Solved Virus Help Needed Please

Broni

Malware Annihilator
Task: {32103B96-5010-4F96-B7CB-D778C6E6E17C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {387125C0-4D4A-48C9-AC39-233B67C7933C} - System32\Tasks\GoogleUpdateTaskMachineUA1cf914296c2ad2c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {47DB8DF2-C3DA-49A9-BD40-9A1F6596C5D1} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2019-01-17] (AVAST Software)
Task: {482EB467-FFA7-438A-9840-3D2198A417B7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {48ECE608-FC61-45B2-AF68-C7702B247F0C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4DDE73E5-E045-4E37-8586-C32D06ED35CC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {69800895-3305-4200-A533-B25BE0AC1DCC} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {6B5E45DD-084F-4611-BB92-D887FD2E539D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-16] (AVAST Software)
Task: {6F7967D0-BFDB-46DC-A99B-FE834E56CE29} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3873563209-1122956-651633644-1001UA => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {6F7FAB01-1F2C-42F1-AA3E-5588B3A341BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-08-06] (Microsoft)
Task: {849FDFA2-1B3B-40C3-8772-D43B8587F513} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {878FC747-7A62-4998-8E81-32E738640A19} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {889614A9-1FF4-4C5A-B93B-AB1B4BC22C78} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8FCE48D8-844A-4D52-9630-4A990548F90C} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-11-10] (Hewlett-Packard)
Task: {9387FFCE-15C1-48E1-96A3-2F1CCC6D5A69} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2CA360F-71BE-4C2E-B3D4-4D3D9ADD99ED} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {BF420B8D-BBB4-4E54-A8EC-87915E0C890B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C57E4A05-9E89-475F-BB6F-C86A866E9B1C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C587B023-2C4E-439C-9764-D9E1860E33D8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2019-01-17] (Microsoft Corporation)
Task: {C87338B8-83E1-4771-A5B7-607D45AB8482} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C9040893-190E-41EF-9F61-495B477FC727} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CCDAAB94-991B-439E-BA87-89BCCA92146D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-16] (Adobe Systems Incorporated)
Task: {CE5D081A-E251-486B-A3B4-A5A0A2BAAC9F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D8D01363-DEDB-4937-9182-5E624232DF39} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {DD3E0A8C-8EA2-4C4B-91A6-6D218A707BE0} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3873563209-1122956-651633644-1001Core => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {E722F4C8-1DA1-4829-AB10-156F19F94C91} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-16] (Adobe Systems Incorporated)
Task: {EF3D307F-1442-4B9D-9D05-B26F719CC655} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F026C769-5C8E-41C4-B4A4-CD2B575C2B11} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA6A01D4-6234-4F3F-9E19-2542C256204B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3873563209-1122956-651633644-1001Core.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3873563209-1122956-651633644-1001UA.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-29 06:16 - 2014-05-29 06:16 - 000241344 _____ () C:\Program Files\pcmax\pcmax.exe
2010-03-21 03:34 - 2009-07-06 14:20 - 000247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2019-01-16 20:24 - 2019-01-23 10:00 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2019-01-16 20:24 - 2019-01-23 10:00 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-11-26 22:54 - 2012-11-26 22:54 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-16 14:46 - 2019-01-16 14:46 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-16 14:37 - 2019-01-16 14:37 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-01-16 15:39 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2019-01-23 08:10 - 000000873 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 d3oxij66pru1i3.cloudfront.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\MySQL\MySQL Utilities 1.3.4\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\
HKU\S-1-5-21-3873563209-1122956-651633644-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
HKU\S-1-5-21-3873563209-1122956-651633644-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "HP Quick Launch"
HKLM\...\StartupApproved\Run: => "RtkOSD"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "WirelessAssistant"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3873563209-1122956-651633644-1001\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"
HKU\S-1-5-21-3873563209-1122956-651633644-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3873563209-1122956-651633644-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F8F9C1389199C5D42EF0F1FE1D081D59"
HKU\S-1-5-21-3873563209-1122956-651633644-1001\...\StartupApproved\Run: => "LightScribe Control Panel"
HKU\S-1-5-21-3873563209-1122956-651633644-1001\...\StartupApproved\Run: => "MySQL Notifier"
HKU\S-1-5-21-3873563209-1122956-651633644-1001\...\StartupApproved\Run: => "Dropbox Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Corporation)
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Corporation)
FirewallRules: [{B557FC93-9033-45F8-AAF1-A49043607DE4}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
