Jump to content


Photo

Powershell opening at startup and wake; multiple issues from infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 Zanshiro

Zanshiro

    Rurouni Shijin

  • Helper Trainee
  • PipPipPip
  • 149 posts

Posted 29 August 2019 - 10:43 PM

Quick story: Friend's kid was trying to download a game called "Yandere Simulator" and didn't get the official page, got a bad one and downloaded all the malware galore.  I looked to help some, found multiple AVs, and got rid of some of the old ones, by using TeamViewer14 to look about and run things.  However, I'm also out of practice....It was crashing at the restore points, so I did turn off the system restore in Win 10 to clear the points (Which sadly didn't go back prior to these installs).  As I read here a lot's changed, as expected.  Anyhow, went to run the usuals and post logs, but it seems that most are crashing the computer with errors similar to the one below from Malwarebytes.  She was awake for this one, so she sent a pic.  I get kicked out of TeamViewer before I'm able to see anything when they're happening.  I tried MBAM, FRST, ESET, and RG's program.  

 

The computer's gotten very sluggish and memory was nearly maxed.  Purging the restore points seems to have helped that a bit, but still slower.

 

Malwarebytes Free; Application Error:  The instruction at 0x0000000070EE1476 referenced memory at 0x0000000BBADBEEF.  The memory could not be written.  Click on OK to terminate the program.

 

ESET and Avast crashed attempting to run.

 

MBAM detected at least two infected files, but clicking to view them while it ran also resulted in a crashing of the PC.

 

RGSA ran:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 09th, August 2019
Running from:C:\Users\user\Desktop (00:38:25 - 08/30/2019)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Total AV (Disabled - Not up to Date)
Total AV (Disabled - Not up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Enabled - up to Date)
Avast Antivirus Firewall (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (32.0.0.238)
Adobe Reader XI (11.0.23) ==> is no longer supported
CCleaner (5.61)
Google Chrome (76.0.3809.132)
Malwarebytes (3.8.3.2965)
Microsoft Silverlight (5.1.50918.0)
Mozilla Firefox (68.0.2)
Opera (62.0.3331.116)
 
***----------------Analysis Complete-------------------------***
 

FRST ran OK:  Log follows, then will add addition:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2019 02
Ran by user (administrator) on AMANDADAKOTA (Alienware Alienware 14) (28-08-2019 22:43:12)
Running from C:\Users\user\Desktop\Malware Repair\FRST-OlderVersion
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Home Version 1803 17134.984 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Corel Corporation -> Corel Corporation) C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
(Corel Corporation -> Corel Corporation) C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRSync.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoClient.exe
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Leader Technologies Inc -> Alienware, Inc.) C:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Sources\setuphost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\2b9c48c3beadba0b56efa3009204ac3b\WindowsUpdateBox.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realistic Media Inc. -> ) C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268168 2018-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505736 2018-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505736 2018-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-04-10] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-05-29] (Dell Inc. -> Alienware)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell Inc -> Dell, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-08-13] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-06-23] (Apple Inc. -> Apple Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-05-16] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3919136 2017-02-08] (IObit Information Technology -> IObit)
HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83523944 2019-08-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35915664 2019-08-16] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-06] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.100\Installer\chrmstp.exe [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-03-27] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-03-27] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrowserAssistant.lnk [2019-08-22]
ShortcutTarget: BrowserAssistant.lnk -> C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe (Realistic Media Inc. -> )
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk [2019-08-22]
ShortcutAndArgument: updater.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => -noninteractive -ExecutionPolicy bypass -c "try{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.R()}catch{}"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {027489FE-0202-494D-8378-7D812814CD17} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {02EB6AC4-9453-43B8-A66B-C7FD38C912EA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-24] (Adobe Inc. -> Adobe)
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {05546A49-9D71-4293-B60A-6011FAC12192} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {0C23898C-C054-4524-9FDA-B55498095B1A} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [249440 2017-02-13] (WinZip Computing LLC -> WinZip Computing, S.L.)
Task: {16730DB4-DF80-4485-B2E7-B42BD1CC50E2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1A280162-7EDD-4FBC-9CF7-F33A012E0B44} - System32\Tasks\PCDDataUploadTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [1131992 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)
Task: {1D5609B7-5F91-47DD-B25E-8EEFCAD6653F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-18] (Adobe Inc. -> Adobe)
Task: {1DD32911-244C-4F11-ADEE-6D9EB8B2DC57} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F481F5E-3B3B-4232-A0C5-6C8967CADD47} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1FD74D5B-BEB2-42F2-BC20-B7CD4D070C60} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {26C443C9-2AA5-4F8B-ABB0-6DC124B96930} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702856 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {301E21C3-1ECC-4536-93C6-A3D2078ADF0C} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [1686016 2017-02-13] (WinZip) [File not signed]
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {33B0E3C5-6F03-400A-ABD1-B2BCA5EFE5A1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724680 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {43CCA9E6-E0A0-48FA-BC90-7EEC7BB229A3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4666F151-90BA-4F54-B7BC-25A143FF4D1E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [41432 2017-09-22] (Dell Inc. -> Dell Inc.)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {51F8B45A-49FB-4807-9242-6D938C35D6C2} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {5307DC71-565E-457B-8684-46D512F8CF9D} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Scheduler.exe [147232 2017-10-24] (IObit Information Technology -> IObit)
Task: {54AAE1C9-C89A-472D-979B-7B39BFBABFDD} - System32\Tasks\Dell\Alienware Survey (user) => C:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7396920 2013-04-23] (Leader Technologies Inc -> Alienware, Inc.)
Task: {5513AB15-5B06-4C48-904B-24FBB92952C7} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe
Task: {59E4A08A-7BF9-4069-A34E-D4E70ED66C48} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5E487A4F-26D9-4FFC-A471-3FF575765E22} - System32\Tasks\{BD21828E-6E85-4A5F-A531-93EFCCE31ADF} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6494FB16-B753-4DD3-BE70-F92CDFE23BF5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6507A3DD-67E3-40D4-AC08-D55F4908CA1D} - System32\Tasks\IMF_SkipUAC_user => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
Task: {65899461-1FC6-40B3-AFA4-F2A43923DCB6} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {6DEEF62D-5027-43A0-8E02-31A44DC06371} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {76AA937F-165D-4A3C-A26E-54649CF7E732} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-15] (Dropbox, Inc -> Dropbox, Inc.)
Task: {777E1701-75C6-4F62-8F92-F876D658BA63} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {794AA5C4-5F28-48F8-8F88-F52BA1D7F2D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7ADC0829-54F9-4609-BE7A-C7B306C5CAEC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-15] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8296A7D7-0D68-4CE4-842A-92FA72114EC4} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {85C0B4E0-1890-4B14-A7FB-086D2D20E6D5} - System32\Tasks\{961428CD-75CF-4B1D-99A6-93BE219E90C1} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002
Task: {88664223-AEFB-4AB4-8D08-01E4204C3EED} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3942792 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)
Task: {88DE34BE-E862-4A2F-958E-5D643F95C0D9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8EF7FA6C-7713-4250-B563-45E6AD30E78F} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9636E6AC-E3F6-4DBD-B1FE-120259C513D6} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [3332384 2016-12-05] (IObit Information Technology -> IObit)
Task: {9D586001-2F32-4DA6-94DD-020428D0249E} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe
Task: {A10C64D8-2808-4CD6-96CC-B8BEBBF329DF} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [9591408 2017-05-16] (Nota Inc. -> )
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A5CA5C77-A367-456A-BBEB-155CFAD923FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {A7CF7DEA-D8B1-4EA6-8A17-E926AA0BAEB3} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [498976 2016-06-06] (IObit Information Technology -> IObit)
Task: {AFC1F419-3F11-48C5-A987-50854EEDD034} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {B0A0F0AF-6D56-4C7D-9ECE-E57E0CE66B45} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B9C9939A-420A-4E04-A48A-F78EE8430555} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [1131992 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BEF660E6-FE3B-4F24-ACBF-497EEE954881} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {C0886BB8-93D7-4E82-A3FA-EBB80F4C4F58} - System32\Tasks\{4D62B893-7CF4-4072-AE2D-753C4A8DD238} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Android\Android_Driver\UnInstall.exe" -d "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android\Android_Dirver"
Task: {C20E22FE-372C-4BD5-964E-0E13035DAE76} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5430048 2017-02-17] (IObit Information Technology -> IObit)
Task: {C3958DB5-64BD-4AD8-92B9-31CFD62A26EE} - System32\Tasks\Uninstaller_SkipUac_user => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [4646176 2017-03-29] (IObit Information Technology -> IObit)
Task: {C882F5F4-FE15-4ADE-9D9D-7783A8D9F0CB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-24] (Adobe Inc. -> Adobe)
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF86B5EC-253D-4BD0-B98D-BD567D278696} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572808 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D32326F4-B2FA-4510-90E7-78C4CAF38076} - System32\Tasks\update-S-1-5-21-948451882-745259651-364939199-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D887CEE4-B5F5-413B-B931-FCDBA017948C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {DD3D7F03-B336-4E81-B357-85759A837507} - System32\Tasks\BA Scheduler => powershell.exe -WindowStyle Hidden -ExecutionPolicy bypass -c "$env:COMPLUS_version='v4.0.30319';&powershell{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.ST()}"
Task: {DDF81BD9-38B4-4D8D-BAA5-E6871F7E33D3} - System32\Tasks\ASC10_SkipUac_user => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [7025440 2017-02-21] (IObit Information Technology -> IObit)
Task: {E0820AD5-8FE7-4181-8891-FA45412390DD} - System32\Tasks\{DA031B6D-1A79-4FD9-BF89-A327F6865178} => C:\Windows\system32\pcalua.exe -a "C:\Users\user\Downloads\firestorm [1].exe" -d C:\Users\user\Downloads
Task: {E1087D77-1B68-4EA1-B500-45020337E25D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [1131992 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)
Task: {E3B7C1B0-A882-4BED-9B62-9BF92A56B211} - System32\Tasks\AdobeAAMUpdater-1.0-user-PC-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E5CEA658-1A0B-4334-BD39-EE3D97EF1583} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E8AC1B04-5452-47CB-9A90-28EE1B408913} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [9591408 2017-05-16] (Nota Inc. -> )
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F169D44C-0351-4223-B38B-BC0414DF3946} - System32\Tasks\Opera scheduled Autoupdate 1552358530 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)
Task: {F29147B7-A909-4993-A988-209B54944DCF} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F9608979-743F-4487-9C15-A6F7676BD678} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {FFC200DC-A073-4BC4-BDE1-C3D847CEF405} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [435672 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_user.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-948451882-745259651-364939199-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{78919c67-afbd-4619-9be8-ff5edefc229b}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{994a65e5-74f8-45de-9e7e-57cf8349a716}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-948451882-745259651-364939199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzquCTLqY8J65hCERxqnO0Ov%2F36hfr6RR8ZEzr1ClNqn9zN8%2Fdz2FiuJ4Uhg9I5ARr7gWq6FlXIxnPI5aBoccrmzqON5RXQ1OPPitGYoMkkFtktbBTmFCeEqYEbtUwf1tdIMWEYyYjyPXuIZE3%2BjvrTSXEmv6Z3q%2BH0%2FPnwV22xqqO7DCXAPwzEXa5OkP5Gr4r3Hkw%2FOOPBHG4eYTsvd%2FEHtw%3D%3D
HKU\S-1-5-21-948451882-745259651-364939199-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzqvCr3zj9jBuL7ct54mLZUH4X%2F60Mhbm3mof1cx9pxvE7ABxLF6XSvnFxi5VI4zW33RjgxxZd4%2Fml8rJYiaBEKqQado1zuFkwqAclpFQMkH%2Fu7RVseWT0e8KqOWpuOgg7ACQesN4ptmcoiY%2FxNhL7p8tcMgbTiNVyMhP2%2FKqd9yKVlaEyPPFyo22Kpz29%2FaQphY7VSnJZKUqbMPhkI63TQaw%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {4042AB84-6B2A-4C80-8AB8-59AD3471C519} URL = 
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F1FDB6BB-6C78-4B5A-A8AD-4E31B6090A52}&mid=ba44f209af0047cc90f5ed3ea0e6b20f-05a2079d975bbe56435000b6bec8606ccfb815bb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-28 11:42:44&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=ADB507D3-02C5-4B17-8EB5-DB2045D3DD5B&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit Information Technology -> IObit)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-03-27] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF DefaultProfile: upshz7qe.default-1565577553172
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172 [2019-08-28]
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\user.js [2019-08-25]
FF Extension: (ETP Search Volume Study) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-08-11]
FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\Extensions\wrc@avast.com.xpi [2019-08-25]
FF Extension: (Download Manager for Firefox) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\Extensions\{2060d74a-fd12-4482-909b-9aeeaaa98627}.xpi [2019-08-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-24] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-24] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-07-30] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-07-30] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={BC4377F5-8EAA-40A4-B783-041C99BFE7C1}&mid=74b9f7da339b47d2b408d16fd8ad24c3-0fedf89264725e8aeeec51c223d9a0f27935316f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-27 21:26:47&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://rocket-find.com/?f=7&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtAtB0FyDtDzytBtD0C0DtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0C0CtD0EtBtBtG0CyC0BtAtGzy0DzzyCtGyEyDyDyBtGyCzy0B0BtAyCzzyBtBtBtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0ByD0D0BtAyC0AtGyBzyyD0EtG0DtB0DyEtGyEzz0F0AtGyByE0EtAtByEzzzz0AyBtC0C2Q&cr=1786417159&ir=","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzqxrIXZDflWRiONwIOIKhi%2FeuIxfTlQGMag00wlCKMOLp5JQogTIdsqzeCgvB0jDiXayl5sOia9nb243WmS9QtaPIEgXKDHEUB55IwtVqnxoD09ay0pgFLAarnm1zXYerGvwwFn79WQLSWPEQmSSZskGSJt8yHuT6vkFcf3WDvgp%2BpC74Q0G%2FwCIWbqMY8QhdYZfukgYlkUzNUteNixtYLsFNS6Ja%2FhlcgVt%2F8O57jyvI%3D"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2019-08-28]
CHR Extension: (Open in Opera) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amojccmdnkdlcjcplmkijeenigbhfbpd [2019-03-11]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2019-04-20]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Typio Form Recovery) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2019-06-17]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Small Waterfall) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjmpmheefpadfkjkkeeeanlkhdlpmeom [2017-12-09]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2018-12-27]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2018-10-05]
CHR Extension: (Save to Facebook) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-07-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-08-28]
CHR Extension: (Safer Browsing) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbjcnchobkfkjdkejnjckempiocdnhgp [2017-11-19]
CHR Extension: (Norton Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaiphjmcchjmohkabamgjgodcjmlifmp [2019-08-22]
CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommbgnllpkjnidkcnginhlacffdcdijc [2019-05-01]
CHR Extension: (Secured Search Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpcpceofkopegffcdnffeenbfdldock [2019-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-01]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (AdBlock) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2019-03-11]
OPR Extension: (Typio Form Recovery) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2019-06-30]
OPR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-08-24]
OPR Extension: (TinEye Reverse Image Search (Context menu)) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgdmjihcfdjkcgodohgofgcdfiaekdkk [2019-03-11]
OPR Extension: (Install Chrome Extensions) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-03-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"SegurazoIC" => service was unlocked. <==== ATTENTION
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit Information Technology -> IObit)
R2 AlienFusionService; C:\Program Files\Alienware\Command Center\AlienFusionService.exe [15888 2013-05-29] (Dell Inc. -> Alienware)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5975136 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [414696 2018-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [405072 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [416576 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.100\elevation_service.exe [978720 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-05] (BattlEye Innovations e.K. -> )
S2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [204880 2018-06-11] (CyberGhost SRL -> CyberGhost S.A.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-08-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc -> Dell Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-10-05] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel® pGFX -> Intel Corporation)
S3 InstallerWrapperService; C:\Program Files\TrueKey\InstallerWrapperService.exe [47688 2017-03-02] (McAfee, Inc. -> McAfee, Inc.)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit Information Technology -> IObit)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC -> iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MobiGameUpdater; C:\Program Files\MobiGame\MobiGameUpdater.exe [147456 2019-08-16] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2018-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4371592 2018-04-27] (Protected Antivirus Limited -> TotalAV)
R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4472936 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
R2 SegurazoSvc; C:\Program Files (x86)\Seguraz

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 30 August 2019 - 06:27 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Browser Assistant (HKLM-x32\...\{DFAA6F11-C27B-4EC0-83AE-3AC5B124A899}) (Version: 1.32.7106.16145 - Realistic Media Inc.)
Segurazo Realtime Protection Lite (HKLM-x32\...\Segurazo) (Version: 1.0.14.2 - Digital Communications Inc)
TotalAV (HKLM-x32\...\TotalAV) (Version: 4.6.19 - TotalAV)
 
Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start::
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoClient.exe
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe
(Realistic Media Inc. -> ) C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrowserAssistant.lnk [2019-08-22]
ShortcutTarget: BrowserAssistant.lnk -> C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe (Realistic Media Inc. -> )
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk [2019-08-22]
ShortcutAndArgument: updater.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => -noninteractive -ExecutionPolicy bypass -c "try{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.R()}catch{}"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5E487A4F-26D9-4FFC-A471-3FF575765E22} - System32\Tasks\{BD21828E-6E85-4A5F-A531-93EFCCE31ADF} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002
Task: {85C0B4E0-1890-4B14-A7FB-086D2D20E6D5} - System32\Tasks\{961428CD-75CF-4B1D-99A6-93BE219E90C1} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002
Task: {DD3D7F03-B336-4E81-B357-85759A837507} - System32\Tasks\BA Scheduler => powershell.exe -WindowStyle Hidden -ExecutionPolicy bypass -c "$env:COMPLUS_version='v4.0.30319';&powershell{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.ST()}"
HKU\S-1-5-21-948451882-745259651-364939199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzquCTLqY8J65hCERxqnO0Ov%2F36hfr6RR8ZEzr1ClNqn9zN8%2Fdz2FiuJ4Uhg9I5ARr7gWq6FlXIxnPI5aBoccrmzqON5RXQ1OPPitGYoMkkFtktbBTmFCeEqYEbtUwf1tdIMWEYyYjyPXuIZE3%2BjvrTSXEmv6Z3q%2BH0%2FPnwV22xqqO7DCXAPwzEXa5OkP5Gr4r3Hkw%2FOOPBHG4eYTsvd%2FEHtw%3D%3D
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzqvCr3zj9jBuL7ct54mLZUH4X%2F60Mhbm3mof1cx9pxvE7ABxLF6XSvnFxi5VI4zW33RjgxxZd4%2Fml8rJYiaBEKqQado1zuFkwqAclpFQMkH%2Fu7RVseWT0e8KqOWpuOgg7ACQesN4ptmcoiY%2FxNhL7p8tcMgbTiNVyMhP2%2FKqd9yKVlaEyPPFyo22Kpz29%2FaQphY7VSnJZKUqbMPhk... (long line)
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F1FDB6BB-6C78-4B5A-A8AD-4E31B6090A52}&mid=ba44f209af0047cc90f5ed3ea0e6b20f-05a2079d975bbe56435000b6bec8606ccfb815bb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-28 11:42:44&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=ADB507D3-02C5-4B17-8EB5-DB2045D3DD5B&doi=2016-09-01&gct=kwd&qsrc=2869
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\user.js [2019-08-25]
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={BC4377F5-8EAA-40A4-B783-041C99BFE7C1}&mid=74b9f7da339b47d2b408d16fd8ad24c3-0fedf89264725e8aeeec51c223d9a0f27935316f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-27 21:26:47&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://rocket-find.com/?f=7&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtAtB0FyDtDzytBtD0C0DtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0C0CtD0E... (long line)
CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaiphjmcchjmohkabamgjgodcjmlifmp [2019-08-22]
CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommbgnllpkjnidkcnginhlacffdcdijc [2019-05-01]
CHR Extension: (Secured Search Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpcpceofkopegffcdnffeenbfdldock [2019-08-22]
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
S2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4371592 2018-04-27] (Protected Antivirus Limited -> TotalAV)
R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4472936 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
R2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [249448 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
R1 SEGURAZOKD; C:\Program Files (x86)\Segurazo\SegurazoKD.sys [84256 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
U3 idsvc; no ImagePath
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [4shared_Desktop] -> {EBDF1F20-C829-11D1-8233-0020AF3E97A9} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [4shared_Desktop] -> {EBDF1F20-C829-11D1-8233-0020AF3E97A9} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{C397342D-D62A-483A-AF8F-E9D2C3689FA1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe No File
FirewallRules: [{B15BE631-98CF-46AA-B5BC-6EE7DBCE9946}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe No File
FirewallRules: [{021D98A2-88B6-47DB-8B22-2D0B7209AD2D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{03E86C25-2875-419C-B4D1-E2269CF5D0DC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{73335C75-0B9D-49CD-A95D-DB7016A6D562}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe No File
FirewallRules: [{DA131D7E-3BA6-4A36-8DCA-6CCECFF31364}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe No File
 
Reboot:
 
End::
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Run Malwarebytes and let me know if you have issues with this computer.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 Zanshiro

Zanshiro

    Rurouni Shijin

  • Helper Trainee
  • PipPipPip
  • 149 posts

Posted 30 August 2019 - 02:56 PM

Seems a VERY suspect uninstaller for Segurazo.  It forced several other 'approvals' in the uninstaller to go through, saying there's an active subscription among other things.  It says it will remove after reboot.  Googled it for good measure, as it apparently started running on her computer and identifying false positives as soon as it started up today.  It seems to be causing a 'hang' where the spinning circle has just been spinning for about 15 minutes on the "Uninstall" image in the Add/Remove programs window.

 

https://forums.malwa...s-for-segurazo/

 

Though they claimed to need to in order to uninstall, I did NOT allow them to reboot per instructions not mentioning that, and here is the result.... 

 

Kicked me out TV midway, and then crashed.  When she rebooted, the copy of farbar we ran was gone, but fixlog.txt is there.  Here it comes.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2019
Ran by user (30-08-2019 16:55:33) Run:1
Running from C:\Users\user\Desktop\Malware Repair\FRST-OlderVersion
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoClient.exe
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe
(Realistic Media Inc. -> ) C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrowserAssistant.lnk [2019-08-22]
ShortcutTarget: BrowserAssistant.lnk -> C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe (Realistic Media Inc. -> )
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk [2019-08-22]
ShortcutAndArgument: updater.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => -noninteractive -ExecutionPolicy bypass -c "try{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.R()}catch{}"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5E487A4F-26D9-4FFC-A471-3FF575765E22} - System32\Tasks\{BD21828E-6E85-4A5F-A531-93EFCCE31ADF} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002
Task: {85C0B4E0-1890-4B14-A7FB-086D2D20E6D5} - System32\Tasks\{961428CD-75CF-4B1D-99A6-93BE219E90C1} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002
Task: {DD3D7F03-B336-4E81-B357-85759A837507} - System32\Tasks\BA Scheduler => powershell.exe -WindowStyle Hidden -ExecutionPolicy bypass -c "$env:COMPLUS_version='v4.0.30319';&powershell{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.ST()}"
HKU\S-1-5-21-948451882-745259651-364939199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzquCTLqY8J65hCERxqnO0Ov%2F36hfr6RR8ZEzr1ClNqn9zN8%2Fdz2FiuJ4Uhg9I5ARr7gWq6FlXIxnPI5aBoccrmzqON5RXQ1OPPitGYoMkkFtktbBTmFCeEqYEbtUwf1tdIMWEYyYjyPXuIZE3%2BjvrTSXEmv6Z3q%2BH0%2FPnwV22xqqO7DCXAPwzEXa5OkP5Gr4r3Hkw%2FOOPBHG4eYTsvd%2FEHtw%3D%3D
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzqvCr3zj9jBuL7ct54mLZUH4X%2F60Mhbm3mof1cx9pxvE7ABxLF6XSvnFxi5VI4zW33RjgxxZd4%2Fml8rJYiaBEKqQado1zuFkwqAclpFQMkH%2Fu7RVseWT0e8KqOWpuOgg7ACQesN4ptmcoiY%2FxNhL7p8tcMgbTiNVyMhP2%2FKqd9yKVlaEyPPFyo22Kpz29%2FaQphY7VSnJZKUqbMPhk... (long line)
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F1FDB6BB-6C78-4B5A-A8AD-4E31B6090A52}&mid=ba44f209af0047cc90f5ed3ea0e6b20f-05a2079d975bbe56435000b6bec8606ccfb815bb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-28 11:42:44&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=ADB507D3-02C5-4B17-8EB5-DB2045D3DD5B&doi=2016-09-01&gct=kwd&qsrc=2869
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\user.js [2019-08-25]
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={BC4377F5-8EAA-40A4-B783-041C99BFE7C1}&mid=74b9f7da339b47d2b408d16fd8ad24c3-0fedf89264725e8aeeec51c223d9a0f27935316f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-27 21:26:47&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://rocket-find.com/?f=7&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtAtB0FyDtDzytBtD0C0DtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0C0CtD0E... (long line)
CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaiphjmcchjmohkabamgjgodcjmlifmp [2019-08-22]
CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommbgnllpkjnidkcnginhlacffdcdijc [2019-05-01]
CHR Extension: (Secured Search Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpcpceofkopegffcdnffeenbfdldock [2019-08-22]
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
S2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4371592 2018-04-27] (Protected Antivirus Limited -> TotalAV)
R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4472936 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
R2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [249448 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
R1 SEGURAZOKD; C:\Program Files (x86)\Segurazo\SegurazoKD.sys [84256 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
U3 idsvc; no ImagePath
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [4shared_Desktop] -> {EBDF1F20-C829-11D1-8233-0020AF3E97A9} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [4shared_Desktop] -> {EBDF1F20-C829-11D1-8233-0020AF3E97A9} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{C397342D-D62A-483A-AF8F-E9D2C3689FA1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe No File
FirewallRules: [{B15BE631-98CF-46AA-B5BC-6EE7DBCE9946}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe No File
FirewallRules: [{021D98A2-88B6-47DB-8B22-2D0B7209AD2D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{03E86C25-2875-419C-B4D1-E2269CF5D0DC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{73335C75-0B9D-49CD-A95D-DB7016A6D562}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe No File
FirewallRules: [{DA131D7E-3BA6-4A36-8DCA-6CCECFF31364}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe No File
 
Reboot:
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Segurazo\SegurazoClient.exe => Could not close process
C:\Program Files (x86)\Segurazo\SegurazoIC.exe => Could not close process
C:\Program Files (x86)\Segurazo\SegurazoService.exe => Could not close process
C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe => No running process found
C:\Program Files (x86)\Segurazo\rsEngineHelper.exe => No running process found
C:\Program Files (x86)\Segurazo\rsEngineHelper.exe => No running process found
C:\Program Files (x86)\Segurazo\rsEngineHelper.exe => No running process found
C:\Program Files (x86)\Segurazo\rsEngineHelper.exe => No running process found
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrowserAssistant.lnk" => not found
"C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe" => not found
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk" => not found
ShortcutAndArgument: updater.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => -noninteractive -ExecutionPolicy bypass -c "try{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.R()}catch{}" => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E487A4F-26D9-4FFC-A471-3FF575765E22}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E487A4F-26D9-4FFC-A471-3FF575765E22}" => removed successfully
C:\WINDOWS\System32\Tasks\{BD21828E-6E85-4A5F-A531-93EFCCE31ADF} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD21828E-6E85-4A5F-A531-93EFCCE31ADF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85C0B4E0-1890-4B14-A7FB-086D2D20E6D5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85C0B4E0-1890-4B14-A7FB-086D2D20E6D5}" => removed successfully
C:\WINDOWS\System32\Tasks\{961428CD-75CF-4B1D-99A6-93BE219E90C1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{961428CD-75CF-4B1D-99A6-93BE219E90C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD3D7F03-B336-4E81-B357-85759A837507}" => not found
"C:\WINDOWS\System32\Tasks\BA Scheduler" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BA Scheduler" => not found
HKU\S-1-5-21-948451882-745259651-364939199-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18} => removed successfully
HKLM\Software\Classes\CLSID\{1711FC25-F05A-40CE-B859-A0C1CF01FD18} => not found
HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"HKU\S-1-5-21-948451882-745259651-364939199-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => removed successfully
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\user.js => moved successfully
 
 
MBAM is currently running, so we'll see what happened there.  I thought FRST usually put the =============end of file============= or something, is that a red flag that it was interrupted by the crash?
 
MBAM gave the error: "We're sorry, but the Malwarebytes service stopped working.  The program will now restart."
It had gotten to the Scan File System part, through 143,156 items.  Stopped that same place twice now.  
 
Had identified 1 threat:  Will see in a moment if it lets me pull it again...but alas, no.  It finds it in the "Scan Rootkits" section but clicking the "View selected Threats" seems to crash it still.

Edited by Zanshiro, 30 August 2019 - 04:06 PM.


#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 31 August 2019 - 05:59 AM

Hi,
 
Please download the free version of Revo Uninstaller Portable from here and save the compressed file to your computer's Desktop.
  • Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name);
  • Within that folder, right-click the file RevoUPort and select Run as administrator to open the tool;
  • Click Yes to accept the UAC security warning that may appear;
  • Click OK to accept the License Agreement and Copyright;
  • Select 'The Program to Remove' and click Uninstall. Follow the instructions to complete the removal process;
  • In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers;
  • Click on Select All and then on Delete and then Yes to delete the selected items;
  • Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders);
  • Click the Finish button and restart the computer to complete the removal process.
  •  
    --RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
  • =======
     
    After the restart run the Farbar program and post fresh FRST.TXT and Addition.txt logs for my review.
     
    p.s.
    Your antivirus program may find this program harmful ITS NOT if dowloaded from link I provided in my first post.
    If the program is blocked you will find it in the quarantine folder of the AVAST program.
     
    Attach all the logs for my review.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #5 Zanshiro

    Zanshiro

      Rurouni Shijin

    • Helper Trainee
    • PipPipPip
    • 149 posts

    Posted 31 August 2019 - 09:21 AM

    She has Revo Uninstaller Pro on there, but there's no trial of the portable one, sadly, and she doesn't have the $ for it.    Pro should in theory do the same thing (to my knowledge) - I can test it and see.  If not, is there another option? Also, I am guessing "The Program to Remove" would in this case the programs above that didn't remove, as Browser Assistant appears to be the only one that did?

     

    Revo Pro said it didn't find anything using Forced Uninstall, although it finds it in the list of applications, when run from her desktop, not sure if it has a different run process than the portable, as I've never personally used the portable.

     

    Have RogueKiller downloaded there in preparation for the rest, just checking if there's other things we should do before running that.

     

    Of possible note, it did crash at the end of telling us it couldn't find El Segundo (Yes, Segurazo), and gave an odd error about Discord.  "Discord.exe Application Error - The exception illegal instruction  An attempt was made to execute an illegal instruction .  (0xc000001d) occurred in the application at location 0x0000000002E86150.   Click on OK to terminate the program" as well as "igfxTray.exe - Application Error -  The application was unable to start correctly (0xc000012d).  Click OK to close the application." 


    Edited by Zanshiro, 31 August 2019 - 11:10 AM.


    #6 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,281 posts

    Posted 01 September 2019 - 06:11 AM

    Hi,
     
     
     
    You have many such errors reported on the Addition.txt log.

    Application errors:
    ==================
    Error: (08/28/2019 11:32:00 PM) (Source: ESENT) (EventID: 537) (User: )
    Description: svchost (1836,D,22) SRUJet: A request for a node on an empty page (Pgno: 2684) has been made (error -351) for a B-Tree (ObjectId: 12, PgnoRoot: 47) of database C:\WINDOWS\system32\SRU\SRUDB.dat. This is typically due to a lost I/O from 
    storage hardware. Please check with your hardware vendor for latest firmware revisions, make changes to your controller's caching parameters, use crash consistent hardware with Forced
    Unit Access support, and/or replace faulty hardware.
     
    Navigate to this page
    Follow the instructions provided in the 2nd post from cottonball.
     
    Restart the computer normally after the fix.
     
    As suggested in my previous post.

    After the restart run the Farbar program and post fresh FRST.TXT and Addition.txt logs for my review.
    I need to see what is left over from the infection.
     
    ===

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #7 Zanshiro

    Zanshiro

      Rurouni Shijin

    • Helper Trainee
    • PipPipPip
    • 149 posts

    Posted 05 September 2019 - 01:52 PM

    Just to update:  She and her kid are sick, so they haven't been around to do the next steps, apologies for the delay.

     

    Double update: She says her Windows Update ran and everything is running fine, but she doesn't want to 'mess with it anymore' *Reading between the lines: I'd rather just buy a new one" likely) - So I'm marking this as closed in my book.  Thanks for the help, sorry for the deadend!


    Edited by Zanshiro, 09 October 2019 - 08:25 PM.


    #8 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,281 posts

    Posted 11 October 2019 - 06:03 AM

    Glad we could help. :)

    If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760




    Member of UNITE
    Support SpywareInfo Forum - click the button