Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Powershell opening at startup and wake; multiple issues from infection

Started by Zanshiro , Aug 29 2019 10:43 PM

This topic is locked

7 replies to this topic

#1 Zanshiro

Rurouni Shijin

Helper Trainee
149 posts

Posted 29 August 2019 - 10:43 PM

Quick story: Friend's kid was trying to download a game called "Yandere Simulator" and didn't get the official page, got a bad one and downloaded all the malware galore. I looked to help some, found multiple AVs, and got rid of some of the old ones, by using TeamViewer14 to look about and run things. However, I'm also out of practice....It was crashing at the restore points, so I did turn off the system restore in Win 10 to clear the points (Which sadly didn't go back prior to these installs). As I read here a lot's changed, as expected. Anyhow, went to run the usuals and post logs, but it seems that most are crashing the computer with errors similar to the one below from Malwarebytes. She was awake for this one, so she sent a pic. I get kicked out of TeamViewer before I'm able to see anything when they're happening. I tried MBAM, FRST, ESET, and RG's program.

The computer's gotten very sluggish and memory was nearly maxed. Purging the restore points seems to have helped that a bit, but still slower.

Malwarebytes Free; Application Error: The instruction at 0x0000000070EE1476 referenced memory at 0x0000000BBADBEEF. The memory could not be written. Click on OK to terminate the program.

ESET and Avast crashed attempting to run.

MBAM detected at least two infected files, but clicking to view them while it ran also resulted in a crashing of the PC.

RGSA ran:

Result of Security Analysis by Rocket Grannie (x86) Updated: 09th, August 2019

Running from:C:\Users\user\Desktop (00:38:25 - 08/30/2019)

***---------------------------------------------------------***

Microsoft Windows 10 Home X64

UAC is Enabled

Internet Explorer 11

Default Browser: Google Chrome

***------------Antivirus - Antispyware - Firewall-----------***

Avast Antivirus (Enabled - up to Date)

Windows Defender (Disabled - up to Date)

Total AV (Disabled - Not up to Date)

Windows Defender (Disabled - up to Date)

Avast Antivirus (Enabled - up to Date)

Avast Antivirus Firewall (Enabled)

***-------Security Programs - Browsers - Miscellaneous------***

Adobe Flash Player NPAPI (32.0.0.238)

Adobe Reader XI (11.0.23) ==> is no longer supported

CCleaner (5.61)

Google Chrome (76.0.3809.132)

Malwarebytes (3.8.3.2965)

Microsoft Silverlight (5.1.50918.0)

Mozilla Firefox (68.0.2)

Opera (62.0.3331.116)

***----------------Analysis Complete-------------------------***

FRST ran OK: Log follows, then will add addition:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2019 02

Ran by user (administrator) on AMANDADAKOTA (Alienware Alienware 14) (28-08-2019 22:43:12)

Running from C:\Users\user\Desktop\Malware Repair\FRST-OlderVersion

Loaded Profiles: user (Available Profiles: user)

Platform: Windows 10 Home Version 1803 17134.984 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe

(Corel Corporation -> Corel Corporation) C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe

(Corel Corporation -> Corel Corporation) C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe

(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe

(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe

(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe

(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe

(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRSync.exe

(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe

(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe

(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoClient.exe

(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe

(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe

(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe

(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe

(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe

(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe

(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe

(Leader Technologies Inc -> Alienware, Inc.) C:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe

(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Sources\setuphost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\2b9c48c3beadba0b56efa3009204ac3b\WindowsUpdateBox.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\bitsadmin.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe

(Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Realistic Media Inc. -> ) C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe

(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268168 2018-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505736 2018-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505736 2018-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-04-10] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)

HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-05-29] (Dell Inc. -> Alienware)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)

HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell Inc -> Dell, Inc.)

HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> )

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-08-13] (Dropbox, Inc -> Dropbox, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-06-23] (Apple Inc. -> Apple Inc.)

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-05-16] (Nota Inc. -> Nota Inc.)

HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3919136 2017-02-08] (IObit Information Technology -> IObit)

HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc. -> Apple Inc.)

HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83523944 2019-08-15] (Skype Software Sarl -> Skype Technologies S.A.)

HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)

HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)

HKU\S-1-5-21-948451882-745259651-364939199-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35915664 2019-08-16] (Epic Games Inc. -> Epic Games, Inc.)

HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll

HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-06] (Google LLC -> Google LLC)

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.100\Installer\chrmstp.exe [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)

HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->

HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-03-27] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]

HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-03-27] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrowserAssistant.lnk [2019-08-22]

ShortcutTarget: BrowserAssistant.lnk -> C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe (Realistic Media Inc. -> )

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk [2019-08-22]

ShortcutAndArgument: updater.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => -noninteractive -ExecutionPolicy bypass -c "try{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.R()}catch{}"

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {027489FE-0202-494D-8378-7D812814CD17} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)

Task: {02EB6AC4-9453-43B8-A66B-C7FD38C912EA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-24] (Adobe Inc. -> Adobe)

Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {05546A49-9D71-4293-B60A-6011FAC12192} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)

Task: {0C23898C-C054-4524-9FDA-B55498095B1A} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [249440 2017-02-13] (WinZip Computing LLC -> WinZip Computing, S.L.)

Task: {16730DB4-DF80-4485-B2E7-B42BD1CC50E2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1A280162-7EDD-4FBC-9CF7-F33A012E0B44} - System32\Tasks\PCDDataUploadTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [1131992 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)

Task: {1D5609B7-5F91-47DD-B25E-8EEFCAD6653F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-18] (Adobe Inc. -> Adobe)

Task: {1DD32911-244C-4F11-ADEE-6D9EB8B2DC57} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1F481F5E-3B3B-4232-A0C5-6C8967CADD47} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1FD74D5B-BEB2-42F2-BC20-B7CD4D070C60} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {26C443C9-2AA5-4F8B-ABB0-6DC124B96930} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702856 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {301E21C3-1ECC-4536-93C6-A3D2078ADF0C} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [1686016 2017-02-13] (WinZip) [File not signed]

Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe

Task: {33B0E3C5-6F03-400A-ABD1-B2BCA5EFE5A1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724680 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {43CCA9E6-E0A0-48FA-BC90-7EEC7BB229A3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {4666F151-90BA-4F54-B7BC-25A143FF4D1E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [41432 2017-09-22] (Dell Inc. -> Dell Inc.)

Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}

Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {51F8B45A-49FB-4807-9242-6D938C35D6C2} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software s.r.o. -> AVAST Software)

Task: {5307DC71-565E-457B-8684-46D512F8CF9D} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Scheduler.exe [147232 2017-10-24] (IObit Information Technology -> IObit)

Task: {54AAE1C9-C89A-472D-979B-7B39BFBABFDD} - System32\Tasks\Dell\Alienware Survey (user) => C:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7396920 2013-04-23] (Leader Technologies Inc -> Alienware, Inc.)

Task: {5513AB15-5B06-4C48-904B-24FBB92952C7} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe

Task: {59E4A08A-7BF9-4069-A34E-D4E70ED66C48} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}

Task: {5E487A4F-26D9-4FFC-A471-3FF575765E22} - System32\Tasks\{BD21828E-6E85-4A5F-A531-93EFCCE31ADF} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002

Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {6494FB16-B753-4DD3-BE70-F92CDFE23BF5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {6507A3DD-67E3-40D4-AC08-D55F4908CA1D} - System32\Tasks\IMF_SkipUAC_user => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

Task: {65899461-1FC6-40B3-AFA4-F2A43923DCB6} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}

Task: {6DEEF62D-5027-43A0-8E02-31A44DC06371} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)

Task: {76AA937F-165D-4A3C-A26E-54649CF7E732} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-15] (Dropbox, Inc -> Dropbox, Inc.)

Task: {777E1701-75C6-4F62-8F92-F876D658BA63} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}

Task: {794AA5C4-5F28-48F8-8F88-F52BA1D7F2D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)

Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {7ADC0829-54F9-4609-BE7A-C7B306C5CAEC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-15] (Dropbox, Inc -> Dropbox, Inc.)

