631) (Version: 04/07/2014 1.0.0.4227 - Tactrix Inc.)

Packages:
=========
7-zip. Click here! -> C:\Program Files\WindowsApps\61262Arrowgance.7-zip.Clickhere_1.2.0.0_neutral__erx5c4savp7xt [2018-03-11] (Arrowgance)
Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.0.308.0_x64__ynb6jyjzte8ga [2019-04-18] (Adobe Inc.)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.0.0_x64__tf1gferkr813w [2019-05-08] (Autodesk Inc.)
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2019-05-10] (Facebook Inc)
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-10] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-05-19 23:02 - 2019-02-22 02:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-05-21 00:03 - 2019-05-21 00:03 - 000388608 _____ (Trend Micro Inc.) [File not signed] C:\Users\User\Desktop\HijackThis.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1797737637-2226211763-716302337-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1797737637-2226211763-716302337-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-08-28 15:13 - 2019-01-13 20:08 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1797737637-2226211763-716302337-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FA41D78E-4E69-46C9-A51D-0437B8E57273}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CC3DC68F-52C2-4F60-B2A4-043114C551E7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4F7E6CA7-7BEA-4359-9203-1FE780E0D6EC}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F8F9A743-56B8-47C4-8551-44002429FBEE}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [TCP Query User{9BDDFEAE-6C97-43D6-898E-114DC48E8669}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{AFA3ED2A-31EF-472E-963E-C5C059D92659}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [TCP Query User{8E884D73-69B8-450B-B925-DB575131C2A2}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{F413E9CB-8ABB-4F20-BE86-06B0364DE0DF}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [TCP Query User{FE5F5641-844E-4B41-8860-10C6708DCC54}C:\program files (x86)\logworks3\lmconfig.exe] => (Allow) C:\program files (x86)\logworks3\lmconfig.exe (Innovate Motorsports) [File not signed]
FirewallRules: [UDP Query User{0E67F7CA-83DC-40CD-A84E-7D44402D0506}C:\program files (x86)\logworks3\lmconfig.exe] => (Allow) C:\program files (x86)\logworks3\lmconfig.exe (Innovate Motorsports) [File not signed]
FirewallRules: [TCP Query User{95A8D325-0E95-4C8E-BFA2-D860C8172641}C:\program files (x86)\logworks3\logworks3.exe] => (Allow) C:\program files (x86)\logworks3\logworks3.exe (Innovate Motorsports) [File not signed]
FirewallRules: [UDP Query User{012617C3-7A7B-4AC7-948E-22CA7A08DD94}C:\program files (x86)\logworks3\logworks3.exe] => (Allow) C:\program files (x86)\logworks3\logworks3.exe (Innovate Motorsports) [File not signed]
FirewallRules: [{E0D85A1B-3F33-44BD-BFB2-97DDD562C69C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{2A890642-608F-4E71-AE2D-C27AF0E59E25}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{D9431597-C08E-4704-AC0F-49AFC19F54FB}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{3B2894A1-AB33-4B1A-A720-09F62831CE62}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{01E36BF3-0989-4A33-9719-52C7FD22157E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{EACC31B7-F4DE-4B8B-B528-87A1A7AF9FA4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{ECE8665E-148C-4F1D-808A-FE7279A1C583}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

30-04-2019 22:12:42 Scheduled Checkpoint
09-05-2019 18:58:37 Scheduled Checkpoint
13-05-2019 11:24:38 Windows Update
17-05-2019 01:05:13 Windows Update
17-05-2019 0104 Windows Update
18-05-2019 06:46:59 Windows Update
20-05-2019 21:12:46 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2019 10:23:38 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={F779A0B7-6E9D-40B3-87D3-67180F86A075}: The user SYSTEM dialed a connection named CyberGhost (IKEv2) which has failed. The error code returned on failure is 0.

Error: (05/03/2019 10:23:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=26, authorId=0, vendorId=0, vendorType=0

Error: (05/03/2019 10:23:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0

Error: (05/03/2019 10:23:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0

Error: (05/03/2019 10:23:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=50, authorId=311, vendorId=0, vendorType=0

Error: (05/03/2019 10:23:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (05/03/2019 10:23:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=311, vendorId=0, vendorType=0

Error: (05/03/2019 10:23:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0


System errors:
=============
Error: (05/21/2019 04:49:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

Error: (05/21/2019 04:41:16 PM) (Source: DCOM) (EventID: 10016) (User: JAMIE-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user JAMIE-LAPTOP\User SID (S-1-5-21-1797737637-2226211763-716302337-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 04:41:06 PM) (Source: DCOM) (EventID: 10016) (User: JAMIE-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user JAMIE-LAPTOP\User SID (S-1-5-21-1797737637-2226211763-716302337-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 12:04:32 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.

Error: (05/20/2019 11:46:38 PM) (Source: DCOM) (EventID: 10016) (User: JAMIE-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user JAMIE-LAPTOP\User SID (S-1-5-21-1797737637-2226211763-716302337-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (05/20/2019 01:11:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/20/2019 01:11:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/20/2019 01:09:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-05-20 21:29:38.412
Description:
Windows Defender Antivirus has detected a suspicious behavior.
Name: Behavior:Win32/ModifiedBootRecord
ID: 3329515957
Severity: Low
Category: Suspicious Behavior
Path Found: file:_C:\Program Files (x86)\RMPrepUSB\RMPARTUSB.exe; process:_5808
Detection Origin: Local machine
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: C:\Program Files (x86)\RMPrepUSB\RMPARTUSB.exe
Signature ID: 23858570787236
Signature Version: AV: 1.293.1938.0, AS: 1.293.1938.0
Engine Version: 1.1.15900.4
Fidelity Label: Medium
Target File Name:

Date: 2019-05-09 18:56:31.356
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F027C76F-9867-4089-A23C-C71AE35580C9}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-05-08 23:50:29.954
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {02AD9C91-87F6-4E73-B06E-8C5C4E7F1C11}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-24 00:07:59.587
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {162F8A3E-AF07-4D1E-9EE8-65EC283E08FC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-23 23:59:30.614
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F5E2804A-474C-48B6-ACA4-DD8FF39107B4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-05-20 13:19:29.967
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1938.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-05-19 16:50:01.981
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1746.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-19 16:50:01.981
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1746.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-19 16:50:01.980
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1746.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-19 16:50:01.967
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1746.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

BIOS: TOSHIBA 1.10 06/05/2014
Motherboard: TOSHIBA CA10SU
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 91%
Total physical RAM: 4007.08 MB
Available physical RAM: 355.55 MB
Total Virtual: 6311.08 MB
Available Virtual: 1379.99 MB

==================== Drives ================================

Drive c: (WinOS) (Fixed) (Total:169.97 GB) (Free:104.36 GB) NTFS
Drive d: (Data) (Fixed) (Total:280.3 GB) (Free:276.63 GB) NTFS
Drive e: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:237.9 GB) (Free:105.74 GB) NTFS

\\?\Volume{f31a0a94-ac94-11e3-9373-2025645c6de1}\ (System) (Fixed) (Total:1 GB) (Free:0.5 GB) NTFS
\\?\Volume{99659bd8-7c5d-49d3-b1a7-30eaa7d3d042}\ () (Fixed) (Total:0.96 GB) (Free:0.45 GB) NTFS
\\?\Volume{7511c80f-af5f-45ef-94c4-5ac506f8ba7e}\ () (Fixed) (Total:0.77 GB) (Free:0.75 GB) NTFS
\\?\Volume{7929dbf6-2e14-11e4-ad78-d897ba08449d}\ (Recovery) (Fixed) (Total:12.53 GB) (Free:1.01 GB) NTFS
\\?\Volume{9256f827-0000-0000-0000-40803b000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS
\\?\Volume{f31a0a9c-ac94-11e3-9373-2025645c6de1}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 9256F827)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=475 MB) - (Type=27)

==================== End of Addition.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by User (administrator) on JAMIE-LAPTOP (TOSHIBA Satellite S40-B) (21-05-2019 16:45:39)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: defaultuser0 & User)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CYBERGHOST S.A. -> CyberGhost S.A.) C:\Program Files\CyberGhost 7\CyberGhost.Service.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lavasoft Software Canada -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Trend Micro Inc.) [File not signed] C:\Users\User\Desktop\HijackThis.exe
(VideoLAN -> VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1797737637-2226211763-716302337-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-04-11] (Lavasoft Software Canada -> Lavasoft)
HKU\S-1-5-21-1797737637-2226211763-716302337-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 7\CyberGhost.exe [975568 2019-04-04] (CYBERGHOST S.A. -> CyberGhost S.A.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\Installer\chrmstp.exe [2019-05-15] (Google LLC -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {30A91ADA-B176-4DBC-8EC9-B675B4B2CF2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-11] (Google Inc -> Google Inc.)
Task: {6B482C80-EE73-4FDD-BAD0-A7BFF90849A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {90534F61-9CBF-4816-88C3-F4074BD5D14F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BBE8BE8-CA13-468F-A9A6-BD8B7A246E01} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {B762C0BF-1B2B-462F-B26A-73BA2EFDBF99} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-05-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {B7B5B345-1D2D-41CE-B4BC-FFA89EFB04B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {D5FF4DFB-2401-4567-AB1C-76B796ACA7FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-11] (Google Inc -> Google Inc.)
Task: {ED3B93CD-01B4-4F1B-B2B6-6F4DA8053E51} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2762968 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {F2A0A49B-B636-4D1C-9ED7-6E22EE5632A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-25] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{034058b1-eac2-437c-bb39-1ddf1d727537}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0bc1e96d-7fd2-4e61-92f3-ce10dcdf4822}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1797737637-2226211763-716302337-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.jauce.com/
SearchScopes: HKU\S-1-5-21-1797737637-2226211763-716302337-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011618-A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1797737637-2226211763-716302337-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011618-A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-06-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-06-22] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1797737637-2226211763-716302337-1001 -> hxxp://www.google.com/

