Jump to content


Photo

Turbo Image Host / Internet Security Warning

Started by RobertCF , Feb 17 2020 01:26 PM

  • This topic is locked This topic is locked
13 replies to this topic

#1 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 17 February 2020 - 01:26 PM

I'm having a problem only when I click on or try to open an image that is hosted by Turbo Image Host (TIH).  I don't have a problem with any other image hosting site.  When I try to open an image hosted by TIH  (most of the time) my laptop freezes Firefox so I have to shut my browser using Windows Task Manager.

 

 I'm still with Windows 7 but the problem started months ago.  I frequent a site called "Use My Computer" where I learned I'm infected with "
Tsyndicate.com".  I found about 5 related files with that name but deleting those files did not solve the problem.

 

Here is the scan from Malwarebytes and I will post the results from the other requested scans over the next few hours;

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/17/20
Scan Time: 1:45 PM
Log File: a9e83856-51b5-11ea-9ca7-606c668c2377.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.823
Update Package Version: 1.0.19358
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RCFetter-PC\RCFetter

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 320119
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 26 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


#2 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 17 February 2020 - 01:41 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by RCFetter (17-02-2020 14:34:38)
Running from C:\Users\RCFetter\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-06-20 16:05:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-709989229-488928679-3307805319-500 - Administrator - Disabled)
Guest (S-1-5-21-709989229-488928679-3307805319-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-709989229-488928679-3307805319-1002 - Limited - Enabled)
RCFetter (S-1-5-21-709989229-488928679-3307805319-1000 - Administrator - Enabled) => C:\Users\RCFetter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.330 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Amazon Kindle) (Version: 1.27.0.56109 - Amazon)
Amazon Unbox Video (HKLM-x32\...\{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 5.0.0.17 - Amazon.com) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 5.0.0.17 - Amazon.com)
Apple Application Support (32-bit) (HKLM-x32\...\{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 79.0.3061.79 - AVAST Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bulk Image Downloader v5.53.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: 5.53 - Antibody Software)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\{B7682259-63F5-42FA-933B-ACD343CF7049}) (Version: 3.4.1.49 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 4.1.28 - Gridinsoft LLC)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 4510 series Basic Device Software (HKLM\...\{2B054C3F-C753-47D8-A5CA-D92AC5D455EB}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4510 series Help (HKLM-x32\...\{CB5C9CB2-B471-42CC-93E6-D0E15021D5C2}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
iCloud (HKLM\...\{359CA9EA-898C-4F5C-80D9-C111F27B489E}) (Version: 7.17.0.13 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{B9EE2364-A67C-40DD-8413-495E2C7FBCD0}) (Version: 2.1.2.0206 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
iTunes (HKLM\...\{49F48AA2-DEA7-453A-8735-9C862E7C8467}) (Version: 12.10.4.2 - Apple Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.12430.20264 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 73.0 (x64 en-US) (HKLM\...\Mozilla Firefox 73.0 (x64 en-US)) (Version: 73.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 73.0.0.7342 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Product Improvement Study for HP ENVY 4510 series (HKLM\...\{73B843F4-6940-4707-A647-7E9349D45A96}) (Version: 40.11.1122.1796 - HP Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-01-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk

==================== Loaded Modules (Whitelisted) =============

2009-09-23 11:51 - 2009-09-23 11:51 - 000012288 _____ ( ) [File not signed] C:\Program Files\Intel\TurboBoost\DHLogInterfaces.Interop.dll
2009-06-22 19:23 - 2009-06-22 19:23 - 000134144 _____ (Hewlett-Packard Company) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\hpfui50.dll
2013-06-11 09:00 - 2013-02-22 19:38 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2012-08-23 12:58 - 2012-08-23 12:58 - 000498176 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll
2012-07-18 00:48 - 2012-07-18 00:48 - 000105472 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
2013-08-30 20:18 - 2013-08-30 20:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2013-08-30 20:18 - 2013-08-30 20:18 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2011-12-08 09:56 - 2011-12-08 09:56 - 000354816 _____ (Intel Corporation) [File not signed] C:\Windows\system32\mbtleapi.dll
2019-03-27 22:34 - 2019-03-27 22:34 - 000130560 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2013-06-20 12:05 - 2013-06-20 12:05 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2010-08-02 21:05 - 2010-08-02 21:05 - 000105984 _____ (Microsoft) [File not signed] C:\Program Files\Intel\TurboBoost\Microsoft.WindowsAPICodePack.dll
2010-08-02 21:05 - 2010-08-02 21:05 - 000542720 _____ (Microsoft) [File not signed] C:\Program Files\Intel\TurboBoost\Microsoft.WindowsAPICodePack.Shell.dll
2019-11-22 10:02 - 2019-11-22 10:02 - 001899008 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-01-04 03:45 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-709989229-488928679-3307805319-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17F2306E-4A1E-479D-9DA3-8578CB33FEC6}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Wireless Display -> Intel Corporation)
FirewallRules: [{98A1A7F3-506B-43F8-8C10-1207B52D443A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0597DA27-48C2-42B9-A0C9-F5D04679DD02}] => (Allow) LPort=2869
FirewallRules: [{87F4DD9D-0A6C-4303-95AB-6C06A65661A4}] => (Allow) LPort=1900
FirewallRules: [{E49621DF-D9AA-4B4C-9C2F-13D50038905B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{E7416698-5ABE-45B6-9610-19329F62C643}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5DE3EDFD-C250-4976-80DE-F0D1FBF5106F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{328E11DE-D0C5-4CA2-89E9-53F4DFBBA242}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D69149D-E4CB-4073-B60E-FA1AEA2D0973}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FD284307-B25B-4AFE-B4E2-3D31C96F5EBF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65EAA316-23A5-4E25-8D6F-73690EBDA13C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4B3549FF-0C1C-4555-856A-CD628C764964}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{052FC9AB-4DD5-40CD-84B4-D04FDE8E4139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF7AB767-97E9-4EDE-99DC-9CCE57F8F56D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93D65C42-0955-4560-9F9C-9899DE1097A7}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B89CFF00-1B3D-41A4-B8FE-3E2383E3433B}] => (Allow) LPort=5357
FirewallRules: [{EC955F32-2A99-402C-842C-75C261369B41}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B06FE607-CE34-4167-8543-DAABFF393F46}] => (Allow) C:\Users\RCFetter\AppData\Local\Temp\7zS7362\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{7671D7C5-4F97-43E2-964C-3AF00F002036}] => (Allow) C:\Users\RCFetter\AppData\Local\Temp\7zS7362\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{BD6A8B39-4090-44AD-8458-6A3D4753B26C}] => (Allow) C:\Users\RCFetter\AppData\Local\Temp\7zS7D1A\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{5163AF6D-2556-4CD7-BBBA-F38C4CB73C12}] => (Allow) C:\Users\RCFetter\AppData\Local\Temp\7zS7D1A\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{786DAE82-8CD6-4B9A-83FB-CB75F65BF993}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1D906C85-88BB-445B-9302-EFDE81CC8164}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EBD061CD-BA46-4FB5-9EAE-A476FA58E775}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

08-02-2020 00:47:56 Scheduled Checkpoint
12-02-2020 03:00:40 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/17/2020 02:12:03 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/17/2020 01:11:29 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/17/2020 12:10:45 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/17/2020 11:10:44 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/17/2020 10:10:38 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/17/2020 09:10:40 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/17/2020 08:10:37 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/17/2020 07:10:37 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (02/14/2020 10:48:07 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/14/2020 10:47:04 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/12/2020 08:43:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/12/2020 08:35:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Dell Client Management Service service hung on starting.

Error: (02/12/2020 08:35:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/12/2020 08:34:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/12/2020 08:33:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/12/2020 03:26:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2016-04-29 05:23:26.572
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

==================== Memory info ===========================

BIOS: Dell Inc. A16 05/24/2018
Motherboard: Dell Inc. 0K08H3
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 94%
Total physical RAM: 6031.36 MB
Available physical RAM: 345.17 MB
Total Virtual: 15378.49 MB
Available Virtual: 5968.45 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.54 GB) (Free:312.31 GB) NTFS

\\?\Volume{90316b44-d2a9-11e2-9042-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:15.18 GB) (Free:7.91 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B27F8B8A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


#3 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 17 February 2020 - 01:44 PM

Result of Security Analysis by Rocket Grannie (x86) Updated: 12th, January 2020
Running from:C:\Users\RCFetter\Downloads (14:44:09 - 02/17/2020)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (32.0.0.330)
Adobe Acrobat Reader DC (20.006.20034)
Google Chrome (79.0.3945.130)
Java (8.0.2310.11)
Malwarebytes (4.0.4.49)
Microsoft Silverlight (5.1.50918.0)
Mozilla Firefox (73.0)
Windows Live Essentials (16.4.3505.0912) ==> is no longer supported

 


#4 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 17 February 2020 - 06:25 PM

I did an ESET scan which took several hours but the the Text Log of the scan would not save anywhere on my laptop.  Let me know if I should run it again.  After the ESET scan I checked opening an image from TurboImageHost and I still have the problem.


#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,381 posts

Posted 19 February 2020 - 07:28 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Sorry for this delay.
 
I need to see the FRST.TXT to complete the review.
Please post it in your next reply.
 
p.s.
Clean the Firefox Cache it may help.
 
Let me know if the problem persists.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 19 February 2020 - 01:23 PM

Thank you nasdaq.  I cleared history/cache.  I thought I posted FRST.TXT in my second post (maybe I forgot to post both files) but I ran it again and here are the files:

 

() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Home Scanner\hvasrv.exe
(Compal Electronics, Inc. -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dell Inc -> SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Software -> Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel® Software -> Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1357\DSAPI.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Compal Electronics, Inc. -> Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406640 2012-06-01] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-06-20] (Google Inc -> Google Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [HP ENVY 4510 series (NET)] => C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\Installer\chrmstp.exe [2020-02-12] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk [2013-06-11]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Software -> Intel® Corporation)
Startup: C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-02-21]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01201EF2-1CB1-4AC9-8B18-D6F82B7B77F1} - System32\Tasks\HPCustPartic.exe_{5529181F-A55F-4AA8-AB64-DDADD2B79186} => C:\Program Files\HP\HP ENVY 4510 series\Bin\HPCustPartic.exe [6438536 2017-04-06] (Hewlett Packard -> HP Inc.)
Task: {06A2DEE8-0F8B-4D20-A7A6-061D4E62FFF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {119E20C3-3D63-4529-864C-CF98885ACA08} - System32\Tasks\{9DCBBBE6-A078-47AA-8BF7-6044625C05C5} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {13D106F2-9A19-43E8-B413-AE78C47689C4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {249DB141-03CF-466D-9C6F-8E255FD07195} - System32\Tasks\HPCustParticipation HP ENVY 4510 series => C:\Program Files\HP\HP ENVY 4510 series\Bin\HPCustPartic.exe [6438536 2017-04-06] (Hewlett Packard -> HP Inc.)
Task: {3065A531-8352-46AA-BD66-AD7E7DA1F065} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1835112 2020-02-19] (Avast Software s.r.o. -> AVAST Software)
Task: {4254C022-AA1A-4E48-8392-143D364290AF} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {48D15822-F605-430D-865B-10C23A0D69B7} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {4B738BFD-BA96-4869-B6E7-9B09DE132B40} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {4ED96455-4ADB-497F-96F7-B05F3CD92204} - System32\Tasks\{B8485E03-4452-44A6-A395-74678E5DA8B4} => C:\Windows\system32\pcalua.exe -a C:\Users\RCFetter\Downloads\vcredist_x86(1).exe -d C:\Users\RCFetter\Downloads
Task: {5057FC89-33A9-4355-A297-4B7461D3AF13} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\RCFetter\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-17] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {52959E02-0F42-4D12-80F7-4D3AB5D46C2E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-11] (Adobe Inc. -> Adobe)
Task: {54EACBD8-8367-4D3C-884E-E6C7577E2756} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {63D31750-E3BA-49B6-A67D-BD758C20CE93} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\RCFetter\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-17] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {67863107-C081-480E-B5A3-F223956D3BC0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-709989229-488928679-3307805319-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2013-06-11] (Microsoft Windows -> Microsoft Corporation)
Task: {7177605C-64BB-487E-815A-F55B28B9D862} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [489272 2019-08-07] (Bitdefender SRL -> Bitdefender)
Task: {87DB4F5D-2893-446D-BAAA-050643934296} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E314D5D-FEA5-41BE-91CB-298E54A3021C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {8F75DE81-3905-4D6C-8759-9A443C0C0A9C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {96B52B84-91EE-4A7B-BF85-ECD49CCB5CA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {9BC8B4B1-35E1-4A8C-9132-EB3A22DA86A3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1353616 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0736774-8849-4DE2-B9DC-D5759BCD8DFF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1353616 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B03775EA-BC0B-4551-9448-A454C5A71A83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-11] (Adobe Inc. -> Adobe)
Task: {B162864B-6DCA-40BE-9C10-D3464D58CA49} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568904 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {C427DB4E-AFFC-432F-823D-DF9FFA6ED2E0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {CC9EBD44-46FE-45ED-AA1B-8E8C64B68FB3} - System32\Tasks\{863B7A09-23A6-4B27-AFA2-D9F1882072C5} => C:\Windows\system32\pcalua.exe -a C:\Users\RCFetter\Downloads\ST2011\Setup_ST.exe -d C:\Users\RCFetter\Downloads\ST2011
Task: {D2242034-74EE-49B6-870B-0A853B283EA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {D3B595BF-3B58-4565-9CAD-B56D8D7F5259} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1519064 2020-01-14] (Dell Inc. -> Dell Inc.)
Task: {DE17AC5C-0015-4DEC-B1B6-2A8DA562BE8C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
Task: {E8F5ABDB-8344-4C46-B9C0-9A46FA138D00} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [22161832 2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
Task: {EEFE1455-BC36-4FBB-83DF-340A4FE64B9A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft)
Task: {EF5235BA-04CF-4FF4-9475-7BE9E7D32886} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {F127BFCF-8ED3-4133-9585-578F58232AB9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {F37595AA-BAEA-413E-AED0-C968AB194974} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F511D085-BBA0-4706-AEEC-995ED99D450F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5E5E88F-63CF-452B-8A33-DD06337E2C91} - System32\Tasks\Bitdefender AgentTask_6F2980EE6088481484E6D8285516CD07 => C:\Program Files\Bitdefender Home Scanner\hvaag.exe [367336 2019-09-30] (Bitdefender SRL -> Bitdefender)
Task: {F8CA34CD-7A87-4409-8635-97F627A2A2DF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568904 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE1B4C11-4958-4AF0-8A38-3F1D509D3AEF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{D572EB10-D94A-4162-A44B-B7EDD9A2FBAA}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-709989229-488928679-3307805319-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-709989229-488928679-3307805319-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-709989229-488928679-3307805319-1000 -> {02BEAEFD-359F-4A9E-9CCD-89D86892A6BA} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> No File
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc -> Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.)
Toolbar: HKLM - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKU\S-1-5-21-709989229-488928679-3307805319-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: corochq5.default-1491311854580-1581632745281
FF ProfilePath: C:\Users\RCFetter\AppData\Roaming\Mozilla\Firefox\Profiles\corochq5.default-1491311854580-1581632745281 [2020-02-19]
FF Extension: (Urlbar Tips) - C:\Users\RCFetter\AppData\Roaming\Mozilla\Firefox\Profiles\corochq5.default-1491311854580-1581632745281\Extensions\urlbar-tips@shield.mozilla.org.xpi [2020-02-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default [2020-02-18]
CHR Notifications: Default -> hxxp://www.aol.com; hxxps://mail.google.com; hxxps://www.bellazon.com; hxxps://www.washingtonpost.com; hxxps://www.xvideos.com
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Docs) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (High Contrast) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2018-07-15]
CHR Extension: (Google Docs Offline) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-15]
CHR Extension: (Pinterest Save Button) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-01-14]
CHR Extension: (NPR Infinite Player) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2013-06-20]
CHR Extension: (Pocket) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-05-01]
CHR Extension: (Save to Pocket) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2019-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Web Cache Viewer) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkloffickinnlnmefmjmjbacohecpbd [2017-12-05]
CHR Extension: (Gmail) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [23040 2015-02-22] (Amazon.com) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-27] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\elevation_service.exe [968552 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11096432 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [244280 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3339824 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1357\DSAPI.exe [964592 2020-01-22] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36032 2019-11-08] (Dell Inc -> )
R2 hvasrv; C:\Program Files\Bitdefender Home Scanner\hvasrv.exe [590680 2019-09-30] (Bitdefender SRL -> Bitdefender)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-02-17] (Malwarebytes Inc -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] (Intel Corporation-Mobile Wireless Group -> )
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1296560 2019-08-07] (Bitdefender SRL -> Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1695040 2012-02-16] (Dell Inc -> SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [50648 2020-01-14] (Dell Inc. -> Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [198144 2012-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [198144 2012-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 GridinSoftInetSecurityDriver; C:\Windows\System32\DRIVERS\gsInetSecurity.sys [107784 2020-01-16] (GridinSoft, LLC -> GridinSoft LLC)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-02-17] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-02-19] (Malwarebytes Inc -> Malwarebytes)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated -> Synaptics Incorporated)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [38216 2020-01-16] (GridinSoft, LLC -> GridinSoft LLC)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-19 14:07 - 2020-02-19 14:07 - 002279424 _____ (Farbar) C:\Users\RCFetter\Downloads\FRST64(1).exe
2020-02-19 14:06 - 2020-02-19 14:06 - 002008064 _____ (Farbar) C:\Users\RCFetter\Downloads\FRST.exe
2020-02-19 10:37 - 2020-02-19 13:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-02-17 23:18 - 2020-02-19 10:38 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-02-17 22:34 - 2020-02-17 22:34 - 000000036 _____ C:\Users\RCFetter\AppData\Local\housecall.guid.cache
2020-02-17 22:32 - 2020-02-17 22:32 - 002660528 _____ (Trend Micro Inc.) C:\Users\RCFetter\Downloads\HousecallLauncher64.exe
2020-02-17 22:11 - 2020-02-18 10:24 - 000003242 _____ C:\Windows\system32\Tasks\Bitdefender AgentTask_6F2980EE6088481484E6D8285516CD07
2020-02-17 22:11 - 2020-02-17 22:11 - 000075123 _____ C:\ProgramData\hva.1581992469.bdinstall.bin
2020-02-17 21:31 - 2020-02-17 22:11 - 000000000 ____D C:\ProgramData\Bitdefender Home Scanner
2020-02-17 21:31 - 2020-02-17 21:31 - 000001980 _____ C:\Users\Public\Desktop\Bitdefender Home Scanner.lnk
2020-02-17 21:31 - 2020-02-17 21:31 - 000001980 _____ C:\ProgramData\Desktop\Bitdefender Home Scanner.lnk
2020-02-17 21:31 - 2020-02-17 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Home Scanner
2020-02-17 21:22 - 2020-02-19 10:34 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-02-17 21:21 - 2020-02-17 22:11 - 000000000 ____D C:\Program Files\Bitdefender Home Scanner
2020-02-17 21:20 - 2020-02-17 22:11 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-02-17 21:20 - 2020-02-17 21:20 - 011794232 _____ C:\Users\RCFetter\Downloads\bitdefender_homescanner.exe
2020-02-17 21:20 - 2020-02-17 21:20 - 000106832 _____ C:\ProgramData\agent.1581992434.bdinstall.v2.bin
2020-02-17 21:20 - 2020-02-17 21:20 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-02-17 18:22 - 2020-02-18 21:34 - 000003734 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2020-02-17 18:22 - 2020-02-18 21:34 - 000003294 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2020-02-17 14:52 - 2020-02-17 14:52 - 000000808 _____ C:\Users\RCFetter\Desktop\ESET Online Scanner.lnk
2020-02-17 14:48 - 2020-02-17 14:48 - 000000000 ____D C:\Users\RCFetter\AppData\Local\ESET
2020-02-17 14:45 - 2020-02-17 14:46 - 014562400 _____ (ESET spol. s r.o.) C:\Users\RCFetter\Downloads\esetonlinescanner_enu.exe
2020-02-17 14:42 - 2020-02-17 14:44 - 000000992 _____ C:\Users\RCFetter\Downloads\SALog.txt
2020-02-17 14:42 - 2020-02-17 14:42 - 000899584 _____ C:\Users\RCFetter\Downloads\RGSA(1).exe
2020-02-17 14:34 - 2020-02-17 14:43 - 000029192 _____ C:\Users\RCFetter\Downloads\Addition.txt
2020-02-17 14:31 - 2020-02-19 14:11 - 000051445 _____ C:\Users\RCFetter\Downloads\FRST.txt
2020-02-17 14:29 - 2020-02-17 14:29 - 002279424 _____ (Farbar) C:\Users\RCFetter\Downloads\FRST64.exe
2020-02-17 13:44 - 2020-02-17 13:44 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-02-17 13:32 - 2020-02-17 13:32 - 001924728 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\MBSetup(3).exe
2020-02-16 18:22 - 2020-02-16 18:23 - 000899584 _____ C:\Users\RCFetter\Downloads\RGSA.exe
2020-02-14 14:12 - 2020-02-14 14:12 - 001924728 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\MBSetup(2).exe
2020-02-14 14:11 - 2020-02-14 14:11 - 001924728 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\MBSetup(1).exe
2020-02-14 14:05 - 2020-02-14 14:08 - 000000000 ____D C:\AdwCleaner
2020-02-14 14:03 - 2020-02-14 14:04 - 008356016 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\adwcleaner_8.0.2.exe
2020-02-13 18:47 - 2020-02-13 18:47 - 001924728 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\MBSetup.exe
2020-02-13 17:25 - 2020-02-13 17:25 - 000000000 ____D C:\Users\RCFetter\Desktop\Old Firefox Data
2020-02-13 16:45 - 2020-02-19 10:46 - 000003240 _____ C:\Windows\system32\Tasks\GridinSoft Anti-Malware
2020-02-13 16:45 - 2020-02-13 16:45 - 000000869 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2020-02-13 16:45 - 2020-02-13 16:45 - 000000869 _____ C:\ProgramData\Desktop\GridinSoft Anti-Malware.lnk
2020-02-13 16:44 - 2020-02-19 10:46 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2020-02-13 16:44 - 2020-02-13 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2020-02-13 16:44 - 2020-02-13 16:44 - 000000000 ____D C:\ProgramData\GridinSoft
2020-02-13 16:43 - 2020-02-13 16:43 - 000989584 _____ (GridinSoft LLC) C:\Users\RCFetter\Downloads\install-antimalware-ag.exe
2020-01-31 15:53 - 2020-01-31 15:53 - 000001709 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-01-31 15:53 - 2020-01-31 15:53 - 000001709 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-01-31 15:53 - 2020-01-31 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-01-31 15:53 - 2020-01-31 15:53 - 000000000 ____D C:\Program Files\iPod
2020-01-31 15:52 - 2020-01-31 15:53 - 000000000 ____D C:\Program Files\iTunes
2020-01-31 15:44 - 2020-01-31 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2020-01-22 14:31 - 2020-01-22 14:31 - 000002087 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2020-01-22 14:31 - 2020-01-22 14:31 - 000002087 _____ C:\ProgramData\Desktop\SupportAssist.lnk
2020-01-22 13:46 - 2020-01-22 16:29 - 000002008 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2020-01-22 13:46 - 2020-01-22 16:29 - 000002008 _____ C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk
2020-01-22 13:46 - 2020-01-22 13:46 - 000000000 ____D C:\Users\RCFetter\AppData\Roaming\HPPSDr

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-19 14:10 - 2015-02-16 21:03 - 000000000 ____D C:\FRST
2020-02-19 13:43 - 2016-11-20 07:48 - 000000000 ____D C:\Users\RCFetter\AppData\LocalLow\Mozilla
2020-02-19 13:28 - 2013-06-20 12:53 - 000000000 ____D C:\ProgramData\Mozilla
2020-02-19 13:28 - 2013-06-20 12:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-02-19 10:49 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-02-19 10:49 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-02-19 10:38 - 2009-07-14 00:13 - 000788478 _____ C:\Windows\system32\PerfStringBackup.INI
2020-02-19 10:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2020-02-19 10:35 - 2018-05-27 09:05 - 000000000 ____D C:\Users\RCFetter\AppData\Local\AVAST Software
2020-02-19 10:33 - 2015-05-04 07:24 - 000000000 ___RD C:\Users\RCFetter\iCloudDrive
2020-02-19 10:33 - 2015-03-07 09:24 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2020-02-19 10:32 - 2013-06-11 09:14 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2020-02-19 10:32 - 2013-06-11 09:14 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2020-02-19 10:31 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-18 21:34 - 2020-01-09 12:21 - 000002948 _____ C:\Windows\system32\Tasks\HPCustPartic.exe_{5529181F-A55F-4AA8-AB64-DDADD2B79186}
2020-02-18 21:34 - 2020-01-09 12:19 - 000003576 _____ C:\Windows\system32\Tasks\HPCustParticipation HP ENVY 4510 series
2020-02-18 21:34 - 2019-04-19 11:20 - 000003186 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-709989229-488928679-3307805319-1000
2020-02-18 21:34 - 2018-10-05 11:15 - 000003146 _____ C:\Windows\system32\Tasks\{9DCBBBE6-A078-47AA-8BF7-6044625C05C5}
2020-02-18 21:34 - 2018-05-16 09:36 - 000004208 _____ C:\Windows\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2020-02-18 21:34 - 2018-03-13 17:13 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-02-18 21:34 - 2015-12-03 22:34 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-02-18 21:34 - 2015-07-20 08:17 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-02-18 21:34 - 2015-05-03 07:04 - 000003432 _____ C:\Windows\system32\Tasks\Apple Diagnostics
2020-02-18 21:34 - 2015-04-12 15:16 - 000003162 _____ C:\Windows\system32\Tasks\{B8485E03-4452-44A6-A395-74678E5DA8B4}
2020-02-18 21:34 - 2013-09-13 10:36 - 000003118 _____ C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2020-02-18 21:34 - 2013-09-13 10:36 - 000003092 _____ C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2020-02-18 21:34 - 2013-09-13 10:36 - 000003090 _____ C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_itype_exe
2020-02-18 21:34 - 2013-09-13 10:36 - 000003062 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2020-02-18 21:34 - 2013-09-13 10:36 - 000003060 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2020-02-18 21:34 - 2013-08-17 22:43 - 000003176 _____ C:\Windows\system32\Tasks\{863B7A09-23A6-4B27-AFA2-D9F1882072C5}
2020-02-18 21:34 - 2013-06-20 12:06 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-18 21:34 - 2013-06-20 12:06 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-18 21:34 - 2013-06-11 08:25 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-02-17 23:20 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2020-02-17 13:44 - 2019-08-21 10:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-02-17 13:44 - 2019-08-21 10:36 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-02-17 13:44 - 2019-08-21 10:36 - 000001918 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-02-15 11:18 - 2013-06-22 07:46 - 000000000 ____D C:\Users\RCFetter\Documents\Bulk Image Downloader
2020-02-14 16:46 - 2013-06-20 12:14 - 000000000 ____D C:\Users\RCFetter\Documents\PERSONAL FINANCE - BANK BALANCE
2020-02-13 12:40 - 2019-12-08 14:20 - 000000000 ____D C:\Users\RCFetter\AppData\Local\cache
2020-02-12 14:16 - 2019-04-17 11:14 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2020-02-12 14:16 - 2019-04-17 11:14 - 000003150 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2020-02-12 14:16 - 2018-05-27 09:06 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-02-12 12:22 - 2016-11-07 08:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-02-12 08:41 - 2015-05-04 07:26 - 000000000 ____D C:\Users\RCFetter\AppData\Local\DE7CCD73-8E70-4A7C-827C-EF6C034807E4.aplzod
2020-02-12 08:38 - 2013-06-11 09:11 - 000000000 ____D C:\ProgramData\PCDr
2020-02-12 08:32 - 2019-12-08 12:34 - 000376648 _____ C:\Windows\system32\FNTCACHE.DAT
2020-02-12 03:10 - 2013-08-14 02:00 - 000000000 ____D C:\Windows\system32\MRT
2020-02-12 03:03 - 2013-06-22 22:19 - 120407888 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-02-12 00:48 - 2015-02-21 20:25 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-12 00:45 - 2013-06-11 09:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-02-11 21:13 - 2013-06-11 08:25 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-02-11 21:13 - 2013-06-11 08:25 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-02-11 21:13 - 2013-06-11 08:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-02-11 21:13 - 2013-06-11 08:25 - 000000000 ____D C:\Windows\system32\Macromed
2020-02-10 12:00 - 2013-07-04 18:46 - 000000000 ___RD C:\Users\RCFetter\SkyDrive
2020-02-10 11:59 - 2014-02-2

#7 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 19 February 2020 - 01:23 PM

Second FRST:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by RCFetter (19-02-2020 14:11:35)
Running from C:\Users\RCFetter\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-06-20 16:05:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-709989229-488928679-3307805319-500 - Administrator - Disabled)
Guest (S-1-5-21-709989229-488928679-3307805319-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-709989229-488928679-3307805319-1002 - Limited - Enabled)
RCFetter (S-1-5-21-709989229-488928679-3307805319-1000 - Administrator - Enabled) => C:\Users\RCFetter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.330 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Amazon Kindle) (Version: 1.27.0.56109 - Amazon)
Amazon Unbox Video (HKLM-x32\...\{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 5.0.0.17 - Amazon.com) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 5.0.0.17 - Amazon.com)
Apple Application Support (32-bit) (HKLM-x32\...\{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 79.0.3061.79 - AVAST Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.151 - Bitdefender)
Bitdefender Home Scanner (HKLM\...\Bitdefender Home Scanner) (Version: 1.0.7.161 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bulk Image Downloader v5.53.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: 5.53 - Antibody Software)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\{B7682259-63F5-42FA-933B-ACD343CF7049}) (Version: 3.4.1.49 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 4.1.28 - Gridinsoft LLC)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 4510 series Basic Device Software (HKLM\...\{2B054C3F-C753-47D8-A5CA-D92AC5D455EB}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4510 series Help (HKLM-x32\...\{CB5C9CB2-B471-42CC-93E6-D0E15021D5C2}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
iCloud (HKLM\...\{359CA9EA-898C-4F5C-80D9-C111F27B489E}) (Version: 7.17.0.13 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{B9EE2364-A67C-40DD-8413-495E2C7FBCD0}) (Version: 2.1.2.0206 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
iTunes (HKLM\...\{49F48AA2-DEA7-453A-8735-9C862E7C8467}) (Version: 12.10.4.2 - Apple Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.12430.20264 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 73.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 73.0.1 (x64 en-US)) (Version: 73.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 73.0.1.7352 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Product Improvement Study for HP ENVY 4510 series (HKLM\...\{73B843F4-6940-4707-A647-7E9349D45A96}) (Version: 40.11.1122.1796 - HP Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-01-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk

==================== Loaded Modules (Whitelisted) =============

2009-09-23 11:51 - 2009-09-23 11:51 - 000012288 _____ ( ) [File not signed] C:\Program Files\Intel\TurboBoost\DHLogInterfaces.Interop.dll
2013-06-11 09:00 - 2013-02-22 19:38 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2012-08-23 12:58 - 2012-08-23 12:58 - 000498176 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll
2012-07-18 00:48 - 2012-07-18 00:48 - 000105472 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
2013-08-30 20:18 - 2013-08-30 20:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2013-08-30 20:18 - 2013-08-30 20:18 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2011-12-08 09:56 - 2011-12-08 09:56 - 000354816 _____ (Intel Corporation) [File not signed] C:\Windows\system32\mbtleapi.dll
2011-09-13 06:42 - 2011-09-13 06:42 - 003214056 _____ (Microsoft Corporation (Internal Use Only) -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Office\OFFICE14\PROOF\1033\MSGR3EN.DLL
2019-03-27 22:48 - 2019-03-27 22:48 - 000115200 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2019-03-27 22:34 - 2019-03-27 22:34 - 000130560 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2013-06-20 12:05 - 2013-06-20 12:05 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2010-08-02 21:05 - 2010-08-02 21:05 - 000105984 _____ (Microsoft) [File not signed] C:\Program Files\Intel\TurboBoost\Microsoft.WindowsAPICodePack.dll
2010-08-02 21:05 - 2010-08-02 21:05 - 000542720 _____ (Microsoft) [File not signed] C:\Program Files\Intel\TurboBoost\Microsoft.WindowsAPICodePack.Shell.dll
2019-11-22 10:02 - 2019-11-22 10:02 - 001899008 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-01-04 03:45 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-709989229-488928679-3307805319-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17F2306E-4A1E-479D-9DA3-8578CB33FEC6}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Wireless Display -> Intel Corporation)
FirewallRules: [{98A1A7F3-506B-43F8-8C10-1207B52D443A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0597DA27-48C2-42B9-A0C9-F5D04679DD02}] => (Allow) LPort=2869
FirewallRules: [{87F4DD9D-0A6C-4303-95AB-6C06A65661A4}] => (Allow) LPort=1900
FirewallRules: [{E49621DF-D9AA-4B4C-9C2F-13D50038905B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{E7416698-5ABE-45B6-9610-19329F62C643}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5DE3EDFD-C250-4976-80DE-F0D1FBF5106F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{328E11DE-D0C5-4CA2-89E9-53F4DFBBA242}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D69149D-E4CB-4073-B60E-FA1AEA2D0973}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FD284307-B25B-4AFE-B4E2-3D31C96F5EBF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65EAA316-23A5-4E25-8D6F-73690EBDA13C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4B3549FF-0C1C-4555-856A-CD628C764964}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{052FC9AB-4DD5-40CD-84B4-D04FDE8E4139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF7AB767-97E9-4EDE-99DC-9CCE57F8F56D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93D65C42-0955-4560-9F9C-9899DE1097A7}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B89CFF00-1B3D-41A4-B8FE-3E2383E3433B}] => (Allow) LPort=5357
FirewallRules: [{EC955F32-2A99-402C-842C-75C261369B41}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B06FE607-CE34-4167-8543-DAABFF393F46}] => (Allow) C:\Users\RCFetter\AppData\Local\Temp\7zS7362\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{7671D7C5-4F97-43E2-964C-3AF00F002036}] => (Allow) C:\Users\RCFetter\AppData\Local\Temp\7zS7362\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{BD6A8B39-4090-44AD-8458-6A3D4753B26C}] => (Allow) C:\Users\RCFetter\AppData\Local\Temp\7zS7D1A\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{5163AF6D-2556-4CD7-BBBA-F38C4CB73C12}] => (Allow) C:\Users\RCFetter\AppData\Local\Temp\7zS7D1A\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{786DAE82-8CD6-4B9A-83FB-CB75F65BF993}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1D906C85-88BB-445B-9302-EFDE81CC8164}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EBD061CD-BA46-4FB5-9EAE-A476FA58E775}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{2575A273-49C5-4D0F-8F87-B78DA623DB71}] => (Allow) C:\Program Files\Bitdefender Home Scanner\hvasrv.exe (Bitdefender SRL -> Bitdefender)

==================== Restore Points =========================

12-02-2020 03:00:40 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/19/2020 02:10:56 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/19/2020 01:27:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 73.0.0.7342 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1994

Start Time: 01d5e73a1c83e912

Termination Time: 12

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8412a882-5345-11ea-a372-606c668c2377

Error: (02/19/2020 01:10:38 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/19/2020 12:10:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/19/2020 11:10:39 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/19/2020 10:46:46 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/19/2020 10:36:27 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (02/19/2020 10:32:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/19/2020 10:41:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/19/2020 10:36:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (02/19/2020 10:34:23 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Home Scanner service hung on starting.

Error: (02/19/2020 10:34:17 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Dell Client Management Service service hung on starting.

Error: (02/19/2020 10:33:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/19/2020 10:32:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/19/2020 10:32:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/19/2020 10:31:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:29:44 AM on ‎2/‎19/‎2020 was unexpected.


Windows Defender:
===================================
Date: 2016-04-29 05:23:26.572
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

==================== Memory info ===========================

BIOS: Dell Inc. A16 05/24/2018
Motherboard: Dell Inc. 0K08H3
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 78%
Total physical RAM: 6031.36 MB
Available physical RAM: 1290.38 MB
Total Virtual: 12060.86 MB
Available Virtual: 5559.07 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.54 GB) (Free:318.11 GB) NTFS

\\?\Volume{90316b44-d2a9-11e2-9042-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:15.18 GB) (Free:7.91 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B27F8B8A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


#8 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 19 February 2020 - 01:38 PM

I just checked and the problem still persists plus now I'm getting the verbal warning to call the 1-800 number and the first 2 or 3 times I restarted Firefox the Internet Warning page opened and froze FireFox.  On the 4th try FireFox opened without the Internet Warning page.  I'm using the Task Manager to close Firefox.


#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,381 posts

Posted 25 February 2020 - 07:21 AM

Hi,
 
Sorry for this long delay.
In I do not answer within 24 hours please send me a personal message.
 
Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
Remove this program in bold via the Control Panel > Programs > Programs and Features.
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
===
 
start::
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
BHO: No Name -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> No File
BHO-x32: No Name -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> No File
Toolbar: HKLM - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKLM-x32 - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
FF Extension: (Urlbar Tips) - C:\Users\RCFetter\AppData\Roaming\Mozilla\Firefox\Profiles\corochq5.default-1491311854580-1581632745281\Extensions\urlbar-tips@shield.mozilla.org.xpi [2020-02-13]
CHR DefaultSearchKeyword: Default -> Yahoo
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
 
EmptyTemp:
 
End::
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Reset Firefox
 
Firefox:
Reset Firefox, Default Browsing settings:
 
<<<>>>
 
Syncing issue
 
If the problem persists and you are Syncing Firefox it with other Devices reset it.
 
Navigate to this page and Remove it as suggested.
 
 
When done restart the computer normally.
 
If all is well.
 
Return to your Firefox Account and Click the Connect button.
 
Reset the sync.
 
Restart the computer normally.
<<<>>>
 
Let me know if the problem is solved.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 25 February 2020 - 07:27 PM

Thank you nasdaq, the problem is solved.  Here are the logs in case you want to see them:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2020
Ran by RCFetter (25-02-2020 19:44:47) Run:1
Running from C:\Users\RCFetter\Downloads
Loaded Profiles: RCFetter (Available Profiles: RCFetter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
BHO: No Name -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> No File
BHO-x32: No Name -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> No File
Toolbar: HKLM - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKLM-x32 - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
FF Extension: (Urlbar Tips) - C:\Users\RCFetter\AppData\Roaming\Mozilla\Firefox\Profiles\corochq5.default-1491311854580-1581632745281\Extensions\urlbar-tips@shield.mozilla.org.xpi [2020-02-13]
CHR DefaultSearchKeyword: Default -> Yahoo
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
 
EmptyTemp:
 

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
C:\Users\RCFetter\AppData\Roaming\Mozilla\Firefox\Profiles\corochq5.default-1491311854580-1581632745281\Extensions\urlbar-tips@shield.mozilla.org.xpi => moved successfully
"Chrome DefaultSearchKeyword" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eoalfhodgifhbkgmbbdafcihjpdldpll => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully

========= netsh int ip reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25260973 B
Java, Flash, Steam htmlcache => 4779 B
Windows/system/drivers => 82372315 B
Edge => 0 B
Chrome => 455316924 B
Firefox => 1361770402 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 66244 B
LocalService => 66244 B
NetworkService => 2543246 B
RCFetter => 1820025049 B

RecycleBin => 2719755641 B
EmptyTemp: => 6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:59:53 ====


#11 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 25 February 2020 - 07:28 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2020
Ran by RCFetter (25-02-2020 19:39:42)
Running from C:\Users\RCFetter\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-06-20 16:05:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-709989229-488928679-3307805319-500 - Administrator - Disabled)
Guest (S-1-5-21-709989229-488928679-3307805319-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-709989229-488928679-3307805319-1002 - Limited - Enabled)
RCFetter (S-1-5-21-709989229-488928679-3307805319-1000 - Administrator - Enabled) => C:\Users\RCFetter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.330 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Amazon Kindle) (Version: 1.27.0.56109 - Amazon)
Amazon Unbox Video (HKLM-x32\...\{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 5.0.0.17 - Amazon.com) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 5.0.0.17 - Amazon.com)
Apple Application Support (32-bit) (HKLM-x32\...\{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 79.0.3061.79 - AVAST Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.151 - Bitdefender)
Bitdefender Home Scanner (HKLM\...\Bitdefender Home Scanner) (Version: 1.0.7.161 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bulk Image Downloader v5.53.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: 5.53 - Antibody Software)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\{B7682259-63F5-42FA-933B-ACD343CF7049}) (Version: 3.4.1.49 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 4.1.28 - Gridinsoft LLC)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 4510 series Basic Device Software (HKLM\...\{2B054C3F-C753-47D8-A5CA-D92AC5D455EB}) (Version: 40.11.1122.1796 - HP Inc.)
HP ENVY 4510 series Help (HKLM-x32\...\{CB5C9CB2-B471-42CC-93E6-D0E15021D5C2}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
iCloud (HKLM\...\{359CA9EA-898C-4F5C-80D9-C111F27B489E}) (Version: 7.17.0.13 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{B9EE2364-A67C-40DD-8413-495E2C7FBCD0}) (Version: 2.1.2.0206 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
iTunes (HKLM\...\{49F48AA2-DEA7-453A-8735-9C862E7C8467}) (Version: 12.10.4.2 - Apple Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.12430.20264 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 73.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 73.0.1 (x64 en-US)) (Version: 73.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 73.0.1.7352 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Product Improvement Study for HP ENVY 4510 series (HKLM\...\{73B843F4-6940-4707-A647-7E9349D45A96}) (Version: 40.11.1122.1796 - HP Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-01-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk

==================== Loaded Modules (Whitelisted) =============

2009-09-23 11:51 - 2009-09-23 11:51 - 000012288 _____ ( ) [File not signed] C:\Program Files\Intel\TurboBoost\DHLogInterfaces.Interop.dll
2009-06-22 19:23 - 2009-06-22 19:23 - 000134144 _____ (Hewlett-Packard Company) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\hpfui50.dll
2013-06-11 09:00 - 2013-02-22 19:38 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2012-08-23 12:58 - 2012-08-23 12:58 - 000498176 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll
2012-07-18 00:48 - 2012-07-18 00:48 - 000105472 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
2013-08-30 20:18 - 2013-08-30 20:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2013-08-30 20:18 - 2013-08-30 20:18 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2011-12-08 09:56 - 2011-12-08 09:56 - 000354816 _____ (Intel Corporation) [File not signed] C:\Windows\system32\mbtleapi.dll
2013-06-20 12:05 - 2013-06-20 12:05 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2010-08-02 21:05 - 2010-08-02 21:05 - 000105984 _____ (Microsoft) [File not signed] C:\Program Files\Intel\TurboBoost\Microsoft.WindowsAPICodePack.dll
2010-08-02 21:05 - 2010-08-02 21:05 - 000542720 _____ (Microsoft) [File not signed] C:\Program Files\Intel\TurboBoost\Microsoft.WindowsAPICodePack.Shell.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-01-04 03:45 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-709989229-488928679-3307805319-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


#12 RobertCF

RobertCF

    Member

  • Full Member
  • Pip
  • 99 posts

Posted 25 February 2020 - 07:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2020
Ran by RCFetter (administrator) on RCFETTER-PC (Dell Inc. Inspiron 5521) (25-02-2020 19:36:21)
Running from C:\Users\RCFetter\Downloads
Loaded Profiles: RCFetter (Available Profiles: RCFetter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Home Scanner\hvasrv.exe
(Compal Electronics, Inc. -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dell Inc -> SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Software -> Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel® Software -> Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1357\DSAPI.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Compal Electronics, Inc. -> Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406640 2012-06-01] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2020-01-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-06-20] (Google Inc -> Google Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\Run: [HP ENVY 4510 series (NET)] => C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-709989229-488928679-3307805319-1000\...\RunOnce: [Uninstall C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RCFetter\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\Installer\chrmstp.exe [2020-02-12] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk [2013-06-11]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Software -> Intel® Corporation)
Startup: C:\Users\RCFetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-02-21]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01201EF2-1CB1-4AC9-8B18-D6F82B7B77F1} - System32\Tasks\HPCustPartic.exe_{5529181F-A55F-4AA8-AB64-DDADD2B79186} => C:\Program Files\HP\HP ENVY 4510 series\Bin\HPCustPartic.exe [6438536 2017-04-06] (Hewlett Packard -> HP Inc.)
Task: {06A2DEE8-0F8B-4D20-A7A6-061D4E62FFF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {119E20C3-3D63-4529-864C-CF98885ACA08} - System32\Tasks\{9DCBBBE6-A078-47AA-8BF7-6044625C05C5} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {13D106F2-9A19-43E8-B413-AE78C47689C4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {249DB141-03CF-466D-9C6F-8E255FD07195} - System32\Tasks\HPCustParticipation HP ENVY 4510 series => C:\Program Files\HP\HP ENVY 4510 series\Bin\HPCustPartic.exe [6438536 2017-04-06] (Hewlett Packard -> HP Inc.)
Task: {3065A531-8352-46AA-BD66-AD7E7DA1F065} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1835112 2020-02-19] (Avast Software s.r.o. -> AVAST Software)
Task: {4254C022-AA1A-4E48-8392-143D364290AF} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {48D15822-F605-430D-865B-10C23A0D69B7} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {4B738BFD-BA96-4869-B6E7-9B09DE132B40} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {4ED96455-4ADB-497F-96F7-B05F3CD92204} - System32\Tasks\{B8485E03-4452-44A6-A395-74678E5DA8B4} => C:\Windows\system32\pcalua.exe -a C:\Users\RCFetter\Downloads\vcredist_x86(1).exe -d C:\Users\RCFetter\Downloads
Task: {5057FC89-33A9-4355-A297-4B7461D3AF13} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\RCFetter\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-17] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {52959E02-0F42-4D12-80F7-4D3AB5D46C2E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-11] (Adobe Inc. -> Adobe)
Task: {54EACBD8-8367-4D3C-884E-E6C7577E2756} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {63D31750-E3BA-49B6-A67D-BD758C20CE93} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\RCFetter\Downloads\esetonlinescanner_enu.exe [14562400 2020-02-17] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {67863107-C081-480E-B5A3-F223956D3BC0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-709989229-488928679-3307805319-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2013-06-11] (Microsoft Windows -> Microsoft Corporation)
Task: {7177605C-64BB-487E-815A-F55B28B9D862} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [489272 2019-08-07] (Bitdefender SRL -> Bitdefender)
Task: {87DB4F5D-2893-446D-BAAA-050643934296} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E314D5D-FEA5-41BE-91CB-298E54A3021C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {8F75DE81-3905-4D6C-8759-9A443C0C0A9C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {92FFA556-896B-4031-98F4-0BDAAEEAA1F4} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [22161832 2020-02-13] (GridinSoft, LLC -> Gridinsoft LLC)
Task: {96B52B84-91EE-4A7B-BF85-ECD49CCB5CA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {9BC8B4B1-35E1-4A8C-9132-EB3A22DA86A3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1353616 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0736774-8849-4DE2-B9DC-D5759BCD8DFF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1353616 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B03775EA-BC0B-4551-9448-A454C5A71A83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-11] (Adobe Inc. -> Adobe)
Task: {B162864B-6DCA-40BE-9C10-D3464D58CA49} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568904 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {C427DB4E-AFFC-432F-823D-DF9FFA6ED2E0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {CC9EBD44-46FE-45ED-AA1B-8E8C64B68FB3} - System32\Tasks\{863B7A09-23A6-4B27-AFA2-D9F1882072C5} => C:\Windows\system32\pcalua.exe -a C:\Users\RCFetter\Downloads\ST2011\Setup_ST.exe -d C:\Users\RCFetter\Downloads\ST2011
Task: {D2242034-74EE-49B6-870B-0A853B283EA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {D3B595BF-3B58-4565-9CAD-B56D8D7F5259} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1519064 2020-01-14] (Dell Inc. -> Dell Inc.)
Task: {DE17AC5C-0015-4DEC-B1B6-2A8DA562BE8C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-01-22] (Apple Inc. -> Apple Inc.)
Task: {EEFE1455-BC36-4FBB-83DF-340A4FE64B9A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft)
Task: {EF5235BA-04CF-4FF4-9475-7BE9E7D32886} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1865776 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {F127BFCF-8ED3-4133-9585-578F58232AB9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {F37595AA-BAEA-413E-AED0-C968AB194974} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F511D085-BBA0-4706-AEEC-995ED99D450F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5E5E88F-63CF-452B-8A33-DD06337E2C91} - System32\Tasks\Bitdefender AgentTask_6F2980EE6088481484E6D8285516CD07 => C:\Program Files\Bitdefender Home Scanner\hvaag.exe [367336 2019-09-30] (Bitdefender SRL -> Bitdefender)
Task: {F8CA34CD-7A87-4409-8635-97F627A2A2DF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568904 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE1B4C11-4958-4AF0-8A38-3F1D509D3AEF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{D572EB10-D94A-4162-A44B-B7EDD9A2FBAA}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-709989229-488928679-3307805319-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-709989229-488928679-3307805319-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-709989229-488928679-3307805319-1000 -> {02BEAEFD-359F-4A9E-9CCD-89D86892A6BA} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> No File
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc -> Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.)
Toolbar: HKLM - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKU\S-1-5-21-709989229-488928679-3307805319-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-06] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: corochq5.default-1491311854580-1581632745281
FF ProfilePath: C:\Users\RCFetter\AppData\Roaming\Mozilla\Firefox\Profiles\corochq5.default-1491311854580-1581632745281 [2020-02-25]
FF Extension: (Urlbar Tips) - C:\Users\RCFetter\AppData\Roaming\Mozilla\Firefox\Profiles\corochq5.default-1491311854580-1581632745281\Extensions\urlbar-tips@shield.mozilla.org.xpi [2020-02-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default [2020-02-25]
CHR Notifications: Default -> hxxp://www.aol.com; hxxps://mail.google.com; hxxps://www.bellazon.com; hxxps://www.washingtonpost.com; hxxps://www.xvideos.com
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Docs) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (High Contrast) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2018-07-15]
CHR Extension: (Google Docs Offline) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-15]
CHR Extension: (Pinterest Save Button) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-01-14]
CHR Extension: (NPR Infinite Player) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2013-06-20]
CHR Extension: (Pocket) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-05-01]
CHR Extension: (Save to Pocket) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2019-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Web Cache Viewer) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkloffickinnlnmefmjmjbacohecpbd [2017-12-05]
CHR Extension: (Gmail) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\RCFetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [23040 2015-02-22] (Amazon.com) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-27] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\79.0.3061.79\elevation_service.exe [968552 2020-01-08] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11096432 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [244280 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3339824 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1357\DSAPI.exe [964592 2020-01-22] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36032 2019-11-08] (Dell Inc -> )
R2 hvasrv; C:\Program Files\Bitdefender Home Scanner\hvasrv.exe [590680 2019-09-30] (Bitdefender SRL -> Bitdefender)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-02-17] (Malwarebytes Inc -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] (Intel Corporation-Mobile Wireless Group -> )
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1296560 2019-08-07] (Bitdefender SRL -> Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1695040 2012-02-16] (Dell Inc -> SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [50648 2020-01-14] (Dell Inc. -> Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [198144 2012-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [198144 2012-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 GridinSoftInetSecurityDriver; C:\Windows\System32\DRIVERS\gsInetSecurity.sys [107784 2020-01-16] (GridinSoft, LLC -> GridinSoft LLC)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-02-17] (Malwarebytes Inc -> Malwarebytes)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated -> Synaptics Incorporated)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [38216 2020-01-16] (GridinSoft, LLC -> GridinSoft LLC)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-25 19:35 - 2020-02-25 19:35 - 002279424 _____ (Farbar) C:\Users\RCFetter\Downloads\FRST64(2).exe
2020-02-25 19:32 - 2020-02-25 19:32 - 000000975 _____ C:\Users\RCFetter\Downloads\fixlist.txt
2020-02-19 14:07 - 2020-02-19 14:07 - 002279424 _____ (Farbar) C:\Users\RCFetter\Downloads\FRST64(1).exe
2020-02-19 14:06 - 2020-02-19 14:06 - 002008064 _____ (Farbar) C:\Users\RCFetter\Downloads\FRST.exe
2020-02-19 10:37 - 2020-02-24 17:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-02-17 22:34 - 2020-02-17 22:34 - 000000036 _____ C:\Users\RCFetter\AppData\Local\housecall.guid.cache
2020-02-17 22:32 - 2020-02-17 22:32 - 002660528 _____ (Trend Micro Inc.) C:\Users\RCFetter\Downloads\HousecallLauncher64.exe
2020-02-17 22:11 - 2020-02-18 10:24 - 000003242 _____ C:\Windows\system32\Tasks\Bitdefender AgentTask_6F2980EE6088481484E6D8285516CD07
2020-02-17 22:11 - 2020-02-17 22:11 - 000075123 _____ C:\ProgramData\hva.1581992469.bdinstall.bin
2020-02-17 21:31 - 2020-02-17 22:11 - 000000000 ____D C:\ProgramData\Bitdefender Home Scanner
2020-02-17 21:31 - 2020-02-17 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Home Scanner
2020-02-17 21:22 - 2020-02-25 19:03 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-02-17 21:21 - 2020-02-17 22:11 - 000000000 ____D C:\Program Files\Bitdefender Home Scanner
2020-02-17 21:20 - 2020-02-17 22:11 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-02-17 21:20 - 2020-02-17 21:20 - 011794232 _____ C:\Users\RCFetter\Downloads\bitdefender_homescanner.exe
2020-02-17 21:20 - 2020-02-17 21:20 - 000106832 _____ C:\ProgramData\agent.1581992434.bdinstall.v2.bin
2020-02-17 21:20 - 2020-02-17 21:20 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-02-17 18:22 - 2020-02-25 19:03 - 000003734 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2020-02-17 18:22 - 2020-02-25 19:03 - 000003294 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2020-02-17 14:52 - 2020-02-17 14:52 - 000000808 _____ C:\Users\RCFetter\Desktop\ESET Online Scanner.lnk
2020-02-17 14:48 - 2020-02-17 14:48 - 000000000 ____D C:\Users\RCFetter\AppData\Local\ESET
2020-02-17 14:45 - 2020-02-17 14:46 - 014562400 _____ (ESET spol. s r.o.) C:\Users\RCFetter\Downloads\esetonlinescanner_enu.exe
2020-02-17 14:42 - 2020-02-17 14:44 - 000000992 _____ C:\Users\RCFetter\Downloads\SALog.txt
2020-02-17 14:42 - 2020-02-17 14:42 - 000899584 _____ C:\Users\RCFetter\Downloads\RGSA(1).exe
2020-02-17 14:34 - 2020-02-19 14:14 - 000030593 _____ C:\Users\RCFetter\Downloads\Addition.txt
2020-02-17 14:31 - 2020-02-25 19:39 - 000051890 _____ C:\Users\RCFetter\Downloads\FRST.txt
2020-02-17 14:29 - 2020-02-17 14:29 - 002279424 _____ (Farbar) C:\Users\RCFetter\Downloads\FRST64.exe
2020-02-17 13:44 - 2020-02-17 13:44 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-02-17 13:32 - 2020-02-17 13:32 - 001924728 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\MBSetup(3).exe
2020-02-16 18:22 - 2020-02-16 18:23 - 000899584 _____ C:\Users\RCFetter\Downloads\RGSA.exe
2020-02-14 14:12 - 2020-02-14 14:12 - 001924728 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\MBSetup(2).exe
2020-02-14 14:11 - 2020-02-14 14:11 - 001924728 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\MBSetup(1).exe
2020-02-14 14:05 - 2020-02-14 14:08 - 000000000 ____D C:\AdwCleaner
2020-02-14 14:03 - 2020-02-14 14:04 - 008356016 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\adwcleaner_8.0.2.exe
2020-02-13 18:47 - 2020-02-13 18:47 - 001924728 _____ (Malwarebytes) C:\Users\RCFetter\Downloads\MBSetup.exe
2020-02-13 17:25 - 2020-02-13 17:25 - 000000000 ____D C:\Users\RCFetter\Desktop\Old Firefox Data
2020-02-13 16:45 - 2020-02-25 19:03 - 000003240 _____ C:\Windows\system32\Tasks\GridinSoft Anti-Malware
2020-02-13 16:45 - 2020-02-13 16:45 - 000000869 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2020-02-13 16:45 - 2020-02-13 16:45 - 000000869 _____ C:\ProgramData\Desktop\GridinSoft Anti-Malware.lnk
2020-02-13 16:44 - 2020-02-24 17:47 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2020-02-13 16:44 - 2020-02-13 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2020-02-13 16:44 - 2020-02-13 16:44 - 000000000 ____D C:\ProgramData\GridinSoft
2020-02-13 16:43 - 2020-02-13 16:43 - 000989584 _____ (GridinSoft LLC) C:\Users\RCFetter\Downloads\install-antimalware-ag.exe
2020-01-31 15:53 - 2020-01-31 15:53 - 000001709 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-01-31 15:53 - 2020-01-31 15:53 - 000001709 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-01-31 15:53 - 2020-01-31 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-01-31 15:53 - 2020-01-31 15:53 - 000000000 ____D C:\Program Files\iPod
2020-01-31 15:52 - 2020-01-31 15:53 - 000000000 ____D C:\Program Files\iTunes
2020-01-31 15:44 - 2020-01-31 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-25 19:38 - 2015-02-16 21:03 - 000000000 ____D C:\FRST
2020-02-25 19:09 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-02-25 19:09 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-02-25 19:03 - 2020-01-09 12:21 - 000002948 _____ C:\Windows\system32\Tasks\HPCustPartic.exe_{5529181F-A55F-4AA8-AB64-DDADD2B79186}
2020-02-25 19:03 - 2020-01-09 12:19 - 000003576 _____ C:\Windows\system32\Tasks\HPCustParticipation HP ENVY 4510 series
2020-02-25 19:03 - 2019-04-19 11:20 - 000003186 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-709989229-488928679-3307805319-1000
2020-02-25 19:03 - 2018-10-05 11:15 - 000003146 _____ C:\Windows\system32\Tasks\{9DCBBBE6-A078-47AA-8BF7-6044625C05C5}
2020-02-25 19:03 - 2018-05-16 09:36 - 000004208 _____ C:\Windows\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2020-02-25 19:03 - 2015-12-03 22:34 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-02-25 19:03 - 2015-05-03 07:04 - 000003432 _____ C:\Windows\system32\Tasks\Apple Diagnostics
2020-02-25 19:03 - 2015-04-12 15:16 - 000003162 _____ C:\Windows\system32\Tasks\{B8485E03-4452-44A6-A395-74678E5DA8B4}
2020-02-25 19:03 - 2013-09-13 10:36 - 000003118 _____ C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2020-02-25 19:03 - 2013-09-13 10:36 - 000003092 _____ C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2020-02-25 19:03 - 2013-09-13 10:36 - 000003090 _____ C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_itype_exe
2020-02-25 19:03 - 2013-09-13 10:36 - 000003062 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2020-02-25 19:03 - 2013-09-13 10:36 - 000003060 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2020-02-25 19:03 - 2013-08-17 22:43 - 000003176 _____ C:\Windows\system32\Tasks\{863B7A09-23A6-4B27-AFA2-D9F1882072C5}
2020-02-25 19:03 - 2013-06-20 12:06 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-25 19:03 - 2013-06-20 12:06 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-25 19:02 - 2018-03-13 17:13 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-02-25 19:02 - 2015-07-20 08:17 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-02-25 19:02 - 2013-06-11 08:25 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-02-24 17:54 - 2009-07-14 00:13 - 000788478 _____ C:\Windows\system32\PerfStringBackup.INI
2020-02-24 17:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2020-02-24 17:51 - 2016-11-20 07:48 - 000000000 ____D C:\Users\RCFetter\AppData\LocalLow\Mozilla
2020-02-24 17:51 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2020-02-24 17:50 - 2018-05-27 09:05 - 000000000 ____D C:\Users\RCFetter\AppData\Local\AVAST Software
2020-02-24 17:49 - 2015-03-07 09:24 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2020-02-24 17:49 - 2013-06-11 09:14 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2020-02-24 17:49 - 2013-06-11 09:14 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2020-02-24 17:47 - 2015-05-04 07:24 - 000000000 ___RD C:\Users\RCFetter\iCloudDrive
2020-02-24 17:46 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-24 17:45 - 2013-06-20 12:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-02-19 13:28 - 2013-06-20 12:53 - 000000000 ____D C:\ProgramData\Mozilla
2020-02-17 13:44 - 2019-08-21 10:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-02-17 13:44 - 2019-08-21 10:36 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-02-17 13:44 - 2019-08-21 10:36 - 000001918 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-02-15 11:18 - 2013-06-22 07:46 - 000000000 ____D C:\Users\RCFetter\Documents\Bulk Image Downloader
2020-02-14 16:46 - 2013-06-20 12:14 - 000000000 ____D C:\Users\RCFetter\Documents\PERSONAL FINANCE - BANK BALANCE
2020-02-13 12:40 - 2019-12-08 14:20 - 000000000 ____D C:\Users\RCFetter\AppData\Local\cache
2020-02-12 14:16 - 2019-04-17 11:14 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2020-02-12 14:16 - 2019-04-17 11:14 - 000003150 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2020-02-12 14:16 - 2018-05-27 09:06 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-02-12 12:22 - 2016-11-07 08:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-02-12 08:41 - 2015-05-04 07:26 - 000000000 ____D C:\Users\RCFetter\AppData\Local\DE7CCD73-8E70-4A7C-827C-EF6C034807E4.aplzod
2020-02-12 08:38 - 2013-06-11 09:11 - 000000000 ____D C:\ProgramData\PCDr
2020-02-12 08:32 - 2019-12-08 12:34 - 000376648 _____ C:\Windows\system32\FNTCACHE.DAT
2020-02-12 03:10 - 2013-08-14 02:00 - 000000000 ____D C:\Windows\system32\MRT
2020-02-12 03:03 - 2013-06-22 22:19 - 120407888 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-02-12 00:48 - 2015-02-21 20:25 - 000000000 ____D C:\ProgramData\regid.1991-06.com.micro

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,381 posts

Posted 26 February 2020 - 07:42 AM

Glad we could khelp.

 

Stay safe.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,381 posts

Posted 21 April 2020 - 05:39 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Back to Resolved or inactive Malware Removal


  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Malware Removal
  4. Resolved or inactive Malware Removal
  5. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button