FirewallRules: [{FCB1E6AC-BA2A-465E-A9BF-85FB7EA7A1F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{10621454-1262-4A79-A806-FF9B55281110}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{EDB5AC92-BB87-4B6F-8625-A9D42707AD02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{35ABED95-3F0C-4E36-8B65-24A7C337A40C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{6C523EF0-4D9A-43BE-AA13-FC4EFD4FFC67}] => (Allow) C:\Makena\There\ThereClient\There.exe No File
FirewallRules: [{580A19F0-9669-4E55-B34D-E3FF12F58F28}] => (Allow) C:\Makena\There\ThereClient\There.exe No File
FirewallRules: [{8AD46CF2-DDC6-45FE-B70E-D97BD4EDB4CB}] => (Allow) LPort=3306
FirewallRules: [{E84BBF26-E300-4BA2-B56E-4A2080A66E8A}] => (Allow) LPort=3306
FirewallRules: [{34133A09-5DBA-4D6F-A579-5C6FA3D7F102}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe (Microsoft Corporation)
FirewallRules: [{7BAA6D37-042E-465C-8E4C-3438D03285A3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation)
FirewallRules: [{339F1547-070D-4E27-BCB5-94E75E417701}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
FirewallRules: [{61E9379C-90A5-4758-B53B-E0B6587F4A36}] => (Allow) svchost.exe (Microsoft Corporation)
FirewallRules: [{67457505-AB61-4C5C-9BDE-05BA2FF0353D}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation)
FirewallRules: [{36D66869-55F8-41F1-9D5F-94C64DD3BB58}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE (CyberLink Corp.)
FirewallRules: [{FCC9C564-E6E2-4E9F-9B08-15286C253DA8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE (CyberLink Corp.)
FirewallRules: [{F2A52396-B3F3-490C-9686-63A3814B547D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{4B3950B4-31EB-4041-87D8-B77B431845FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [TCP Query User{BC28C413-CB59-4A93-A1EF-F87527CCDEB3}C:\users\home\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\home\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [UDP Query User{C6E46101-B384-4855-B421-7920AE43BB46}C:\users\home\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\home\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [{42C3760A-9616-442F-B5E4-22E7CADC2140}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe (Microsoft Corporation)
FirewallRules: [{850376F2-90A8-4AA0-85E5-083129563439}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\VSWinExpress.exe (Microsoft Corporation)
FirewallRules: [{B1E3105C-326B-4503-82F5-5ED2B53E83DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{9F5E31CA-FF7D-4CB9-8A84-86473F3C5C13}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{472F7F3D-B95D-4051-87E7-8A0EA09AC5A6}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
FirewallRules: [{5CEC54D3-76DD-4682-B032-6BE630055999}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
FirewallRules: [{80F2021F-99AE-49B9-AD05-6352835C2024}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{43F40D4C-9770-464D-A6EE-BA7616612CDA}] => (Allow) c:\program files\pcmax\pcmax.exe ()
FirewallRules: [{6DF10017-2912-4EC1-BA28-6D26B966933F}] => (Allow) c:\program files\pcmax\pcmax.exe ()
FirewallRules: [{5CD79084-4118-404E-856B-A52A12106C0F}] => (Allow) c:\program files\pcmax\service.exe ()
FirewallRules: [{CE5EB10E-0ACE-44CE-A3DC-DE514C2042D1}] => (Allow) c:\program files\pcmax\service.exe ()
FirewallRules: [{1E62B276-0ABE-45ED-B31F-7CE8A25EBE95}] => (Allow) C:\Program Files (x86)\Brick-Force\BfLauncher.exe No File
FirewallRules: [{C1256E63-6727-4483-B744-F9142CC64947}] => (Allow) C:\Program Files (x86)\Brick-Force\BrickForce.exe No File
FirewallRules: [{E907D102-8895-468C-9B14-BE5EB1491554}] => (Allow) C:\Program Files (x86)\PIE\Steam\Steam.exe No File
FirewallRules: [{A0AC0663-2B95-437D-98A4-4D8B31E6F0E3}] => (Allow) C:\Program Files (x86)\PIE\Steam\Steam.exe No File
FirewallRules: [{6AA8B481-4E6A-4422-A3B8-9A38C22B16EB}] => (Allow) C:\Program Files (x86)\PIE\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{C8F5A4D3-49AC-4343-B620-F85EAD1BA099}] => (Allow) C:\Program Files (x86)\PIE\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{96CAA243-FA43-44A2-96C4-ACA766768D29}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe (Microsoft Corporation)
FirewallRules: [{72DD0A30-AD1E-41B2-B625-089D61A94346}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\Warface\live\nw.exe No File
FirewallRules: [{4A0D9044-FF80-4B26-929B-D28EF80C0B03}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\Warface\live\nw.exe No File
FirewallRules: [{BF777A53-A888-49B8-A7CD-F1B2D175610B}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe No File
FirewallRules: [{98A71CB7-82B8-493D-9395-1D7374A52C81}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe No File
FirewallRules: [{11F07A76-E739-47C5-8E62-C1083808E48D}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\GarrysMod\hl2.exe No File
FirewallRules: [{746F4C6C-80BB-4512-8F2D-C2D0B63AE840}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\GarrysMod\hl2.exe No File
FirewallRules: [{6ADB38A6-82DF-4B7D-9D02-78555CD6D5E5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{4087D774-D53D-47F0-9061-C14D37409286}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{0CD4D77A-0B67-4AB0-B4FD-F83231EE5199}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (AVAST Software)
FirewallRules: [{AC14E89E-2E1F-4235-94F7-C1353141A902}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (AVAST Software)
FirewallRules: [{CCB537D3-85CF-45B6-9CE5-FC4C43002596}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

==================== Restore Points =========================

17-04-2018 11:06:50 Windows Update
16-01-2019 17:20:38 Removed Homeschool Tracker Library.
16-01-2019 17:23:22 Windows Update
24-01-2019 18:08:55 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2019 09:14:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7bc

Start Time: 01d4b44a820f2cfb

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 2768e5a4-203e-11e9-bf05-c80aa98b123f

Faulting package full name:

Faulting package-relative application ID:

Error: (01/24/2019 05:42:12 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/24/2019 05:42:12 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/24/2019 05:42:12 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/24/2019 05:42:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/24/2019 05:41:59 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application

Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (01/24/2019 05:41:52 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (01/24/2019 05:41:51 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
0x8e5e0210 (0x8e5e0210)


System errors:
=============
Error: (01/25/2019 04:10:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
Unspecified error

Error: (01/25/2019 04:10:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
Unspecified error

Error: (01/25/2019 04:10:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
Unspecified error

Error: (01/25/2019 04:10:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
Unspecified error

Error: (01/25/2019 09:07:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
Unspecified error

Error: (01/25/2019 09:07:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
Unspecified error

Error: (01/25/2019 09:06:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
Unspecified error

Error: (01/25/2019 09:06:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
Unspecified error


Windows Defender:
===================================
Date: 2018-04-17 14:59:05.240
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/Peapoon&threatid=213663
Name: Adware:Win32/Peapoon
ID: 213663
Severity: High
Category: Adware
Path: driver:_netfilter64;file:_C:\WINDOWS\system32\drivers\netfilter64.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.813.0, AS: 1.265.813.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2017-06-25 20:11:55.865
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/DefaultTab&threatid=207033
Name: BrowserModifier:Win32/DefaultTab
ID: 207033
Severity: High
Category: Browser Modifier
Path: file:_C:\Windows\System32\GroupPolicy\User\Registry.pol
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Signature Version: AV: 1.247.93.0, AS: 1.247.93.0, NIS: 117.2.0.0
Engine Version: AM: 1.1.13903.0, NIS: 2.1.13804.0

Date: 2017-06-25 20:03:30.639
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/DefaultTab&threatid=207033
Name: BrowserModifier:Win32/DefaultTab
ID: 207033
Severity: High
Category: Browser Modifier
Path: file:_C:\Windows\System32\GroupPolicy\User\Registry.pol
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.247.93.0, AS: 1.247.93.0, NIS: 117.2.0.0
Engine Version: AM: 1.1.13903.0, NIS: 2.1.13804.0

Date: 2017-06-25 19:56:51.887
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/DefaultTab&threatid=207033
Name: BrowserModifier:Win32/DefaultTab
ID: 207033
Severity: High
Category: Browser Modifier
Path: file:_C:\Windows\System32\GroupPolicy\User\Registry.pol
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Signature Version: AV: 1.247.93.0, AS: 1.247.93.0, NIS: 117.2.0.0
Engine Version: AM: 1.1.13903.0, NIS: 2.1.13804.0

Date: 2014-06-17 12:28:45.234
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1631930F-6ED6-4D7F-B7D5-F30300A973A4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-16 15:30:54.643
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.15500.2
Previous Engine Version: 1.1.14700.5
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-01-15 19:26:08.687
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-01-15 19:26:08.672
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.813.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-01-15 19:26:08.672
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.813.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-01-15 19:26:08.546
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.813.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2014-06-17 12:28:45.187
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-06-17 12:06:46.893
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Definition Updates\{59BC05B3-363E-4E97-ABD9-35F0C56419DF}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-08-13 22:20:27.136
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 53%
Total physical RAM: 3893.86 MB
Available physical RAM: 1795.84 MB
Total Virtual: 7861.86 MB
Available Virtual: 5703.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.83 GB) (Free:170.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.96 GB) (Free:2.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

\\?\Volume{0921e332-3849-11e2-9904-806e6f6e6963}\ () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 6686A4F6)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

RachaelA

TS Rookie
I don't know why it keeps stopping me thinking I'm spam. Please see the attached file requested. Thank you so much for all of your help.
 

Attachments

Broni

Malware Annihilator
Fix result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019
Ran by jsmor_000 (26-01-2019 08:07:34) Run:1
Running from C:\Users\jsmor_000\Desktop
Loaded Profiles: Home & jsmor_000 (Available Profiles: Home & jsmor_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3873563209-1122956-651633644-1001\...\MountPoints2: {d4113098-27de-11e4-beae-c80aa98b123f} - "G:\VZW_Software_upgrade_assistant.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {2CBA769A-317D-4FC5-A2EF-D226DD33326B} URL =
SearchScopes: HKU\S-1-5-21-3873563209-1122956-651633644-1007 -> {8DB226C8-BEAA-4008-931E-EC2450067D48} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll => No File
Toolbar: HKU\S-1-5-21-3873563209-1122956-651633644-1001 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
U3 idsvc; no ImagePath
S1 MpKslaf8b41fa; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B315FCA1-C16F-465E-A068-27E427C3E3D7}\MpKslaf8b41fa.sys [X]
S1 qxdmsyrs; \??\C:\WINDOWS\system32\drivers\qxdmsyrs.sys [X]
S3 X6va019; \??\C:\WINDOWS\SysWOW64\Drivers\X6va019 [X]
2017-06-25 10:11 - 2017-06-25 10:11 - 007649280 _____ () C:\Program Files (x86)\GUT95C2.tmp
2013-08-02 19:30 - 2013-08-02 19:30 - 004188160 _____ () C:\Program Files (x86)\GUTAD14.tmp
2015-02-28 02:09 - 2015-02-28 02:09 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Home\AppData\Local\Temp\drm_dyndata_7370014.dll
2015-02-28 02:09 - 2015-02-28 10:39 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Home\AppData\Local\Temp\drm_dyndata_7380014.dll
2015-06-20 22:36 - 2015-06-20 22:36 - 000043008 _____ () C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphabicx.dll
2015-06-20 22:43 - 2015-06-20 22:43 - 000043008 _____ () C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo5cg13.dll
2014-06-23 21:08 - 2014-04-11 01:59 - 000080296 _____ () C:\Users\Home\AppData\Local\Temp\nspFD3F.tmp.exe
2014-10-02 13:43 - 2014-10-02 13:43 - 000018304 _____ () C:\Users\Home\AppData\Local\Temp\ochelper.dll
2014-10-02 13:43 - 2014-10-02 13:43 - 000021888 _____ () C:\Users\Home\AppData\Local\Temp\ochelper.exe
2014-08-22 12:38 - 2010-06-07 12:13 - 000256752 _____ (SUPERAntiSpyware.com) C:\Users\Home\AppData\Local\Temp\SSUPDATE.EXE
2015-12-02 10:05 - 2015-12-02 10:05 - 000120336 _____ (McAfee, Inc.) C:\Users\jsmor_000\AppData\Local\Temp\McCSPInstall.dll
2019-01-16 19:24 - 2015-12-02 10:05 - 000131344 _____ (McAfee Inc.) C:\Users\jsmor_000\AppData\Local\Temp\mccspuninstall.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
FirewallRules: [{6C523EF0-4D9A-43BE-AA13-FC4EFD4FFC67}] => (Allow) C:\Makena\There\ThereClient\There.exe No File
FirewallRules: [{580A19F0-9669-4E55-B34D-E3FF12F58F28}] => (Allow) C:\Makena\There\ThereClient\There.exe No File
FirewallRules: [TCP Query User{BC28C413-CB59-4A93-A1EF-F87527CCDEB3}C:\users\home\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\home\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [UDP Query User{C6E46101-B384-4855-B421-7920AE43BB46}C:\users\home\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\home\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [{80F2021F-99AE-49B9-AD05-6352835C2024}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{1E62B276-0ABE-45ED-B31F-7CE8A25EBE95}] => (Allow) C:\Program Files (x86)\Brick-Force\BfLauncher.exe No File
FirewallRules: [{C1256E63-6727-4483-B744-F9142CC64947}] => (Allow) C:\Program Files (x86)\Brick-Force\BrickForce.exe No File
FirewallRules: [{E907D102-8895-468C-9B14-BE5EB1491554}] => (Allow) C:\Program Files (x86)\PIE\Steam\Steam.exe No File
FirewallRules: [{A0AC0663-2B95-437D-98A4-4D8B31E6F0E3}] => (Allow) C:\Program Files (x86)\PIE\Steam\Steam.exe No File
FirewallRules: [{6AA8B481-4E6A-4422-A3B8-9A38C22B16EB}] => (Allow) C:\Program Files (x86)\PIE\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{C8F5A4D3-49AC-4343-B620-F85EAD1BA099}] => (Allow) C:\Program Files (x86)\PIE\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{72DD0A30-AD1E-41B2-B625-089D61A94346}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\Warface\live\nw.exe No File
FirewallRules: [{4A0D9044-FF80-4B26-929B-D28EF80C0B03}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\Warface\live\nw.exe No File
FirewallRules: [{BF777A53-A888-49B8-A7CD-F1B2D175610B}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe No File
FirewallRules: [{98A71CB7-82B8-493D-9395-1D7374A52C81}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe No File
FirewallRules: [{11F07A76-E739-47C5-8E62-C1083808E48D}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\GarrysMod\hl2.exe No File
FirewallRules: [{746F4C6C-80BB-4512-8F2D-C2D0B63AE840}] => (Allow) C:\Program Files (x86)\PIE\Steam\steamapps\common\GarrysMod\hl2.exe No File

*****************

HKU\S-1-5-21-3873563209-1122956-651633644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4113098-27de-11e4-beae-c80aa98b123f} => removed successfully
HKLM\Software\Classes\CLSID\{d4113098-27de-11e4-beae-c80aa98b123f} => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3873563209-1122956-651633644-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8DB226C8-BEAA-4008-931E-EC2450067D48} => removed successfully
HKLM\Software\Classes\CLSID\{8DB226C8-BEAA-4008-931E-EC2450067D48} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983} => removed successfully
"HKU\S-1-5-21-3873563209-1122956-651633644-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE}" => removed successfully
HKLM\Software\Classes\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\dssrequest => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => not found
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKslaf8b41fa => removed successfully
MpKslaf8b41fa => service removed successfully
HKLM\System\CurrentControlSet\Services\qxdmsyrs => removed successfully
qxdmsyrs => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va019 => removed successfully
X6va019 => service removed successfully
C:\Program Files (x86)\GUT95C2.tmp => moved successfully
C:\Program Files (x86)\GUTAD14.tmp => moved successfully
C:\Users\Home\AppData\Local\Temp\drm_dyndata_7370014.dll => moved successfully
C:\Users\Home\AppData\Local\Temp\drm_dyndata_7380014.dll => moved successfully
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphabicx.dll => moved successfully
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo5cg13.dll => moved successfully
C:\Users\Home\AppData\Local\Temp\nspFD3F.tmp.exe => moved successfully
C:\Users\Home\AppData\Local\Temp\ochelper.dll => moved successfully
C:\Users\Home\AppData\Local\Temp\ochelper.exe => moved successfully
C:\Users\Home\AppData\Local\Temp\SSUPDATE.EXE => moved successfully
C:\Users\jsmor_000\AppData\Local\Temp\McCSPInstall.dll => moved successfully
C:\Users\jsmor_000\AppData\Local\Temp\mccspuninstall.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" => removed successfully
HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C523EF0-4D9A-43BE-AA13-FC4EFD4FFC67}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{580A19F0-9669-4E55-B34D-E3FF12F58F28}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BC28C413-CB59-4A93-A1EF-F87527CCDEB3}C:\users\home\appdata\roaming\spotify\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C6E46101-B384-4855-B421-7920AE43BB46}C:\users\home\appdata\roaming\spotify\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80F2021F-99AE-49B9-AD05-6352835C2024}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E62B276-0ABE-45ED-B31F-7CE8A25EBE95}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1256E63-6727-4483-B744-F9142CC64947}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E907D102-8895-468C-9B14-BE5EB1491554}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0AC0663-2B95-437D-98A4-4D8B31E6F0E3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AA8B481-4E6A-4422-A3B8-9A38C22B16EB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8F5A4D3-49AC-4343-B620-F85EAD1BA099}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72DD0A30-AD1E-41B2-B625-089D61A94346}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A0D9044-FF80-4B26-929B-D28EF80C0B03}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF777A53-A888-49B8-A7CD-F1B2D175610B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98A71CB7-82B8-493D-9395-1D7374A52C81}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11F07A76-E739-47C5-8E62-C1083808E48D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{746F4C6C-80BB-4512-8F2D-C2D0B63AE840}" => removed successfully


The system needed a reboot.

==== End of Fixlog 08:08:57 ====
 

Broni

Malware Annihilator
Last scans...

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

RachaelA

TS Rookie
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Visual Studio Extensions for Windows Library for JavaScript
Java 7 Update 67
Java 8 Update 191
Java 8 Update 25
Visual Studio Extensions for Windows Library for JavaScript
JavaScript Tooling
Java version 32-bit out of Date!
Adobe Flash Player 32.0.0.114
Adobe Reader XI
Google Chrome (71.0.3578.98)
Google Chrome (plugins...)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Common Files Oracle Java javapath\AvastSvc.exe -?-
AVAST Software Avast Cleanup TuneupSvc.exe
AVAST Software Avast Cleanup TuneupUI.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast AvEmUpdate.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 

RachaelA

TS Rookie
Farbar Service Scanner Version: 27-01-2016
Ran by jsmor_000 (administrator) on 26-01-2019 at 13:45:52
Running from "C:\Users\jsmor_000\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Broni

Malware Annihilator
Your computer is clean https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg[/URL]]

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 

RachaelA

TS Rookie
Thank you for all of your help.
1. Delfix didn't remove Sophos Virus Removal Tool. Should I do it manually?
2. Windows says it has 1 update (important) 10 (optional) I'm trying to download but it's been stuck on "Downloading 1 update (0KB total, 0% complete for quite some time)

Please advise before I move on to the rest of the steps.
 

RachaelA

TS Rookie
Broni, I want you to know I'm here but I'm having trouble downloading the update. Could it be that I have too many anti-virus now? Malwarebytes and Avast? I've been trying for several hours.
 

RachaelA

TS Rookie
I'm not sure what to do. I cannot install the update. It says did not install over and over again. Should I move on to the next step in your instructions or is this indicative of a virus still present?
 

RachaelA

TS Rookie
Yes, I was able to download from the MS site. But not install. The update is KB3000850.
Also, when Malwarebytes ran on schedule it found a PUP I quarantined it.
 

RachaelA

TS Rookie
OK! I was able to use the link you gave me. I think it updated to 10? I did the browser check and said up to date.

Are we sure the computer is clean now? I am afraid to use it.

I want to remove the profiles on here (my brother in law, nephew) and just have me. Is that possible? Should I start another thread?

Is there someplace I can list all the programs and see which ones I can uninstall? I don't know what they are and am worried about a virus sneaking in.

Thank you for all of your help! BTW sorry it took so long to respond, my car broke down- when it rains it pours!!
 

Broni

Malware Annihilator
Good news :)
Yes, your computer is clean.
As for other questions I suggest new topic in Windows forum.
Good luck and stay safe :)
 
  • Like
Reactions: RachaelA