FireFox:
========
FF DefaultProfile: upa0kkao.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\upa0kkao.default [2019-05-21]
FF Homepage: Mozilla\Firefox\Profiles\upa0kkao.default -> Google
FF NewTab: Mozilla\Firefox\Profiles\upa0kkao.default -> hxxp://www.bing.com/?pc=COSP&ptag=D011618-A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\upa0kkao.default\Extensions\[email protected] [2019-02-07]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\upa0kkao.default\Extensions\[email protected] [2019-05-03]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\upa0kkao.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-23]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\upa0kkao.default\searchplugins\bing-lavasoft-ff59.xml [2018-04-11]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)
FF Plugin-x32: @Videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-10-29]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-11]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-11]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-11]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-11]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R2 CG7Service; C:\Program Files\CyberGhost 7\CyberGhost.Service.exe [93904 2019-04-04] (CYBERGHOST S.A. -> CyberGhost S.A.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373712 2018-04-17] (Intel(R) pGFX -> Intel Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [287240 2018-03-29] (Synaptics Incorporated -> Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-04-11] (Lavasoft Software Canada -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-25] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmPeStor; C:\WINDOWS\system32\drivers\AmPeStor.sys [150296 2014-01-22] (AlcorMicro, Corp. -> Alcor Micro, Corp.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-07-01] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-11-29] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163416 2019-01-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2019-05-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [129448 2017-09-19] (Future Technology Devices International Ltd -> Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [89792 2017-09-19] (Future Technology Devices International Ltd -> Future Technology Devices International Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation - Intelģ Management Engine Firmware -> Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3529728 2017-11-22] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 openport; C:\WINDOWS\system32\DRIVERS\openport.sys [23176 2016-06-14] (Tactrix Inc. -> Tactrix Inc.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [54792 2018-03-29] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (TOSHIBA CORPORATION -> Toshiba Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-21 16:45 - 2019-05-21 16:48 - 000022254 _____ C:\Users\User\Desktop\FRST.txt
2019-05-21 16:45 - 2019-05-21 16:45 - 000000000 ____D C:\FRST
2019-05-21 16:43 - 2019-05-21 16:42 - 002435072 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-05-21 16:42 - 2019-05-21 16:42 - 002435072 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2019-05-21 00:03 - 2019-05-21 00:03 - 000388608 _____ (Trend Micro Inc.) C:\Users\User\Desktop\HijackThis.exe
2019-05-20 23:27 - 2019-05-20 23:30 - 158404272 _____ (Microsoft Corporation) C:\Users\User\Downloads\msert.exe
2019-05-20 23:13 - 2019-05-20 23:15 - 598736896 _____ C:\Users\User\Downloads\eset_sysrescue_live_enu.iso
2019-05-20 21:25 - 2019-05-20 21:25 - 000001109 _____ C:\Users\User\Desktop\RMPrepUSB.lnk
2019-05-20 21:25 - 2019-05-20 21:25 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB
2019-05-20 21:25 - 2019-05-20 21:25 - 000000000 ____D C:\Program Files (x86)\RMPrepUSB
2019-05-20 21:24 - 2019-05-20 21:24 - 000000000 ____D C:\Users\User\Downloads\Install_RMPrepUSB_Full_v2.1.741a.exe
2019-05-20 21:23 - 2019-05-20 21:23 - 009974624 _____ C:\Users\User\Downloads\Install_RMPrepUSB_Full_v2.1.741a.exe.zip
2019-05-19 23:03 - 2019-05-20 21:33 - 000000000 ____D C:\Users\User\Downloads\Da_Rt_10_ x64_
2019-05-19 23:02 - 2019-05-19 23:02 - 001447178 _____ (Igor Pavlov) C:\Users\User\Downloads\7z1900-x64.exe
2019-05-19 23:02 - 2019-05-19 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-05-19 23:02 - 2019-05-19 23:02 - 000000000 ____D C:\Program Files\7-Zip
2019-05-19 22:56 - 2019-05-19 22:57 - 471956407 _____ C:\Users\User\Downloads\Da_Rt_10_ x64_.rar
2019-05-19 22:43 - 2019-05-20 21:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-19 22:40 - 2019-05-19 23:21 - 000000000 ____D C:\ESD
2019-05-19 22:33 - 2019-05-19 22:33 - 000000000 ____D C:\$WINDOWS.~BT
2019-05-19 22:32 - 2019-05-19 22:32 - 019229160 _____ (Microsoft Corporation) C:\Users\User\Downloads\MediaCreationTool1809.exe
2019-05-19 22:32 - 2019-05-19 22:32 - 006132216 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows10Upgrade9252.exe
2019-05-19 22:32 - 2019-05-19 22:32 - 000000000 ___HD C:\$Windows.~WS
2019-05-15 10:45 - 2018-09-20 14:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-05-08 20:56 - 2019-05-08 20:56 - 000000000 ____D C:\Users\User\Downloads\Warrior.S01E04.WEB.H264-MEMENTO[ettv]
2019-05-04 11:52 - 2019-05-04 12:37 - 000000000 ____D C:\Users\User\Downloads\www.Torrenting.org - Grand Designs The Street S01E03 1080p HDTV h264-PLUTONiUM
2019-05-04 11:45 - 2019-05-04 11:47 - 000000000 ____D C:\Users\User\Downloads\www.SceneTime.com - Grand Designs The Street S01E04 HDTV x264-PLUTONiUM
2019-05-04 11:43 - 2019-05-04 11:49 - 000000000 ____D C:\Users\User\Downloads\www.SceneTime.com - Grand Designs The Street S01E05 HDTV x264-PLUTONiUM
2019-05-04 11:39 - 2019-05-04 11:46 - 000000000 ____D C:\Users\User\Downloads\www.SceneTime.com - The Repair Shop S04E22 WEB h264-LiGATE
2019-05-03 10:50 - 2019-05-03 11:17 - 692491529 _____ C:\Users\User\Downloads\Selling.Houses.Australia.S12E09.720p.x264.mp4
2019-05-03 10:30 - 2019-05-03 11:01 - 000000000 ____D C:\Users\User\Downloads\Love.Death.And.Robots.S01.COMPLETE.720p.WEB.x264-GalaxyTV[TGx]