Task: {8296A7D7-0D68-4CE4-842A-92FA72114EC4} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {85C0B4E0-1890-4B14-A7FB-086D2D20E6D5} - System32\Tasks\{961428CD-75CF-4B1D-99A6-93BE219E90C1} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002

Task: {88664223-AEFB-4AB4-8D08-01E4204C3EED} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3942792 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)

Task: {88DE34BE-E862-4A2F-958E-5D643F95C0D9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {8EF7FA6C-7713-4250-B563-45E6AD30E78F} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {9636E6AC-E3F6-4DBD-B1FE-120259C513D6} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [3332384 2016-12-05] (IObit Information Technology -> IObit)

Task: {9D586001-2F32-4DA6-94DD-020428D0249E} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe

Task: {A10C64D8-2808-4CD6-96CC-B8BEBBF329DF} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [9591408 2017-05-16] (Nota Inc. -> )

Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {A5CA5C77-A367-456A-BBEB-155CFAD923FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)

Task: {A7CF7DEA-D8B1-4EA6-8A17-E926AA0BAEB3} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [498976 2016-06-06] (IObit Information Technology -> IObit)

Task: {AFC1F419-3F11-48C5-A987-50854EEDD034} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Task: {B0A0F0AF-6D56-4C7D-9ECE-E57E0CE66B45} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}

Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe

Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {B9C9939A-420A-4E04-A48A-F78EE8430555} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [1131992 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)

Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {BEF660E6-FE3B-4F24-ACBF-497EEE954881} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software s.r.o. -> AVAST Software)

Task: {BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}

Task: {C0886BB8-93D7-4E82-A3FA-EBB80F4C4F58} - System32\Tasks\{4D62B893-7CF4-4072-AE2D-753C4A8DD238} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Android\Android_Driver\UnInstall.exe" -d "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android\Android_Dirver"

Task: {C20E22FE-372C-4BD5-964E-0E13035DAE76} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5430048 2017-02-17] (IObit Information Technology -> IObit)

Task: {C3958DB5-64BD-4AD8-92B9-31CFD62A26EE} - System32\Tasks\Uninstaller_SkipUac_user => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [4646176 2017-03-29] (IObit Information Technology -> IObit)

Task: {C882F5F4-FE15-4ADE-9D9D-7783A8D9F0CB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-24] (Adobe Inc. -> Adobe)

Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {CF86B5EC-253D-4BD0-B98D-BD567D278696} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572808 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {D32326F4-B2FA-4510-90E7-78C4CAF38076} - System32\Tasks\update-S-1-5-21-948451882-745259651-364939199-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {D887CEE4-B5F5-413B-B931-FCDBA017948C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)

Task: {DD3D7F03-B336-4E81-B357-85759A837507} - System32\Tasks\BA Scheduler => powershell.exe -WindowStyle Hidden -ExecutionPolicy bypass -c "$env:COMPLUS_version='v4.0.30319';&powershell{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.ST()}"

Task: {DDF81BD9-38B4-4D8D-BAA5-E6871F7E33D3} - System32\Tasks\ASC10_SkipUac_user => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [7025440 2017-02-21] (IObit Information Technology -> IObit)

Task: {E0820AD5-8FE7-4181-8891-FA45412390DD} - System32\Tasks\{DA031B6D-1A79-4FD9-BF89-A327F6865178} => C:\Windows\system32\pcalua.exe -a "C:\Users\user\Downloads\firestorm [1].exe" -d C:\Users\user\Downloads

Task: {E1087D77-1B68-4EA1-B500-45020337E25D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [1131992 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)

Task: {E3B7C1B0-A882-4BED-9B62-9BF92A56B211} - System32\Tasks\AdobeAAMUpdater-1.0-user-PC-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {E5CEA658-1A0B-4334-BD39-EE3D97EF1583} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)

Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe

Task: {E8AC1B04-5452-47CB-9A90-28EE1B408913} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [9591408 2017-05-16] (Nota Inc. -> )

Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F169D44C-0351-4223-B38B-BC0414DF3946} - System32\Tasks\Opera scheduled Autoupdate 1552358530 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)

Task: {F29147B7-A909-4993-A988-209B54944DCF} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}

Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {F9608979-743F-4487-9C15-A6F7676BD678} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}

Task: {FFC200DC-A073-4BC4-BDE1-C3D847CEF405} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [435672 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_user.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

Task: C:\WINDOWS\Tasks\update-S-1-5-21-948451882-745259651-364939199-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{78919c67-afbd-4619-9be8-ff5edefc229b}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{994a65e5-74f8-45de-9e7e-57cf8349a716}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\S-1-5-21-948451882-745259651-364939199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzquCTLqY8J65hCERxqnO0Ov%2F36hfr6RR8ZEzr1ClNqn9zN8%2Fdz2FiuJ4Uhg9I5ARr7gWq6FlXIxnPI5aBoccrmzqON5RXQ1OPPitGYoMkkFtktbBTmFCeEqYEbtUwf1tdIMWEYyYjyPXuIZE3%2BjvrTSXEmv6Z3q%2BH0%2FPnwV22xqqO7DCXAPwzEXa5OkP5Gr4r3Hkw%2FOOPBHG4eYTsvd%2FEHtw%3D%3D

HKU\S-1-5-21-948451882-745259651-364939199-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB

SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzqvCr3zj9jBuL7ct54mLZUH4X%2F60Mhbm3mof1cx9pxvE7ABxLF6XSvnFxi5VI4zW33RjgxxZd4%2Fml8rJYiaBEKqQado1zuFkwqAclpFQMkH%2Fu7RVseWT0e8KqOWpuOgg7ACQesN4ptmcoiY%2FxNhL7p8tcMgbTiNVyMhP2%2FKqd9yKVlaEyPPFyo22Kpz29%2FaQphY7VSnJZKUqbMPhkI63TQaw%3D%3D&p={searchTerms}

SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {4042AB84-6B2A-4C80-8AB8-59AD3471C519} URL =

SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F1FDB6BB-6C78-4B5A-A8AD-4E31B6090A52}&mid=ba44f209af0047cc90f5ed3ea0e6b20f-05a2079d975bbe56435000b6bec8606ccfb815bb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-28 11:42:44&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=ADB507D3-02C5-4B17-8EB5-DB2045D3DD5B&doi=2016-09-01&gct=kwd&qsrc=2869

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit Information Technology -> IObit)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-03-27] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]

BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

Toolbar: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FireFox:

========

FF DefaultProfile: upshz7qe.default-1565577553172

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172 [2019-08-28]

FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\user.js [2019-08-25]

FF Extension: (ETP Search Volume Study) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-08-11]

FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\Extensions\wrc@avast.com.xpi [2019-08-25]

FF Extension: (Download Manager for Firefox) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\Extensions\{2060d74a-fd12-4482-909b-9aeeaaa98627}.xpi [2019-08-12]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-24] (Adobe Inc. -> )

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-24] (Adobe Inc. -> )

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-07-30] (NVIDIA Corporation -> NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-07-30] (NVIDIA Corporation -> NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxps://www.google.com/

CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={BC4377F5-8EAA-40A4-B783-041C99BFE7C1}&mid=74b9f7da339b47d2b408d16fd8ad24c3-0fedf89264725e8aeeec51c223d9a0f27935316f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-27 21:26:47&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://rocket-find.com/?f=7&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtAtB0FyDtDzytBtD0C0DtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0C0CtD0EtBtBtG0CyC0BtAtGzy0DzzyCtGyEyDyDyBtGyCzy0B0BtAyCzzyBtBtBtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0ByD0D0BtAyC0AtGyBzyyD0EtG0DtB0DyEtGyEzz0F0AtGyByE0EtAtByEzzzz0AyBtC0C2Q&cr=1786417159&ir=","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzqxrIXZDflWRiONwIOIKhi%2FeuIxfTlQGMag00wlCKMOLp5JQogTIdsqzeCgvB0jDiXayl5sOia9nb243WmS9QtaPIEgXKDHEUB55IwtVqnxoD09ay0pgFLAarnm1zXYerGvwwFn79WQLSWPEQmSSZskGSJt8yHuT6vkFcf3WDvgp%2BpC74Q0G%2FwCIWbqMY8QhdYZfukgYlkUzNUteNixtYLsFNS6Ja%2FhlcgVt%2F8O57jyvI%3D"

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2019-08-28]

CHR Extension: (Open in Opera) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amojccmdnkdlcjcplmkijeenigbhfbpd [2019-03-11]

CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]

CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]

CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-27]

CHR Extension: (Norton Security Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2019-04-20]

CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Typio Form Recovery) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2019-06-17]

CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Small Waterfall) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjmpmheefpadfkjkkeeeanlkhdlpmeom [2017-12-09]

CHR Extension: (Stylish - Custom themes for any website) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2018-12-27]

CHR Extension: (TinEye Reverse Image Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2018-10-05]

CHR Extension: (Save to Facebook) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-07-11]

CHR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-08-28]

CHR Extension: (Safer Browsing) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbjcnchobkfkjdkejnjckempiocdnhgp [2017-11-19]

CHR Extension: (Norton Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-09]

CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]

CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaiphjmcchjmohkabamgjgodcjmlifmp [2019-08-22]

CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommbgnllpkjnidkcnginhlacffdcdijc [2019-05-01]

CHR Extension: (Secured Search Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpcpceofkopegffcdnffeenbfdldock [2019-08-22]

CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-01]

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-24]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

Opera:

=======

OPR Extension: (AdBlock) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2019-03-11]

OPR Extension: (Typio Form Recovery) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2019-06-30]

OPR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-08-24]

OPR Extension: (TinEye Reverse Image Search (Context menu)) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgdmjihcfdjkcgodohgofgcdfiaekdkk [2019-03-11]

OPR Extension: (Install Chrome Extensions) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-03-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"SegurazoIC" => service was unlocked. <==== ATTENTION

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit Information Technology -> IObit)

R2 AlienFusionService; C:\Program Files\Alienware\Command Center\AlienFusionService.exe [15888 2013-05-29] (Dell Inc. -> Alienware)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5975136 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)

R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [414696 2018-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software s.r.o. -> AVAST Software)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [405072 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [416576 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)

S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software s.r.o. -> AVAST Software)

S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.100\elevation_service.exe [978720 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)

R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-08-24] (AVAST Software s.r.o. -> AVAST Software)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-05] (BattlEye Innovations e.K. -> )

S2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [204880 2018-06-11] (CyberGhost SRL -> CyberGhost S.A.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-15] (Dropbox, Inc -> Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-15] (Dropbox, Inc -> Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-08-13] (Dropbox, Inc -> Dropbox, Inc.)

R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc -> Dell Inc.)

R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc -> Dell Inc.)

R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc -> Dell Inc.)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-10-05] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel® pGFX -> Intel Corporation)

S3 InstallerWrapperService; C:\Program Files\TrueKey\InstallerWrapperService.exe [47688 2017-03-02] (McAfee, Inc. -> McAfee, Inc.)

R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Trusted Connect Service -> Intel® Corporation)

R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit Information Technology -> IObit)

S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC -> iolo technologies, LLC)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

S2 MobiGameUpdater; C:\Program Files\MobiGame\MobiGameUpdater.exe [147456 2019-08-16] () [File not signed]

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2018-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

S2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4371592 2018-04-27] (Protected Antivirus Limited -> TotalAV)

R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4472936 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)

R2 SegurazoSvc; C:\Program Files (x86)\Seguraz

Back to top

#2 nasdaq

Forum Deity

Global Moderator
49,427 posts

Posted 30 August 2019 - 06:27 AM

Hello, Welcome to SpywareInfoForum.

I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.

Browser Assistant (HKLM-x32\...\{DFAA6F11-C27B-4EC0-83AE-3AC5B124A899}) (Version: 1.32.7106.16145 - Realistic Media Inc.)

Segurazo Realtime Protection Lite (HKLM-x32\...\Segurazo) (Version: 1.0.14.2 - Digital Communications Inc)

TotalAV (HKLM-x32\...\TotalAV) (Version: 4.6.19 - TotalAV)

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.

start::
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoClient.exe
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe
(Digital Communications Inc. -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe
(Realistic Media Inc. -> ) C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Segurazo\rsEngineHelper.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrowserAssistant.lnk [2019-08-22]
ShortcutTarget: BrowserAssistant.lnk -> C:\Users\user\AppData\Roaming\Browser Assistant\BrowserAssistant.exe (Realistic Media Inc. -> )
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk [2019-08-22]
ShortcutAndArgument: updater.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => -noninteractive -ExecutionPolicy bypass -c "try{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.R()}catch{}"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5E487A4F-26D9-4FFC-A471-3FF575765E22} - System32\Tasks\{BD21828E-6E85-4A5F-A531-93EFCCE31ADF} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002
Task: {85C0B4E0-1890-4B14-A7FB-086D2D20E6D5} - System32\Tasks\{961428CD-75CF-4B1D-99A6-93BE219E90C1} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12002
Task: {DD3D7F03-B336-4E81-B357-85759A837507} - System32\Tasks\BA Scheduler => powershell.exe -WindowStyle Hidden -ExecutionPolicy bypass -c "$env:COMPLUS_version='v4.0.30319';&powershell{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.ST()}"
HKU\S-1-5-21-948451882-745259651-364939199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzquCTLqY8J65hCERxqnO0Ov%2F36hfr6RR8ZEzr1ClNqn9zN8%2Fdz2FiuJ4Uhg9I5ARr7gWq6FlXIxnPI5aBoccrmzqON5RXQ1OPPitGYoMkkFtktbBTmFCeEqYEbtUwf1tdIMWEYyYjyPXuIZE3%2BjvrTSXEmv6Z3q%2BH0%2FPnwV22xqqO7DCXAPwzEXa5OkP5Gr4r3Hkw%2FOOPBHG4eYTsvd%2FEHtw%3D%3D
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311157&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2NvtTAgdOR1nCU07PAQDzqvCr3zj9jBuL7ct54mLZUH4X%2F60Mhbm3mof1cx9pxvE7ABxLF6XSvnFxi5VI4zW33RjgxxZd4%2Fml8rJYiaBEKqQado1zuFkwqAclpFQMkH%2Fu7RVseWT0e8KqOWpuOgg7ACQesN4ptmcoiY%2FxNhL7p8tcMgbTiNVyMhP2%2FKqd9yKVlaEyPPFyo22Kpz29%2FaQphY7VSnJZKUqbMPhk... (long line)
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F1FDB6BB-6C78-4B5A-A8AD-4E31B6090A52}&mid=ba44f209af0047cc90f5ed3ea0e6b20f-05a2079d975bbe56435000b6bec8606ccfb815bb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-28 11:42:44&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=ADB507D3-02C5-4B17-8EB5-DB2045D3DD5B&doi=2016-09-01&gct=kwd&qsrc=2869
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKU\S-1-5-21-948451882-745259651-364939199-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\upshz7qe.default-1565577553172\user.js [2019-08-25]
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={BC4377F5-8EAA-40A4-B783-041C99BFE7C1}&mid=74b9f7da339b47d2b408d16fd8ad24c3-0fedf89264725e8aeeec51c223d9a0f27935316f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-27 21:26:47&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://rocket-find.com/?f=7&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCtAtB0FyDtDzytBtD0C0DtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyB0C0CtD0E... (long line)
CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaiphjmcchjmohkabamgjgodcjmlifmp [2019-08-22]
CHR Extension: (Search Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommbgnllpkjnidkcnginhlacffdcdijc [2019-05-01]
CHR Extension: (Secured Search Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpcpceofkopegffcdnffeenbfdldock [2019-08-22]
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-948451882-745259651-364939199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
S2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4371592 2018-04-27] (Protected Antivirus Limited -> TotalAV)
R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4472936 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
R2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [249448 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
R1 SEGURAZOKD; C:\Program Files (x86)\Segurazo\SegurazoKD.sys [84256 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
U3 idsvc; no ImagePath
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [4shared_Desktop] -> {EBDF1F20-C829-11D1-8233-0020AF3E97A9} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [4shared_Desktop] -> {EBDF1F20-C829-11D1-8233-0020AF3E97A9} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{C397342D-D62A-483A-AF8F-E9D2C3689FA1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe No File
FirewallRules: [{B15BE631-98CF-46AA-B5BC-6EE7DBCE9946}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe No File
FirewallRules: [{021D98A2-88B6-47DB-8B22-2D0B7209AD2D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{03E86C25-2875-419C-B4D1-E2269CF5D0DC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{73335C75-0B9D-49CD-A95D-DB7016A6D562}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe No File
FirewallRules: [{DA131D7E-3BA6-4A36-8DCA-6CCECFF31364}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe No File
 
Reboot:
 
End::

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.

The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Run Malwarebytes and let me know if you have issues with this computer.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#3 Zanshiro

Rurouni Shijin

Helper Trainee
149 posts

Posted 30 August 2019 - 02:56 PM

Seems a VERY suspect uninstaller for Segurazo. It forced several other 'approvals' in the uninstaller to go through, saying there's an active subscription among other things. It says it will remove after reboot. Googled it for good measure, as it apparently started running on her computer and identifying false positives as soon as it started up today. It seems to be causing a 'hang' where the spinning circle has just been spinning for about 15 minutes on the "Uninstall" image in the Add/Remove programs window.

https://forums.malwa...s-for-segurazo/

Though they claimed to need to in order to uninstall, I did NOT allow them to reboot per instructions not mentioning that, and here is the result....

Kicked me out TV midway, and then crashed. When she rebooted, the copy of farbar we ran was gone, but fixlog.txt is there. Here it comes.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2019

Ran by user (30-08-2019 16:55:33) Run:1

Running from C:\Users\user\Desktop\Malware Repair\FRST-OlderVersion

Loaded Profiles: user (Available Profiles: user)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

EmptyTemp:

CloseProcesses: