Tech Support banner

Status
Not open for further replies.
1 - 20 of 57 Posts

·
Registered
Joined
·
147 Posts
Discussion Starter #1
Dell 5558 win 8.1 up to date.

I visited what I thought was a passed safe site to download manuals using Firefox. I got a screen that stated that Windows defender found the sight was malicious at to call a 800 number. I disconnect Ed from the internet.

The PC mem and disk went to 100 utilization and would not accept commands or very slow . The hard power button would not shut down with disk still running . I didn't try removing the battery. I would appreciate any help in resolving.

I am running Avira free, mbam free, registry backup Tweeking reg.
 

·
Team Manager, Microsoft Support
Joined
·
26,415 Posts
Read the Sticky at the beginning of this Forum and follow the instructions.
 

·
Registered
Joined
·
147 Posts
Discussion Starter #4
I can't find/access the sticky. My PC is down and I am using smart phone. Can you give the link ?
 

·
Registered
Joined
·
147 Posts
Discussion Starter #5
PC laptop was unresponsive. It is now shut down. Should I remove/replace the battery before rebooting and performing instructions in sticky?
 

·
Registered
Joined
·
147 Posts
Discussion Starter #8
It took about 45 minutes for the pc to shut down after doing a hard power down (power button). I was able to boot the system after two tries. Dell system restore did a basic restart. Please refer to above posts for additional symptoms of infection. I do have access to the Window 8.1 install disc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Perry (administrator) on TRAVELER (Dell Inc. Inspiron 5558) (07-06-2020 21:55:17)
Running from C:\Users\Name\Desktop
Loaded Profiles: Name
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(American Power Conversion -> Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(American Power Conversion -> Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dassault Systèmes) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Dell Inc. -> ) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Nitro Software, Inc. -> Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-01-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19494864 2015-04-02] (Entertainment Experience LLC -> Entertainment Experience)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161240 2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
HKLM-x32\...\Run: [SolidWorks_CheckForUpdates] => "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (American Power Conversion -> Schneider Electric)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [238568 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331368 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\...\Run: [Opera Browser Assistant] => C:\Users\Perry\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3004440 2020-05-19] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD8U.DLL [27648 2007-04-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
 

Attachments

·
Super Moderator, Editor, Articles Team
Joined
·
12,034 Posts
Well done but the FRST.txt is incomplete. End of the log should look like below.


==================== End of FRST.txt ========================


The analyst will ask you to post the complete log or run it again.
 

·
Registered
Joined
·
147 Posts
Discussion Starter #10
Good catch - Thanks. Cut and paste error.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Perry (administrator) on TRAVELER (Dell Inc. Inspiron 5558) (07-06-2020 21:55:17)
Running from C:\Users\Perry\Desktop
Loaded Profiles: Perry
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(American Power Conversion -> Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(American Power Conversion -> Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dassault Systèmes) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Dell Inc. -> ) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Nitro Software, Inc. -> Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-01-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19494864 2015-04-02] (Entertainment Experience LLC -> Entertainment Experience)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161240 2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
HKLM-x32\...\Run: [SolidWorks_CheckForUpdates] => "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (American Power Conversion -> Schneider Electric)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [238568 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331368 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\...\Run: [Opera Browser Assistant] => C:\Users\Perry\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3004440 2020-05-19] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD8U.DLL [27648 2007-04-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP470 series: C:\Windows\system32\CNMLM8U.DLL [259584 2008-02-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon10.dll [31904 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2017-03-10]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (American Power Conversion -> Schneider Electric)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D7339CA-B502-42E7-9E86-B740B80469C3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {0E9A4E71-B8DA-4955-92E8-9725E59C565D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {25F49B7D-C839-444B-AB28-915A05FEB345} - System32\Tasks\Reg Backup Tweaking.com => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [325376 2015-08-06] (Tweaking LLC -> Tweaking.com)
Task: {2C26BC2B-1C53-40B7-A7AB-5565DEA7E0F5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
Task: {39952320-36B5-420E-90AA-EAEEE64BC34E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
Task: {406A363F-06F5-4F79-8EA7-D2597D13A3C8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {4100D1B4-AEE0-4DE1-B3B0-B87169AE5B76} - System32\Tasks\Opera scheduled Autoupdate 1578167430 => C:\Users\Perry\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-05-19] (Opera Software AS -> Opera Software)
Task: {6916CB4A-A4C1-467D-B565-F26D6FD34DD5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248 2014-04-01] (Leader Technologies Inc -> Aviata Inc)
Task: {77039CAF-FC0B-4A07-9E5B-6F8E74B5920A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
Task: {85D58B7C-27E8-40AC-99FF-45AF4979D98E} - System32\Tasks\Opera scheduled assistant Autoupdate 1580934218 => C:\Users\Perry\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-05-19] (Opera Software AS -> Opera Software)
Task: {8FB46D0D-FAB7-4C8C-BFB5-58585EEBAE9D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [30904 2016-04-22] (Dell Inc. -> Dell Inc.)
Task: {932D8596-AAC4-408F-8CE5-F56106CD86DE} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27848432 2020-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {A5C4072D-DEDB-45BA-AEF4-EE4A95545789} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {A9A6E7CD-4B8A-429C-87AB-D9183C2425FC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-05-23] (Adobe Inc. -> Adobe)
Task: {ACF229D7-7638-448F-A366-78430F9E80B9} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248 2014-04-01] (Leader Technologies Inc -> Aviata Inc)
Task: {B1F84C72-FC26-4C4D-82E2-8A1386746998} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [325376 2015-08-06] (Tweaking LLC -> Tweaking.com)
Task: {B7DCA8D6-3C6B-4DFD-BBA1-5C8E4287A991} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {C726661B-E9AF-45B1-B720-7A5F3B8ADA39} - System32\Tasks\{FB6F14F3-7CF6-43A3-8FE7-03F3531E9EEC} => C:\Windows\system32\pcalua.exe -a C:\Users\Perry\Downloads\dell_update\update_new\AirplaneModex64_ZPE.exe -d C:\Users\Perry\Downloads\dell_update\update_new
Task: {E75FACED-39A8-459E-A93D-CA0DC3FE9193} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {F420592F-981F-47DB-8A5D-FD79A30CC51E} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [228552 2020-05-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {FCC66A3A-18F6-465A-BE85-A6A3C88CA539} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759632 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50117D21-2CC1-4E1A-8962-144E8A4A03E7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EA106053-A368-40FB-9D12-76007CF71C96}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {38E3C46F-AA59-491C-A8C6-B63EB2282FC0} URL =
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {B6150270-6ECB-42FA-BC45-4C6131964B6C} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {F94DBE5E-5FA7-4397-A1F6-8598A3210271} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> No Name - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - No File
Toolbar: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File

FireFox:
========
FF DefaultProfile: q2dk1i87.default
FF ProfilePath: C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default [2020-06-07]
FF NetworkProxy: Mozilla\Firefox\Profiles\q2dk1i87.default -> type", 0
FF Notifications: Mozilla\Firefox\Profiles\q2dk1i87.default -> hxxps://mg.mail.yahoo.com; hxxps://www.aol.com
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\@testpilot-containers.xpi [2018-09-12]
FF Extension: (Avira Browser Safety) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2019-09-05]
FF Extension: (FlashStopper) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2017-11-08] [Legacy]
FF Extension: (Page To PDF) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2018-04-24]
FF Extension: (RSS Icon in url bar) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2016-07-16] [Legacy]
FF Extension: (Price Rocket) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2016-10-14] [Legacy]
FF Extension: (View in Office Online Viewer) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2016-04-27] [Legacy]
FF Extension: (NoScript) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-09-05]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-12-02]
FF Extension: (BetterPrivacy) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-07-25] [Legacy]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-05-23] (Adobe Inc. -> )
FF Plugin: @Videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @Videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-05-23] (Adobe Inc. -> )
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro Software, Inc. -> Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1021941897-2095083384-3793157674-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Perry\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-24] (Citrix Online -> Citrix Online)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

Opera:
=======
OPR Notifications: hxxps://togo.carrabbasonlineordering.com
OPR Extension: (Popup Blocker (strict)) - C:\Users\Perry\AppData\Roaming\Opera Software\Opera Stable\Extensions\jabcemjkhjfpkhakphioakkhcnbgeomm [2020-01-04]
OPR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Perry\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbjmgmedeliohhbaefhlplndokcbmjio [2020-01-27]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208664 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537144 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483832 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483832 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573256 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (American Power Conversion -> Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (American Power Conversion -> Schneider Electric)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636264 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [383240 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [244008 2020-05-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161552 2020-04-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc. -> Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell Inc. -> Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-08-24] (Dell Inc. -> )
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Techporch Incorporated -> Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Techporch Incorporated -> Dell Inc.)
S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Leader Technologies Inc -> Aviata, Inc.)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [121344 2017-04-13] (Dassault Systèmes) [File not signed]
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-04-20] (Intel Corporation - pGFX -> Intel Corporation)
S4 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-04-20] (Intel Corporation - pGFX -> Intel Corporation)
S4 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel(R) Wireless Display -> Intel)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-01-04] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink Corp. -> CyberLink)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-07-28] (Dell Inc. -> SoftThinks SAS)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc. -> Dell Inc.)
S4 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [92624 2015-04-02] (Entertainment Experience LLC -> )
S4 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2016-01-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S4 0128111438810831mcinstcleanup; C:\Windows\TEMP\012811~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208016 2020-05-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-05-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2020-06-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2014-12-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 phantomtap; C:\Windows\system32\DRIVERS\phantomtap.sys [35664 2017-07-13] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35784 2017-02-03] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Intel(R) Wireless Display -> Windows (R) Win 7 DDK provider)
S3 utizodqz; C:\Windows\SysWOW64\Drivers\utizodqz.sys [7168 2016-12-10] () [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-07 21:55 - 2020-06-07 21:58 - 000030892 _____ C:\Users\Perry\Desktop\FRST.txt
2020-06-07 21:51 - 2020-06-07 21:57 - 000000000 ____D C:\FRST
2020-06-07 21:41 - 2020-06-07 21:42 - 002289152 _____ (Farbar) C:\Users\Perry\Desktop\FRST64.exe
2020-05-25 10:27 - 2020-05-25 10:27 - 000000000 ____D C:\Users\Perry\opera autoupdate
2020-05-21 09:47 - 2020-05-21 09:49 - 010789348 _____ C:\Users\Perry\Desktop\stopandshop_flyer_0515_05222020.pdf
2020-05-21 09:14 - 2020-05-21 09:21 - 028507102 _____ C:\Users\Perry\Desktop\stopandshop_flyer_0521_05282020.pdf
2020-05-14 16:21 - 2020-04-29 23:49 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2020-05-14 16:21 - 2020-04-29 23:22 - 000881664 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2020-05-14 16:21 - 2020-04-29 22:55 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-05-14 16:21 - 2020-04-29 22:43 - 001495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-05-14 16:21 - 2020-04-29 22:40 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2020-05-14 16:21 - 2020-04-29 22:37 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2020-05-14 16:21 - 2020-04-29 22:33 - 001096704 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-05-14 16:21 - 2020-04-16 02:04 - 022365896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-05-14 16:21 - 2020-04-16 02:04 - 003118032 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2020-05-14 16:21 - 2020-04-16 02:04 - 001368592 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-05-14 16:21 - 2020-04-16 02:04 - 000722496 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-05-14 16:21 - 2020-04-16 02:04 - 000642488 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2020-05-14 16:21 - 2020-04-16 02:00 - 000374024 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-05-14 16:21 - 2020-04-16 01:15 - 025755136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-05-14 16:21 - 2020-04-16 00:30 - 019795840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-05-14 16:21 - 2020-04-16 00:29 - 000561400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-05-14 16:21 - 2020-04-16 00:29 - 000493736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2020-05-14 16:21 - 2020-04-16 00:25 - 000316368 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-05-14 16:21 - 2020-04-15 23:40 - 002911744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2020-05-14 16:21 - 2020-04-15 23:38 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-05-14 16:21 - 2020-04-15 23:31 - 020291072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-05-14 16:21 - 2020-04-15 23:31 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2020-05-14 16:21 - 2020-04-15 23:28 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2020-05-14 16:21 - 2020-04-15 23:27 - 005498880 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-05-14 16:21 - 2020-04-15 23:27 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-05-14 16:21 - 2020-04-15 23:25 - 000546816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2020-05-14 16:21 - 2020-04-15 23:14 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-05-14 16:21 - 2020-04-15 23:11 - 002304000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2020-05-14 16:21 - 2020-04-15 23:07 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2020-05-14 16:21 - 2020-04-15 23:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2020-05-14 16:21 - 2020-04-15 23:05 - 000147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2020-05-14 16:21 - 2020-04-15 23:04 - 000654336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-05-14 16:21 - 2020-04-15 23:03 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2020-05-14 16:21 - 2020-04-15 22:59 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-05-14 16:21 - 2020-04-15 22:59 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-05-14 16:21 - 2020-04-15 22:54 - 015478272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-05-14 16:21 - 2020-04-15 22:53 - 003258368 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2020-05-14 16:21 - 2020-04-15 22:53 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2020-05-14 16:21 - 2020-04-15 22:51 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-05-14 16:21 - 2020-04-15 22:50 - 001384960 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-05-14 16:21 - 2020-04-15 22:49 - 002942464 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2020-05-14 16:21 - 2020-04-15 22:49 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2020-05-14 16:21 - 2020-04-15 22:48 - 000310784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2020-05-14 16:21 - 2020-04-15 22:43 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-05-14 16:21 - 2020-04-15 22:41 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-05-14 16:21 - 2020-04-15 22:41 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2020-05-14 16:21 - 2020-04-15 22:40 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-05-14 16:21 - 2020-04-15 22:39 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-05-14 16:21 - 2020-04-15 22:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-05-14 16:21 - 2020-04-15 22:38 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2020-05-14 16:21 - 2020-04-15 22:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2020-05-14 16:21 - 2020-04-15 22:37 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-05-14 16:21 - 2020-04-15 22:35 - 013861376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-05-14 16:21 - 2020-04-15 22:35 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2020-05-14 16:21 - 2020-04-15 22:32 - 000689152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2020-05-14 16:21 - 2020-04-15 22:30 - 014533632 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2020-05-14 16:21 - 2020-04-15 22:28 - 000902656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
2020-05-14 16:21 - 2020-04-15 22:27 - 000173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2020-05-14 16:21 - 2020-04-15 22:26 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2020-05-14 16:21 - 2020-04-15 22:26 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-05-14 16:21 - 2020-04-15 22:26 - 000466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2020-05-14 16:21 - 2020-04-15 22:24 - 007799296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2020-05-14 16:21 - 2020-04-15 22:23 - 000626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
2020-05-14 16:21 - 2020-04-15 22:22 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\ConfigureExpandedStorage.dll
2020-05-14 16:21 - 2020-04-15 22:20 - 004387328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-05-14 16:21 - 2020-04-15 22:20 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConfigureExpandedStorage.dll
2020-05-14 16:21 - 2020-04-15 22:19 - 001265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2020-05-14 16:21 - 2020-04-15 22:18 - 005271552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2020-05-14 16:21 - 2020-04-15 22:16 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-05-14 16:21 - 2020-04-15 22:15 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-05-14 16:21 - 2020-04-15 22:15 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-05-14 16:21 - 2020-04-15 22:14 - 001727488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2020-05-14 16:21 - 2020-04-15 22:11 - 001546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2020-05-14 16:21 - 2020-04-15 22:11 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2020-05-14 16:21 - 2020-04-15 22:11 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2020-05-14 16:21 - 2020-04-15 22:07 - 000156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2020-05-14 16:21 - 2020-04-15 22:05 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2020-05-14 16:21 - 2020-04-14 03:33 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2020-05-14 16:21 - 2020-04-14 03:03 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2020-05-14 16:21 - 2020-04-11 14:42 - 007362296 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-05-14 16:21 - 2020-04-11 14:41 - 000376568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-05-14 16:21 - 2020-04-11 14:39 - 001542696 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-05-14 16:21 - 2020-04-11 14:29 - 001737720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-05-14 16:21 - 2020-04-11 13:31 - 001501096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-05-14 16:21 - 2020-04-11 13:04 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-05-14 16:21 - 2020-04-11 11:55 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2020-05-14 16:21 - 2020-04-11 11:53 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2020-05-14 16:21 - 2020-04-11 11:48 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-05-14 16:21 - 2020-04-11 11:47 - 000260608 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2020-05-14 16:21 - 2020-04-11 11:23 - 001317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2020-05-14 16:21 - 2020-04-11 11:22 - 001103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2020-05-14 16:21 - 2020-04-10 20:12 - 002446576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-05-14 16:21 - 2020-04-10 20:12 - 000428784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-05-14 16:21 - 2020-04-09 09:36 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-05-14 16:21 - 2020-04-07 15:30 - 000988472 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2020-05-14 16:21 - 2020-04-07 15:28 - 000857320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2020-05-14 16:21 - 2020-04-07 09:55 - 003330048 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-05-14 16:21 - 2020-04-07 09:51 - 003636224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-05-14 16:21 - 2020-04-04 12:06 - 000879616 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-05-14 16:21 - 2020-04-04 12:01 - 001572864 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2020-05-14 16:21 - 2020-04-04 11:50 - 000795136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2020-05-10 10:21 - 2020-05-10 10:21 - 000001134 _____ C:\Users\Public\Desktop\Avira.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-07 21:51 - 2016-07-06 17:47 - 000000000 ____D C:\Users\Perry\AppData\Local\ClassicShell
2020-06-07 21:49 - 2017-02-20 14:17 - 000000000 ____D C:\Users\Perry\AppData\LocalLow\Mozilla
2020-06-07 21:19 - 2020-02-08 18:48 - 000000000 ____D C:\Users\Perry\Downloads\opera autoupdate
2020-06-07 21:19 - 2015-07-25 22:43 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1021941897-2095083384-3793157674-1001
2020-06-07 21:14 - 2019-11-13 10:35 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-06-07 21:13 - 2015-07-25 22:35 - 000000000 ____D C:\Users\Perry
2020-06-07 21:12 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-07 21:11 - 2015-07-26 22:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-05 17:24 - 2017-02-13 11:11 - 000000000 ____D C:\Users\Perry\AppData\Local\Autodesk
2020-06-05 15:54 - 2017-01-25 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2020-06-04 01:53 - 2015-07-26 22:35 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-03 11:40 - 2017-02-15 13:23 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-06-01 09:14 - 2014-11-21 00:42 - 000866884 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-01 09:14 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2020-06-01 09:08 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2020-05-27 14:29 - 2017-06-16 14:31 - 000000000 ____D C:\Users\Perry\Documents\Electronics_watches_small_appliances
2020-05-27 11:31 - 2020-03-25 11:27 - 000003454 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2020-05-27 10:53 - 2015-08-11 12:32 - 000000000 ____D C:\Users\Perry\Documents\House
2020-05-26 10:36 - 2018-01-12 00:01 - 000208016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2020-05-23 13:53 - 2015-07-28 23:02 - 000000000 ____D C:\Users\Perry\AppData\Local\Adobe
2020-05-23 11:58 - 2018-09-14 17:55 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-05-23 11:58 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-05-23 11:58 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-05-23 11:41 - 2019-04-22 09:22 - 000000000 ____D C:\Users\Perry\Downloads\adobe
2020-05-22 10:06 - 2020-01-04 15:50 - 000004054 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1578167430
2020-05-22 10:06 - 2020-01-04 15:50 - 000001340 _____ C:\Users\Perry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2020-05-21 20:37 - 2016-09-25 15:02 - 000000000 ____D C:\Users\Perry\AppData\Local\NitroSpoolDir
2020-05-21 20:37 - 2015-09-13 23:37 - 000000000 ____D C:\Users\Perry\AppData\Roaming\Nitro
2020-05-19 15:42 - 2020-02-05 16:23 - 000004288 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1580934218
2020-05-19 14:54 - 2017-02-13 12:25 - 000000000 ____D C:\Users\Perry\AppData\Roaming\Autodesk
2020-05-18 09:10 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2020-05-18 09:08 - 2015-08-07 00:19 - 000000000 ____D C:\Windows\system32\MRT
2020-05-18 09:05 - 2015-08-07 00:19 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-05-17 01:24 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2020-05-14 18:33 - 2013-08-22 10:44 - 000439120 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-14 18:29 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2020-05-14 11:56 - 2016-01-04 13:08 - 000000000 ____D C:\Users\Perry\Documents\Family and Friends
2020-05-12 02:45 - 2015-09-02 17:58 - 000000000 ____D C:\Users\Perry\Documents\Purchase_Receipt_Coupon_Rebate_web
2020-05-11 17:00 - 2016-04-09 22:58 - 000000000 ____D C:\Users\Perry\Documents\Music Lyrics
2020-05-11 16:47 - 2017-02-13 12:25 - 000000000 ____D C:\ProgramData\Autodesk
2020-05-11 09:31 - 2015-06-17 22:16 - 000000000 ____D C:\ProgramData\Package Cache
2020-05-08 11:11 - 2015-07-27 08:12 - 000000000 ____D C:\Users\Perry\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ========

2005-11-27 01:53 - 2005-11-27 01:53 - 000049152 _____ ( ) C:\Program Files (x86)\Interop.WIA.dll
2013-08-25 19:57 - 2013-08-25 19:57 - 000001968 _____ () C:\Program Files (x86)\License.txt
2017-10-02 15:43 - 2017-10-02 15:43 - 001735384 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Base.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 003530240 _____ () C:\Program Files (x86)\PaintDotNet.Base.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000644824 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Core.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 002113024 _____ () C:\Program Files (x86)\PaintDotNet.Core.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000088280 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Data.dll
2017-10-02 15:44 - 2017-10-02 15:44 - 000269824 _____ () C:\Program Files (x86)\PaintDotNet.Data.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000191192 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Effects.dll
2017-10-02 15:44 - 2017-10-02 15:44 - 000488960 _____ () C:\Program Files (x86)\PaintDotNet.Effects.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 001782488 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.exe
2017-07-04 18:17 - 2017-07-04 18:17 - 000000534 _____ () C:\Program Files (x86)\PaintDotNet.exe.config
2017-10-02 15:44 - 2017-10-02 15:44 - 000337112 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Framework.dll
2017-10-02 15:44 - 2017-10-02 15:44 - 001166848 _____ () C:\Program Files (x86)\PaintDotNet.Framework.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 004361728 _____ () C:\Program Files (x86)\PaintDotNet.pdb
2017-10-02 15:43 - 2017-10-02 15:43 - 000405208 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Resources.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000046592 _____ () C:\Program Files (x86)\PaintDotNet.Resources.pdb
2017-10-01 11:50 - 2017-10-01 11:50 - 000146956 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.cs.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000142725 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.da.resources
2017-10-01 12:03 - 2017-10-01 12:03 - 000148759 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.DE.resources
2017-10-01 11:50 - 2017-10-01 11:50 - 000148034 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.ES.resources
2017-08-28 09:24 - 2017-08-28 09:24 - 000159963 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.fa.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000141861 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.fi.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000150514 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.FR.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000190737 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.hi.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000147219 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.hu.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000146125 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.it.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000157120 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.JA.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000150122 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.KO.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000148945 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.lt.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000144563 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.nl.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000145564 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.pl.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000147434 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.PT-BR.resources
2017-10-01 11:50 - 2017-10-01 11:50 - 000147107 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.pt-PT.resources
2017-07-03 21:50 - 2017-07-03 21:50 - 000140551 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.resources
2017-10-01 17:18 - 2017-10-01 17:18 - 000172936 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.RU.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000144431 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.sv.resources
2017-08-28 09:24 - 2017-08-28 09:24 - 000136887 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.ZH-CN.resources
2017-10-01 11:50 - 2017-10-01 11:50 - 000139240 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.zh-TW.resources
2017-10-02 15:43 - 2017-10-02 15:43 - 000566488 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.SystemLayer.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 001089752 _____ () C:\Program Files (x86)\PaintDotNet.SystemLayer.Native.x64.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000996568 _____ () C:\Program Files (x86)\PaintDotNet.SystemLayer.Native.x86.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000824832 _____ () C:\Program Files (x86)\PaintDotNet.SystemLayer.pdb
2017-10-02 15:43 - 2017-10-02 15:43 - 000014040 _____ (dotPDN LLC) C:\Program Files (x86)\PdnRepair.exe
2015-09-24 20:08 - 2015-09-24 20:08 - 000000235 _____ () C:\Program Files (x86)\PdnRepair.exe.config
2017-10-02 15:43 - 2017-10-02 15:43 - 000013824 _____ () C:\Program Files (x86)\PdnRepair.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000029912 _____ (dotPDN LLC) C:\Program Files (x86)\SetupNgen.exe
2010-04-21 01:57 - 2010-04-21 01:57 - 000000254 _____ () C:\Program Files (x86)\SetupNgen.exe.config
2017-10-02 15:43 - 2017-10-02 15:43 - 000028160 _____ () C:\Program Files (x86)\SetupNgen.pdb
2017-10-02 15:43 - 2017-10-02 15:43 - 000111832 _____ () C:\Program Files (x86)\ShellExtension_x64.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000099032 _____ () C:\Program Files (x86)\ShellExtension_x86.dll
2015-08-25 14:41 - 2019-05-14 15:18 - 000000820 _____ () C:\Program Files (x86)\shexview.cfg
2015-08-08 07:55 - 2015-08-25 14:17 - 000171104 _____ (NirSoft) C:\Program Files (x86)\shexview.exe
2017-10-02 15:43 - 2017-10-02 15:43 - 000014040 _____ (dotPDN LLC) C:\Program Files (x86)\UpdateMonitor.exe
2015-09-24 20:10 - 2015-09-24 20:10 - 000000235 _____ () C:\Program Files (x86)\UpdateMonitor.exe.config
2017-10-02 15:43 - 2017-10-02 15:43 - 000013824 _____ () C:\Program Files (x86)\UpdateMonitor.pdb
2015-07-26 00:43 - 2020-01-04 17:08 - 000007609 _____ () C:\Users\Perry\AppData\Local\resmon.resmoncfg

==================== FLock ==============================

2015-06-18 02:17 C:\System Recovery

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-06-07 04:45
==================== End of FRST.txt ========================
 

·
Moderator , Security Team
Joined
·
768 Posts
Looking over your logs now. This may take some time, I'll be back when I've finished.

Helpers in this forum look for topics with zero replies when looking for people who need help, which is why you were not replied to earlier.

Because your topic already has a number of posts in it, any helper seeing your topic would have assumed you were already being helped.

Anyway, enough about that, I'll talk to you later, once I've got a better idea of whether we're dealing with an infection or not.
 

·
Moderator , Security Team
Joined
·
768 Posts
Question .... some of the entries in your logs would suggest that this machine is used for business purposes .... is that the case ?
 

·
Registered
Joined
·
147 Posts
Discussion Starter #14
Thanks for responding. I understand about previous posts. The machine is used for both personal and soon to be freelance business.
 

·
Moderator , Security Team
Joined
·
768 Posts
OK, my advice for anyone with a machine that's being used for business, and that gets infected, is simple ...... reformat and reinstall, and then reload from backup ....... because you can never be sure that you have removed all the modifications that an attacker may have potentially made to your machine, and you have a resposibility for your client's data as well as your own.

That being said, if I understand your reply correctly, then at present you are not using this machine for business purposes, in which case I'm prepared to help you as I would any other home user.

There is a driver installed on your machine, that may, or may not, be indicative of a particular type of rootkit infection ....

S3 utizodqz; C:\Windows\SysWOW64\Drivers\utizodqz.sys [7168 2016-12-10] () [File not signed]
.... so to check whether it is or not, I'd like you to do the following ....

  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.
Boot your computer into Recovery Environment

  • Right click on Start and select Shutdown or sign out
  • Hold down your Shift key and then click on Restart
  • A Choose an Option window will open ... click on Troubleshoot
  • A Troubleshoot window will open ... click on Advanced options
  • A Advanced options window will open ... click on Command Prompt
  • Your computer will reboot into Recovery Environment.
  • Click on your account, and when prompted enter your password.
  • Once the Command window is open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.
If this driver is what I believe it may be, then FRST will automatically remove it, if it is not, then we'll investigate it further. There are some other minor issues in your logs that need attention, but we'll deal with those once we've dealt with this driver.
 

·
Registered
Joined
·
147 Posts
Discussion Starter #16
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by SYSTEM on MININT-E5IQ4RO (15-06-2020 12:06:21)
Running from d:\
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-01-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19494864 2015-04-02] (Entertainment Experience LLC -> Entertainment Experience)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161240 2016-05-21] (Ivaylo Beltchev -> IvoSoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
HKLM-x32\...\Run: [SolidWorks_CheckForUpdates] => "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (American Power Conversion -> Schneider Electric)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [238568 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331040 2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\Perry\...\Run: [Opera Browser Assistant] => C:\Users\Perry\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3004440 2020-06-10] (Opera Software AS -> Opera Software)
HKU\Perry\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD8U.DLL [27648 2007-04-02] (CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\winprint: C:\Windows\System32\spool\prtprocs\x64\winprint.dll [45056 2018-02-08] (Microsoft Corporation)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2011-08-30] (CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP470 series: C:\Windows\system32\CNMLM8U.DLL [259584 2008-02-06] (CANON INC.)
HKLM\...\Print\Monitors\Local Port: C:\Windows\system32\localspl.dll [1096704 2020-04-29] (Microsoft Corporation)
HKLM\...\Print\Monitors\Microsoft Shared Fax Monitor: C:\Windows\system32\FXSMON.DLL [42496 2014-11-21] (Microsoft Corporation)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon10.dll [31904 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [36352 2007-05-23] (Hewlett-Packard Company)
HKLM\...\Print\Monitors\Standard TCP/IP Port: C:\Windows\system32\tcpmon.dll [216576 2020-04-29] (Microsoft Corporation)
HKLM\...\Print\Monitors\USB Monitor: C:\Windows\system32\usbmon.dll [308736 2020-04-29] (Microsoft Corporation)
HKLM\...\Print\Monitors\WSD Port: C:\Windows\system32\WSDMon.dll [309760 2020-04-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2017-03-10]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (American Power Conversion -> Schneider Electric)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D7339CA-B502-42E7-9E86-B740B80469C3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {0E9A4E71-B8DA-4955-92E8-9725E59C565D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {25F49B7D-C839-444B-AB28-915A05FEB345} - System32\Tasks\Reg Backup Tweaking.com => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [325376 2015-08-06] (Tweaking LLC -> Tweaking.com)
Task: {27ACE910-C99B-4DB2-B9E6-DCE6837346A5} - System32\Tasks\Opera scheduled assistant Autoupdate 1580934218 => C:\Users\Perry\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-05-19] (Opera Software AS -> Opera Software)
Task: {2C26BC2B-1C53-40B7-A7AB-5565DEA7E0F5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
Task: {39952320-36B5-420E-90AA-EAEEE64BC34E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
Task: {406A363F-06F5-4F79-8EA7-D2597D13A3C8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {4100D1B4-AEE0-4DE1-B3B0-B87169AE5B76} - System32\Tasks\Opera scheduled Autoupdate 1578167430 => C:\Users\Perry\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-05-19] (Opera Software AS -> Opera Software)
Task: {6916CB4A-A4C1-467D-B565-F26D6FD34DD5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248 2014-04-01] (Leader Technologies Inc -> Aviata Inc)
Task: {709BDAD3-FED5-4F14-B7C3-9EAA17591004} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_pepper.exe [1454648 2020-06-15] (Adobe Inc. -> Adobe)
Task: {77039CAF-FC0B-4A07-9E5B-6F8E74B5920A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
Task: {8FB46D0D-FAB7-4C8C-BFB5-58585EEBAE9D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [30904 2016-04-22] (Dell Inc. -> Dell Inc.)
Task: {932D8596-AAC4-408F-8CE5-F56106CD86DE} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [28678840 2020-06-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {A5C4072D-DEDB-45BA-AEF4-EE4A95545789} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {A9A6E7CD-4B8A-429C-87AB-D9183C2425FC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-15] (Adobe Inc. -> Adobe)
Task: {ACF229D7-7638-448F-A366-78430F9E80B9} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248 2014-04-01] (Leader Technologies Inc -> Aviata Inc)
Task: {B1F84C72-FC26-4C4D-82E2-8A1386746998} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [325376 2015-08-06] (Tweaking LLC -> Tweaking.com)
Task: {B7DCA8D6-3C6B-4DFD-BBA1-5C8E4287A991} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {C726661B-E9AF-45B1-B720-7A5F3B8ADA39} - System32\Tasks\{FB6F14F3-7CF6-43A3-8FE7-03F3531E9EEC} => C:\Windows\system32\pcalua.exe -a C:\Users\Perry\Downloads\dell_update\update_new\AirplaneModex64_ZPE.exe -d C:\Users\Perry\Downloads\dell_update\update_new
Task: {E75FACED-39A8-459E-A93D-CA0DC3FE9193} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {F420592F-981F-47DB-8A5D-FD79A30CC51E} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [228040 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {FCC66A3A-18F6-465A-BE85-A6A3C88CA539} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759632 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208664 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537144 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483832 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483832 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573256 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (American Power Conversion -> Schneider Electric)
S2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (American Power Conversion -> Schneider Electric)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636264 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [383240 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [243856 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161552 2020-04-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc. -> Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell Inc. -> Dell)
S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-08-24] (Dell Inc. -> )
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Techporch Incorporated -> Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Techporch Incorporated -> Dell Inc.)
S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Leader Technologies Inc -> Aviata, Inc.)
S2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [121344 2017-04-13] (Dassault Systèmes)
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-04-20] (Intel Corporation - pGFX -> Intel Corporation)
S4 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-04-20] (Intel Corporation - pGFX -> Intel Corporation)
S4 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel(R) Wireless Display -> Intel)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-01-04] (Intel Corporation-Wireless Connectivity Solutions -> )
S2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink Corp. -> CyberLink)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-07-28] (Dell Inc. -> SoftThinks SAS)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc. -> Dell Inc.)
S4 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [92624 2015-04-02] (Entertainment Experience LLC -> )
S4 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2016-01-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S4 0128111438810831mcinstcleanup; C:\Windows\TEMP\012811~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2013-08-22] (Microsoft Corporation)
S1 AFD; C:\Windows\system32\drivers\afd.sys [559616 2018-01-10] (Microsoft Corporation)
S1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [80384 2015-03-19] (Microsoft Corporation)
S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [95744 2018-06-20] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [98816 2018-06-20] (Microsoft Corporation)
S3 AppID; C:\Windows\system32\drivers\appid.sys [83456 2018-06-08] (Microsoft Corporation)
S0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208016 2020-05-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-05-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [32256 2017-11-08] (Microsoft Corporation)
S1 Beep; C:\Windows\System32\Drivers\Beep.sys [7680 2013-08-22] (Microsoft Corporation)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [101376 2018-07-18] (Microsoft Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [36992 2013-08-22] (Microsoft Corporation)
S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [53248 2019-08-03] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [57856 2015-03-08] (Microsoft Corporation)
S3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [64000 2014-11-21] (Microsoft Corporation)
S3 BthPan; C:\Windows\System32\drivers\bthpan.sys [119296 2017-07-06] (Microsoft Corporation)
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [1208320 2019-10-25] (Microsoft Corporation)
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [81920 2019-05-03] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [88576 2019-02-09] (Microsoft Corporation)
S1 cdrom; C:\Windows\System32\drivers\cdrom.sys [165376 2017-12-05] (Microsoft Corporation)
S3 circlass; C:\Windows\System32\drivers\circlass.sys [44032 2013-08-22] (Microsoft Corporation)
S3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2013-08-22] (Microsoft Corporation)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [138752 2018-01-02] (Microsoft Corporation)
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [29696 2013-08-22] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [200704 2019-02-09] (Microsoft Corporation)
S3 FxPPM; C:\Windows\System32\drivers\fxppm.sys [27136 2018-06-20] (Microsoft Corporation)
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [11264 2013-08-22] (Microsoft Corporation)
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [403968 2019-08-06] (Microsoft Corporation)
S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [97792 2015-01-29] (Microsoft Corporation)
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [45568 2013-08-22] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [32768 2016-05-13] (Microsoft Corporation)
S3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [108544 2015-06-18] (Microsoft Corporation)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 intelppm; C:\Windows\System32\drivers\intelppm.sys [98816 2018-06-20] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [84992 2013-08-22] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [80896 2016-02-03] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [142848 2014-11-21] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2013-08-22] (Microsoft Corporation)
S3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [32256 2015-06-18] (Microsoft Corporation)
S2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [59392 2013-08-22] (Microsoft Corporation)
S2 luafv; C:\Windows\system32\drivers\luafv.sys [126464 2019-03-30] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2020-06-15] (Malwarebytes Corporation -> Malwarebytes)
S3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40960 2013-08-22] (Microsoft Corporation)
S3 monitor; C:\Windows\System32\drivers\monitor.sys [30208 2013-08-22] (Microsoft Corporation)
S3 mouhid; C:\Windows\System32\drivers\mouhid.sys [30208 2015-06-18] (Microsoft Corporation)
S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [73728 2018-08-09] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2016-09-08] (Microsoft Corporation)
S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [401920 2019-09-06] (Microsoft Corporation)
S2 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285184 2019-02-09] (Microsoft Corporation)
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [201728 2017-02-01] (Microsoft Corporation)
S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [116224 2019-02-07] (Microsoft Corporation)
S1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [28672 2019-02-06] (Microsoft Corporation)
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [9728 2013-08-22] (Microsoft Corporation)
S3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [66560 2014-11-21] (Microsoft Corporation)
S2 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [445952 2018-01-02] (Microsoft Corporation)
S3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [43008 2014-11-21] (Microsoft Corporation)
S3 NdisImPlatform; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\system32\DRIVERS\ndistapi.sys [24576 2015-06-18] (Microsoft Corporation)
S3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [205824 2020-02-05] (Microsoft Corporation)
S3 NdisWanLegacy; C:\Windows\system32\DRIVERS\ndiswan.sys [205824 2020-02-05] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [72192 2018-01-02] (Microsoft Corporation)
S2 Ndu; C:\Windows\System32\drivers\Ndu.sys [103424 2014-11-21] (Microsoft Corporation)
S1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [48128 2018-01-02] (Microsoft Corporation)
S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [281088 2019-02-21] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\drivers\netvsc63.sys [87552 2018-04-05] (Microsoft Corporation)
S3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2014-12-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [59392 2019-02-21] (Microsoft Corporation)
S1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23040 2013-08-22] (Microsoft Corporation)
S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [40960 2017-08-13] (Microsoft Corporation)
S3 Parport; C:\Windows\System32\drivers\parport.sys [96256 2016-08-11] (Microsoft Corporation)
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663040 2014-11-21] (Microsoft Corporation)
S3 phantomtap; C:\Windows\system32\DRIVERS\phantomtap.sys [35664 2017-07-13] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 Processor; C:\Windows\System32\drivers\processr.sys [92672 2018-06-20] (Microsoft Corporation)
S1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [151040 2018-01-02] (Microsoft Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [47104 2014-11-21] (Microsoft Corporation)
S3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [95744 2020-02-05] (Microsoft Corporation)
S3 Rasl2tp; C:\Windows\system32\DRIVERS\rasl2tp.sys [112640 2016-02-02] (Microsoft Corporation)
S1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [403456 2019-09-06] (Microsoft Corporation)
S3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2013-08-22] (Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [195072 2019-07-11] (Microsoft Corporation)
S3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [167424 2015-01-29] (Microsoft Corporation)
S2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [80384 2013-08-22] (Microsoft Corporation)
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2013-08-22] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [40960 2017-12-05] (Microsoft Corporation)
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2013-08-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2016-08-11] (Microsoft Corporation)
S3 Serial; C:\Windows\System32\drivers\serial.sys [83456 2016-08-11] (Microsoft Corporation)
S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [26112 2015-06-18] (Microsoft Corporation)
S2 srv; C:\Windows\System32\DRIVERS\srv.sys [416256 2019-02-21] (Microsoft Corporation)
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [684032 2019-02-21] (Microsoft Corporation)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [243200 2019-05-20] (Microsoft Corporation)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35784 2017-02-03] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [49152 2014-11-21] (Microsoft Corporation)
S1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [107520 2017-08-01] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56320 2013-08-22] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [29696 2014-11-21] (Microsoft Corporation)
S3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [154112 2015-09-04] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [316416 2019-02-09] (Microsoft Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Intel(R) Wireless Display -> Windows (R) Win 7 DDK provider)
S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [98304 2014-11-21] (Microsoft Corporation)
S3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2015-10-10] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation)
S3 usbscan; C:\Windows\system32\DRIVERS\usbscan.sys [44544 2014-11-21] (Microsoft Corporation)
S3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [37376 2015-10-10] (Microsoft Corporation)
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [212736 2014-11-21] (Microsoft Corporation)
S3 utizodqz; C:\Windows\SysWOW64\Drivers\utizodqz.sys [7168 2016-12-10] ()
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2016-08-12] (Microsoft Corporation)
S1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [71680 2016-08-12] (Microsoft Corporation)
S3 vwifimp; C:\Windows\system32\DRIVERS\vwifimp.sys [38912 2016-08-12] (Microsoft Corporation)
S3 Wanarp; C:\Windows\system32\DRIVERS\wanarp.sys [80384 2018-12-08] (Microsoft Corporation)
S1 Wanarpv6; C:\Windows\system32\DRIVERS\wanarp.sys [80384 2018-12-08] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [78848 2015-10-10] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22016 2019-08-19] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [113664 2014-11-21] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
UpperFilters: [{71A27CDD-812A-11D0-BEC7-08002BE2092F}] -> [avusbflt]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-15 07:53 - 2020-06-15 07:53 - 000004432 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2020-06-07 21:59 - 2020-06-07 22:03 - 000055680 _____ C:\Users\Perry\Desktop\Addition.txt
2020-06-07 21:55 - 2020-06-07 22:03 - 000054266 _____ C:\Users\Perry\Desktop\FRST.txt
2020-06-07 21:51 - 2020-06-15 12:06 - 000000000 ____D C:\FRST
2020-06-07 21:41 - 2020-06-07 21:42 - 002289152 _____ (Farbar) C:\Users\Perry\Desktop\FRST64.exe
2020-05-25 10:27 - 2020-06-15 07:47 - 000000000 ____D C:\Users\Perry\opera autoupdate
2020-05-21 09:47 - 2020-05-21 09:49 - 010789348 _____ C:\Users\Perry\Desktop\stopandshop_flyer_0515_05222020.pdf
2020-05-21 09:14 - 2020-05-21 09:21 - 028507102 _____ C:\Users\Perry\Desktop\stopandshop_flyer_0521_05282020.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-15 11:57 - 2016-07-06 17:47 - 000000000 ____D C:\Users\Perry\AppData\Local\ClassicShell
2020-06-15 11:57 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-15 11:54 - 2020-02-08 18:48 - 000000000 ____D C:\Users\Perry\Downloads\opera autoupdate
2020-06-15 11:54 - 2014-11-21 00:42 - 000866884 _____ C:\Windows\System32\PerfStringBackup.INI
2020-06-15 11:54 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2020-06-15 11:50 - 2019-11-13 10:35 - 000252232 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2020-06-15 11:44 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\System32\config\BBI
2020-06-15 11:37 - 2015-07-25 22:35 - 000000000 ____D C:\users\Perry
2020-06-15 11:33 - 2017-02-20 14:17 - 000000000 ____D C:\Users\Perry\AppData\LocalLow\Mozilla
2020-06-15 10:19 - 2018-09-14 17:55 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-15 10:19 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-06-15 10:19 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\System32\Macromed
2020-06-15 09:44 - 2015-07-28 23:02 - 000000000 ____D C:\Users\Perry\AppData\Local\Adobe
2020-06-15 09:15 - 2019-04-22 09:22 - 000000000 ____D C:\Users\Perry\Downloads\adobe
2020-06-11 12:06 - 2020-03-25 11:27 - 000003454 _____ C:\Windows\System32\Tasks\Avira_Security_Update
2020-06-10 15:43 - 2020-02-05 16:23 - 000004288 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1580934218
2020-06-08 15:00 - 2015-07-25 22:43 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1021941897-2095083384-3793157674-1001
2020-06-08 12:20 - 2020-03-25 11:14 - 000003662 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2020-06-07 21:11 - 2015-07-26 22:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-05 17:24 - 2017-02-13 11:11 - 000000000 ____D C:\Users\Perry\AppData\Local\Autodesk
2020-06-03 11:40 - 2017-02-15 13:23 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-05-27 14:29 - 2017-06-16 14:31 - 000000000 ____D C:\Users\Perry\Documents\Electronics_watches_small_appliances
2020-05-27 10:53 - 2015-08-11 12:32 - 000000000 ____D C:\Users\Perry\Documents\House
2020-05-26 10:36 - 2018-01-12 00:01 - 000208016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2020-05-22 10:06 - 2020-01-04 15:50 - 000004054 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1578167430
2020-05-21 20:37 - 2016-09-25 15:02 - 000000000 ____D C:\Users\Perry\AppData\Local\NitroSpoolDir
2020-05-21 20:37 - 2015-09-13 23:37 - 000000000 ____D C:\Users\Perry\AppData\Roaming\Nitro
2020-05-19 14:54 - 2017-02-13 12:25 - 000000000 ____D C:\Users\Perry\AppData\Roaming\Autodesk
2020-05-18 09:10 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2020-05-18 09:08 - 2015-08-07 00:19 - 000000000 ____D C:\Windows\System32\MRT
2020-05-18 09:05 - 2015-08-07 00:19 - 120636720 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2020-05-17 01:24 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache

==================== KnownDLLs (Whitelisted) =========================


==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2020-05-14 16:21] - [2020-04-11 14:39] - 001542696 _____ (Microsoft Corporation) 3C57FEE0F8E3CF9B20A74BE0012FA14A

C:\Windows\SysWOW64\User32.dll
[2020-05-14 16:21] - [2020-04-11 11:48] - 001377792 _____ (Microsoft Corporation) 81238B2F21995BF9325D36B810C4287D

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\SysWOW64\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2020-06-01 10:02
Restore point date: 2020-06-07 21:20
Restore point date: 2020-06-07 21:51
Restore point date: 2020-06-07 21:57
Restore point date: 2020-06-10 15:18
Restore point date: 2020-06-15 11:55
Restore point date: 2020-06-15 11:55

==================== Memory info ===========================

Percentage of memory in use: 5%
Total physical RAM: 16294.68 MB
Available physical RAM: 15340.95 MB
Total Virtual: 16294.68 MB
Available Virtual: 15377.6 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.15 GB) (Free:733.08 GB) NTFS
Drive d: () (Removable) (Total:14.45 GB) (Free:14.43 GB) FAT32
Drive g: (PBR Image) (Fixed) (Total:7.98 GB) (Free:0.69 GB) NTFS
Drive h: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.43 GB) NTFS
Drive j: (DIAGS) (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT32
Drive k: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
Drive l: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.43 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.49 GB) (Free:0.49 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 384D4B47)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 14.5 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2020-06-07 04:45
==================== End of FRST.txt ========================
 

·
Moderator , Security Team
Joined
·
768 Posts
It's going to take a while for me to got through your latest log.

The driver I was concerned about has not been removed, so it doesn't look like it's what I thought it was.

That does not mean it's not malicious, or that it doesn't need removing, it just means that it does not meet the criteria for FRST to automatically remove it.

Back as soon as I've finished looking through the latest log. Hopefully tonight, but it may be tomorrow morning (my time).
 

·
Moderator , Security Team
Joined
·
768 Posts
Well that took less time than I thought it might, probably because I'd already researched most of it when I looked over your earlier logs.

So, let's proceed with removing some of the things I've found in your RE scan, and see where that leads us.

First ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code:
Task: {0E9A4E71-B8DA-4955-92E8-9725E59C565D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {406A363F-06F5-4F79-8EA7-D2597D13A3C8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {E75FACED-39A8-459E-A93D-CA0DC3FE9193} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
S4 0128111438810831mcinstcleanup; C:\Windows\TEMP\012811~1.EXE -cleanup -nolog [X]
C:\Windows\TEMP\012811~1.EXE
S3 utizodqz; C:\Windows\SysWOW64\Drivers\utizodqz.sys [7168 2016-12-10] ()
C:\Windows\SysWOW64\Drivers\utizodqz.sys
    • Save it to your USB flashdrive as fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Boot into Recovery Environment

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your USB flashdrive.
  • Exit out of Recovery Environment and post me the log please.
Next ...

Boot your computer up as normal, and run a new scan with FRST, then attach the new FRST.txt and Addition.txt to the post with the fixlog.
 

·
Registered
Joined
·
147 Posts
Discussion Starter #19 (Edited)
Here is the fix log

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by SYSTEM (16-06-2020 11:25:59) Run:1
Running from d:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
Task: {0E9A4E71-B8DA-4955-92E8-9725E59C565D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {406A363F-06F5-4F79-8EA7-D2597D13A3C8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {E75FACED-39A8-459E-A93D-CA0DC3FE9193} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
S4 0128111438810831mcinstcleanup; C:\Windows\TEMP\012811~1.EXE -cleanup -nolog [X]
C:\Windows\TEMP\012811~1.EXE
S3 utizodqz; C:\Windows\SysWOW64\Drivers\utizodqz.sys [7168 2016-12-10] ()
C:\Windows\SysWOW64\Drivers\utizodqz.sys
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E9A4E71-B8DA-4955-92E8-9725E59C565D} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E9A4E71-B8DA-4955-92E8-9725E59C565D} => removed successfully
C:\Windows\System32\Tasks\SystemToolsDailyTest => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{406A363F-06F5-4F79-8EA7-D2597D13A3C8} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{406A363F-06F5-4F79-8EA7-D2597D13A3C8} => removed successfully
C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E75FACED-39A8-459E-A93D-CA0DC3FE9193} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E75FACED-39A8-459E-A93D-CA0DC3FE9193} => removed successfully
C:\Windows\System32\Tasks\PCDDataUploadTask => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDDataUploadTask => removed successfully
HKLM\System\ControlSet001\Services\0128111438810831mcinstcleanup => removed successfully
0128111438810831mcinstcleanup => service removed successfully
"C:\Windows\TEMP\012811~1.EXE" => not found
HKLM\System\ControlSet001\Services\utizodqz => removed successfully
utizodqz => service removed successfully
C:\Windows\SysWOW64\Drivers\utizodqz.sys => moved successfully

==== End of Fixlog 11:26:00 ====
 

Attachments

1 - 20 of 57 Posts
Status
Not open for further replies.
Top