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-21 16:45 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-21 16:45 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-21 16:43 - 2018-06-06 22:36 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{48046AE5-2142-4C00-B462-B0B927A6542F}
2019-05-21 16:40 - 2018-06-06 22:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-21 14:00 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-21 00:05 - 2017-08-28 13:02 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2019-05-20 21:32 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-20 21:32 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-20 21:18 - 2018-01-12 19:58 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-05-20 21:18 - 2018-01-12 19:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-20 21:17 - 2018-12-25 01:27 - 000001010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-20 15:55 - 2018-06-06 22:36 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-05-20 15:16 - 2018-01-12 21:02 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2019-05-20 13:13 - 2018-06-06 22:25 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-20 13:11 - 2019-02-07 21:09 - 000000000 ____D C:\Users\User\AppData\Local\CyberGhost
2019-05-20 13:09 - 2019-03-16 06:21 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2019-05-20 13:09 - 2017-08-28 17:24 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-05-20 13:09 - 2017-08-28 13:02 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-05-20 13:08 - 2018-06-06 22:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-20 13:08 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-05-19 23:20 - 2018-05-18 11:43 - 000000000 ___DC C:\WINDOWS\Panther
2019-05-17 07:38 - 2018-06-06 22:36 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-17 07:38 - 2018-06-06 22:36 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-17 07:18 - 2018-01-13 15:32 - 000000000 ____D C:\Program Files\rempl
2019-05-17 01:22 - 2018-01-13 15:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-17 01:07 - 2018-01-13 15:23 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-15 10:41 - 2018-04-11 19:03 - 000002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-08 23:26 - 2018-10-13 23:05 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2019-05-08 23:23 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-04 09:53 - 2018-09-21 17:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-04 09:53 - 2018-09-21 17:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-04 07:18 - 2018-01-12 20:17 - 000001144 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-05-04 07:17 - 2018-07-03 14:22 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software
2019-05-04 07:16 - 2018-12-24 20:04 - 000002365 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-04 07:16 - 2018-06-06 22:36 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1797737637-2226211763-716302337-1001
2019-05-04 07:16 - 2017-08-28 13:06 - 000000000 ___RD C:\Users\User\OneDrive
2019-05-03 10:54 - 2018-01-12 20:31 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-05-03 09:18 - 2018-01-25 09:16 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2019-04-25 11:29 - 2018-06-06 22:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-23 19:36 - 2018-06-06 22:07 - 000417544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-23 19:32 - 2018-04-12 09:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-23 19:32 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-23 19:32 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
blackduck30 is offline  
Sponsored Links
Advertisement
 
Old 05-21-2019, 12:00 AM   #4
TSF Enthusiast
 
blackduck30's Avatar
 
Join Date: Sep 2004
Location: Wollongong/Australia
Posts: 4,267
OS: XP pro SP3/Vista Ultimate

My System


I have no idea if this captured the 2nd hard drive I have plugged in from my main system
blackduck30 is offline  
Old 05-21-2019, 12:01 AM   #5
TSF Enthusiast
 
blackduck30's Avatar
 
Join Date: Sep 2004
Location: Wollongong/Australia
Posts: 4,267
OS: XP pro SP3/Vista Ultimate

My System


Local disk "F"
blackduck30 is offline  
Old 05-23-2019, 08:34 AM   #6
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello..! Sorry for the delay...!


Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Quote:
Web Companion
  • Select each program and click Uninstall.
  • Restart the computer if prompted.


============================================


Farbar Recovery Scan Tool - Fix

  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST/FRST64.exe

    NOTE: Both FRST/FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Lavasoft Software Canada -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Trend Micro Inc.) [File not signed] C:\Users\User\Desktop\HijackThis.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1797737637-2226211763-716302337-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-04-11] (Lavasoft Software Canada -> Lavasoft)
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-04-11] (Lavasoft Software Canada -> )

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1797737637-2226211763-716302337-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{4F7E6CA7-7BEA-4359-9203-1FE780E0D6EC}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F8F9A743-56B8-47C4-8551-44002429FBEE}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File

VirusTotal: C:\Program Files\Windows Mail\wab.exe

C:\Program Files (x86)\Lavasoft\Web Companion

End
  • Double-click FRST/FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
icotonev is offline  
Old 05-26-2019, 01:56 AM   #7
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello, Blackduck30..!
Still with us ? If you don't reply within 24 hours, this thread shall be closed.
icotonev is offline  
Old 05-27-2019, 12:07 PM   #8
Administrator
Team Manager, Gaming
Team Manager, Microsoft Support
Team Manager, Hardware Team
Microsoft MVP
 
Wrench97's Avatar
 
Join Date: May 2008
Location: S.E. Pennsylvania
Posts: 54,056
OS: Win7



From the reboot in 1 minute message it almost sounds like a Windows update issue no?

See if this helps> https://www.guru3d.com/news-story/pr...wont-boot.html
Wrench97 is offline  
Old 05-31-2019, 04:09 AM   #9
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/forums/f50/malware-removal-help-posting-instructions-305963.html
icotonev is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware on my PC
Hey Guys, I have recently had malware on my PC and I need some help in removing it. I think I know how I managed to get this installed (or the program which installed it). I also know that "uSearch Bar = hxxp://public-box.ru/start uSearch Page = hxxp://public-box.ru/start" and other 'websites'...
konradgoat Virus/Trojan/Spyware Help 8 10-14-2016 02:05 PM
"Your pc has been blocked" Virus, help.
So somehow I manage to download a file that wasn't good for my computer. The file seems to be a fake Adobeupdate.exe. What happens is when log on I get a screen saying "my pc have been blocked, i've got illegal movies etc., please complete the surveys to unlock your pc". Now the screen that...
Wagzy Inactive Malware Help Topics 22 06-05-2013 11:34 PM
Problem with Pop-ups
My computer is infected with pop ups. I am extremely careful about the sites I visit and I donít recollect visiting any unknown sites or clicking on any unknown links. Everything else seems to run fine expect for the pop ups. The computer is not slow and I cannot see any other change. I had...
rbxo Virus/Trojan/Spyware Help 44 03-17-2010 11:18 AM
[SOLVED] dowloaded file - did NOT open or install it - virus program showed trojan -
hey there - I'm really sorry if someone has already started a thread about this but as I'm not here that often, I could not find the right thread and I am starting a new one. concerning the problem: I downloaded a file (tuxguitar actually) and wanted to install it, but thank god my laptop did...
markus.roega Resolved HJT Threads 10 11-13-2008 12:44 AM
MSN Album Virus: Hijack This Help
A few days ago i clicked what i thought were some pictures from a freind on msn, but it turned out to be a very annoying virus. It messages everyone on my contact list a different message along with the virus if they click the download. Here is the Hijack This scan, if someone could help me...
Bradska Resolved HJT Threads 31 11-17-2007 12:33 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:08 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts