Solved Web Companion and Other Virus'

BefuddledB

TS Enthusiast
Hi Broni!

I had a web companion for a while, but recently computer has been running slow and crashing a lot. I'm living under a rock with very limited power and an agonizingly slow internet, so please keep my topic active for as long as it takes -- I will stick around till the end.

Many thanks!


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2019
Ran by User (administrator) on USER-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC) (19-11-2019 04:22:34)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.12228.20206\OfficeClickToRun.exe
(PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.) [File not signed]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-05-08] (Lavasoft Software Canada -> Lavasoft)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540416 2019-04-16] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {23312558-207b-11e9-8379-ac7289c252c1} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {9fb92af0-d822-11e8-aa55-ac7289c252c1} - F:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.87\Installer\chrmstp.exe [2019-11-07] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C28CD7-530A-4953-BCC5-021690371834} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26042960 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {296BE3F2-8435-4DBD-A973-3F28464DBF50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [250232 2019-10-08] (HP Inc. -> HP Inc.)
Task: {2F3CCCD3-CF46-4DE2-80F6-4AB549C147E9} - System32\Tasks\{3B953E3C-891C-4131-8CD3-0642DB8D2E73} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\Downloads\Bluetooth hpdv6\sp61617.exe" -d "C:\Users\User\Downloads\Bluetooth hpdv6"
Task: {32A88FCA-D3B0-4A19-9140-38373B94969B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-22] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3F92D4D8-1A15-4D8F-9C39-6C069BB93D5C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2414739685-3642484520-4203288351-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {43348884-4E24-4AF6-8A62-4EE50DCC622C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2151992 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {482F3F6C-8AA8-43AE-920E-DB0270CC26E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {4874A1D2-177A-4F1E-9E14-BDEB50A96B11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058104 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5935E43C-8797-4372-98D6-C95193B42C61} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [135704 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6721BCE8-2C3F-4250-9DB3-44ADDD103508} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)
Task: {78AE1C7E-9FA3-42BC-82E9-8ED455813A0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {7BE16C90-4BF1-41B2-A01A-47D9C98FA39D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-22] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7C30876A-9D75-4064-AA58-DC8C5E6F9FAC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {800BBF29-4D99-4FAE-B40C-F16C01F7A1C0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [135704 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {96176D95-2445-4C0F-A9EA-3235112F8E9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {A3BC7E80-598B-448E-98F9-75E000EA2870} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2151992 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC8BBB27-FCFD-479B-8FDA-D70AE0EF5067} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058104 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {B67D3B71-B1D4-4CEB-A0C9-5FD66D25E0E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {CA2010BA-07CB-4E25-91E1-18AEF6BD304A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26042960 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCAD9BA1-CCA4-455B-946C-28F22F7FB096} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-10-10] (HP Inc. -> HP Inc.)
Task: {DC9FE7DB-0187-4AA1-9E77-08F7018D3338} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {DECDB3C5-2DA8-45B3-BC3E-0B04AE6B6A02} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {FBCC263E-A47B-4D42-A58E-99C91F2ECD95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-10-10] (HP Inc. -> HP Inc.)
Task: {FE82DD8A-B5DE-4227-83C4-8CAEFC4B7F5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {FFD19AA6-7616-4174-B709-757AC2589C98} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{11E4DE98-3DF0-4B24-8DF3-DC73EEC1F140}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://gr.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180508__yaie&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1ai3eh1c.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default [2019-09-19]
FF Homepage: Mozilla\Firefox\Profiles\1ai3eh1c.default -> search.yahoo.com
FF NewTab: Mozilla\Firefox\Profiles\1ai3eh1c.default -> hxxps://gr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180508__yaff
FF Extension: (anonymoX) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\client@anonymox.net.xpi [2018-12-18]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-08]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-06] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-06] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.gmail.com/","hxxp://www.bbc.co.uk/","hxxp://www.sudantribune.com/","hxxps://www.lrb.co.uk/"
CHR DefaultSearchKeyword: Default -> google.co.jp_
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://mail.yahoo.com; hxxps://www.reddit.com
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-11-19]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-17]
CHR Extension: (TheFreeDictionary.com Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap [2018-04-26]
CHR Extension: (Ultimate Video Saver) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkpfjljjhhonjehpkmgonimjjgaheap [2019-11-19]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-26]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-11-07]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-11-11]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2019-04-04]
CHR Extension: (Kindle Cloud Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-04-26]
CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2019-11-07]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2019-11-07]
CHR Extension: (Plugins) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2018-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-07]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-07]
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-22] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-22] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [357240 2019-07-05] (HP Inc. -> HP Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
S3 DSE_USB; C:\Windows\System32\drivers\DSE_USB.sys [336872 2017-10-24] (Jungo Connectivity Ltd. -> Jungo Connectivity)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-29] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [91648 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [208896 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [85424 2009-03-15] (Fenghua Lee -> PowerISO Computing, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-19 04:22 - 2019-11-19 04:23 - 000028581 _____ C:\Users\User\Desktop\FRST.txt
2019-11-19 04:21 - 2019-11-19 04:21 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2019-11-19 04:20 - 2019-11-19 04:23 - 000000000 ____D C:\FRST
2019-11-19 04:10 - 2019-11-19 04:10 - 000000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2019-11-19 04:10 - 2019-11-19 04:10 - 000000000 ____D C:\Users\User\AppData\Local\CEF
2019-11-19 04:09 - 2019-11-19 04:09 - 000001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-11-19 04:09 - 2019-11-19 04:09 - 000001924 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2019-11-19 04:09 - 2019-11-19 04:09 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-11-19 04:09 - 2019-11-19 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-11-19 04:08 - 2019-11-19 04:09 - 000848432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-11-19 04:08 - 2019-11-19 04:09 - 000460448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-11-19 04:08 - 2019-11-19 04:08 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-11-19 04:08 - 2019-11-19 04:08 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-11-19 04:08 - 2019-11-19 04:07 - 000355720 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-11-19 04:08 - 2019-11-19 04:07 - 000316528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000276952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000274456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000236024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000209552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000204824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000171520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000110320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000083792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000065120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000037616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-11-19 04:06 - 2019-11-19 04:06 - 000000000 ____D C:\Program Files\AVAST Software
2019-11-19 04:05 - 2019-11-19 04:08 - 000000000 ____D C:\ProgramData\AVAST Software
2019-11-19 03:45 - 2019-11-19 03:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-11-14 15:19 - 2019-11-14 15:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-11-14 15:19 - 2019-11-14 15:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-11-14 15:19 - 2019-11-14 15:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-11-14 15:19 - 2019-11-14 15:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-11-11 14:18 - 2019-11-19 02:34 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForUser.job
2019-11-11 14:18 - 2019-11-19 01:59 - 000003180 _____ C:\Windows\system32\Tasks\HPCeeScheduleForUser
2019-11-07 16:32 - 2019-11-07 16:33 - 000079439 _____ C:\Users\User\Desktop\574991 Updated.pdf
2019-11-07 00:07 - 2019-11-07 00:07 - 000066796 _____ C:\Users\User\Desktop\574991.pdf
2019-10-29 12:26 - 2018-08-23 04:54 - 2198277120 _____ C:\Users\User\Desktop\Hereditary.2018.1080p.WEBRip.x264-[YTS.AM].mp4
2019-10-21 07:13 - 2011-12-02 05:03 - 740870510 _____ C:\Users\User\Desktop\The.Ides.of.March.2011.DVDSCR.XviD-playXD.avi

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-19 04:21 - 2019-09-11 11:06 - 002260480 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-11-19 04:01 - 2019-09-11 11:11 - 377177560 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_offline.exe
2019-11-19 03:46 - 2018-05-22 23:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-11-19 03:39 - 2018-05-22 23:59 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-11-19 02:45 - 2009-07-14 07:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-19 02:45 - 2009-07-14 07:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-19 02:34 - 2018-05-22 23:59 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-11-19 02:34 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-19 01:58 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-19 01:58 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2019-11-19 01:47 - 2018-04-29 17:13 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2019-11-19 01:43 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2019-11-18 04:42 - 2018-04-13 12:03 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2019-11-11 03:34 - 2019-09-04 16:42 - 2053258667 _____ C:\Users\User\Downloads\The.Pervert's.Guide.To.Ideology.2012.mp4
2019-11-11 01:59 - 2018-05-22 23:59 - 000000000 ____D C:\Users\User\AppData\Local\Dropbox
2019-11-07 15:20 - 2018-04-17 20:49 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-07 15:20 - 2018-04-17 20:49 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-07 15:20 - 2018-04-17 20:49 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-07 01:06 - 2018-07-25 14:14 - 000000000 ____D C:\Users\User\Documents\C
2019-11-06 23:46 - 2018-04-17 20:22 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-06 23:46 - 2018-04-17 20:22 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-06 23:45 - 2018-04-17 20:22 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-22 03:17 - 2018-08-08 01:41 - 000000000 ____D C:\Users\User\AppData\Roaming\5KPlayer

==================== Files in the root of some directories ========

2018-12-23 15:31 - 2018-12-23 15:38 - 024568792 _____ (FrostWire LLC) C:\Users\User\AppData\Roaming\Frostwire_setup.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-11 02:58
==================== End of FRST.txt ========================
 

BefuddledB

TS Enthusiast
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by User (19-11-2019 04:24:15)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-04-13 08:44:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2414739685-3642484520-4203288351-500 - Administrator - Disabled)
Guest (S-1-5-21-2414739685-3642484520-4203288351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2414739685-3642484520-4203288351-1002 - Limited - Enabled)
User (S-1-5-21-2414739685-3642484520-4203288351-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5KPlayer (HKLM-x32\...\5KPlayer) (Version: 5.2 - DearMob, Inc.)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
ApowerPDF V4.1.1.315 (HKLM-x32\...\{99A1CF84-3154-433D-9F73-0A4D4DACBA1A}_is1) (Version: 4.1.1.315 - Apowersoft LIMITED)
Apowersoft Online Launcher version 1.7.1 (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.1 - APOWERSOFT LIMITED)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
calibre 64bit (HKLM\...\{7CA53963-20B2-4EF3-B166-C26852019564}) (Version: 3.30.0 - Kovid Goyal)
Dropbox (HKLM-x32\...\Dropbox) (Version: 85.4.155 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
FrostWire 6.7.8 (HKLM-x32\...\FrostWire 6) (Version: 6.7.8.276 - FrostWire LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.87 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.11.27.1 - HP Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: - )
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
qBittorrent 4.1.0 (HKLM-x32\...\qBittorrent) (Version: 4.1.0 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.28162 - Realtek Semiconduct Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Skype version 8.43 (HKLM-x32\...\Skype_is1) (Version: 8.43 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-07-03] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-07-03] () [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-07-03] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.7.8-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9441B7BE-4D46-4807-89ED-169BC79E1A81}] => (Allow) C:\Program Files (x86)\baidu\Spark\Spark.exe No File
FirewallRules: [{04A6690A-89BB-45E6-ACD7-18560133EFE8}] => (Allow) C:\Program Files (x86)\baidu\Spark\Spark.exe No File
FirewallRules: [{6F3B4A0C-1DE7-4A3C-8F0C-1BDDBD05D808}] => (Allow) C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe No File
FirewallRules: [{7B13D7D0-6CE5-4178-82F5-6A72AFA00F94}] => (Allow) C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe No File
FirewallRules: [{8E6E2B68-CA7B-43DB-BAE5-B07F82013E2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{12CD2F71-B2EA-4F28-AB73-4E5CF32EF49E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{336A1C8D-D1B5-49E1-80BA-9DE349C88353}] => (Allow) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB478F12-AA9A-4C5D-BB7C-69D6CE0FE8C0}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{D2D089DB-96EB-485D-9113-D636DF6AD8E8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{B7B3063C-CD8E-445D-AA37-ECE9729C0E9A}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{93321135-0FC9-48EF-9B28-97224F24EB7A}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{59CB665C-2310-40EA-AE21-579139775D0B}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe (Frostwire, LLC -> FrostWire)
FirewallRules: [{613B0F5C-3DFC-475B-A169-0E90046BDCAF}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe (Frostwire, LLC -> FrostWire)
FirewallRules: [TCP Query User{9AD1FC98-C438-408C-ABC3-605A8D79984E}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty Software, Inc. -> DearMob)
FirewallRules: [UDP Query User{21D347A6-6487-401C-A3F6-E8DA1118E98A}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty Software, Inc. -> DearMob)
FirewallRules: [TCP Query User{364F560B-FA0E-4313-A41C-968CEE5BA3F6}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty Software, Inc. -> DearMob)
FirewallRules: [UDP Query User{70EAF6CC-A943-40E3-B8D3-8A488D075D56}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty Software, Inc. -> DearMob)
FirewallRules: [{67912744-3F76-4A29-B5F5-5810DA518EB2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6874FAA2-DB94-4D9C-9A9C-272EE542F0E7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AC0CA2C1-A9FF-4BA6-B1E9-FAC738EEEEF6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{82F887B9-1D0B-4F9D-BA30-69DA674DB76B}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{77ABB9C1-5109-44ED-9777-A5FEAFC5520A}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{4296B873-7DC7-4649-925E-683452B52872}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe (Frostwire, LLC -> FrostWire)
FirewallRules: [UDP Query User{7E1BA250-BA92-4FF9-888A-0B371C5A56AF}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe (Frostwire, LLC -> FrostWire)
FirewallRules: [{D9CC29E9-3BDA-407E-88BC-FB3FAB628055}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EC17F222-80A8-4415-B039-79456B44F243}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{91C4B23A-383B-48D8-9BB0-E99E23D80F26}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0F2AAE55-5173-4A81-98C3-902BA45EFC0D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

02-09-2019 14:01:50 Scheduled Checkpoint
05-10-2019 21:02:41 Scheduled Checkpoint
21-10-2019 23:20:39 Scheduled Checkpoint
29-10-2019 14:27:34 Scheduled Checkpoint
06-11-2019 02:45:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/19/2019 03:45:37 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (11/19/2019 03:45:37 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (11/19/2019 02:54:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDXHelper.exe, version: 16.0.11328.20146, time stamp: 0x5c794729
Faulting module name: osftaskengine.dll, version: 16.0.11328.20068, time stamp: 0x5c61e1e3
Exception code: 0xc0000005
Fault offset: 0x00000000000d7916
Faulting process id: 0x17b4
Faulting application start time: 0x01d59e6ad0b57338
Faulting application path: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\SDXHelper.exe
Faulting module path: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\osftaskengine.dll
Report Id: b9b70d6c-0a5e-11ea-a820-ac7289c252c1

Error: (11/17/2019 11:53:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.0.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ea4

Start Time: 01d59d6fb0a53454

Termination Time: 7

Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Report Id: 3273e46e-097c-11ea-9353-ac7289c252c1

Error: (11/11/2019 02:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDXHelper.exe, version: 16.0.11328.20146, time stamp: 0x5c794729
Faulting module name: osftaskengine.dll, version: 16.0.11328.20068, time stamp: 0x5c61e1e3
Exception code: 0xc0000005
Fault offset: 0x00000000000d7916
Faulting process id: 0x1790
Faulting application start time: 0x01d59881b73dbb32
Faulting application path: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\SDXHelper.exe
Faulting module path: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\osftaskengine.dll
Report Id: 4bd3d664-0475-11ea-9353-ac7289c252c1

Error: (11/11/2019 05:04:58 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)

Error: (11/11/2019 02:02:29 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (11/11/2019 02:02:29 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.


System errors:
=============
Error: (11/19/2019 02:34:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:24:09 AM on ‎11/‎19/‎2019 was unexpected.

Error: (11/19/2019 01:54:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/19/2019 01:43:04 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/19/2019 01:43:01 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/19/2019 01:42:57 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/19/2019 01:39:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/19/2019 01:39:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/11/2019 09:34:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:54:29 AM on ‎11/‎11/‎2019 was unexpected.


Windows Defender:
===================================
Date: 2018-07-13 17:31:16.023
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.925.0
Previous Signature Version:1.267.1524.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14800.3
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-13 17:31:16.023
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14800.3
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: Hewlett-Packard F.1A 07/20/2011
Motherboard: Hewlett-Packard 1657
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 88%
Total physical RAM: 6091.86 MB
Available physical RAM: 698.6 MB
Total Virtual: 14370.55 MB
Available Virtual: 8240.57 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:292.87 GB) (Free:44.5 GB) NTFS
Drive d: (DATA) (Fixed) (Total:638.54 GB) (Free:564.46 GB) NTFS

\\?\Volume{69b854b3-3f47-11e8-8300-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3C7E929E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Malware Annihilator
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

BefuddledB

TS Enthusiast
RogueKiller Anti-Malware V13.5.6.0 (x64) [Nov 7 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : User [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20191120_090434, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/11/21 04:24:09 (Duration : 00:16:09)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\WebDiscoverBrowser -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\WebDiscoverBrowser -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2414739685-3642484520-4203288351-1000\Software\WebDiscoverBrowser -- -> Deleted
[PUP.WebCompanion|PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2414739685-3642484520-4203288351-1000\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion -- [%programfiles(x86)%\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize] -> Deleted
[PUP.Gen1 (Potentially Malicious)] Web Companion -- %_User_appdata%\Lavasoft\Web Companion -> Deleted
=> Language.txt -- C:\Users\User\AppData\Roaming\Lavasoft\WEBCOM~1\Options\Language.txt [1]
=> Options -- C:\Users\User\AppData\Roaming\Lavasoft\WEBCOM~1\Options [1]
[PUP.Gen1 (Potentially Malicious)] WebDiscoverBrowser -- %localappdata%\WebDiscoverBrowser -> Deleted
=> BrowserMetrics-5C1F84FE.pma -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\BROWSE~1\BROWSE~1.PMA [1]
=> BrowserMetrics -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\BROWSE~1 [1]
=> CrashpadMetrics.pma -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\CRASHP~1.PMA [1]
=> data_0 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\Cache\data_0 [1]
=> data_1 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\Cache\data_1 [1]
=> data_2 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\Cache\data_2 [1]
=> data_3 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\Cache\data_3 [1]
=> index -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\Cache\index [1]
=> Cache -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\Cache [1]
=> Current Tabs -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\CURREN~2 [1]
=> 000003.log -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DATA_R~1\000003.log [1]
=> LOCK -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DATA_R~1\LOCK [1]
=> LOG -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DATA_R~1\LOG [1]
=> MANIFEST-000002 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DATA_R~1\MANIFE~2 [1]
=> data_reduction_proxy_leveldb -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DATA_R~1 [1]
=> 000003.log -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DOWNLO~1\EntryDB\000003.log [1]
=> LOCK -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DOWNLO~1\EntryDB\LOCK [1]
=> LOG -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DOWNLO~1\EntryDB\LOG [1]
=> MANIFEST-000001 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DOWNLO~1\EntryDB\MANIFE~1 [1]
=> EntryDB -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DOWNLO~1\EntryDB [1]
=> Download Service -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\DOWNLO~1 [1]
=> 000003.log -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\EXTENS~1\000003.log [1]
=> LOCK -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\EXTENS~1\LOCK [1]
=> LOG -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\EXTENS~1\LOG [1]
=> MANIFEST-000001 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\EXTENS~1\MANIFE~1 [1]
=> Extension State -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\EXTENS~1 [1]
=> Favicons -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\Favicons [1]
=> Favicons-journal -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\FAVICO~1 [1]
=> History -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\History [1]
=> History Provider Cache -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\HISTOR~2 [1]
=> History-journal -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\HISTOR~1 [1]
=> Login Data -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\LOGIND~1 [1]
=> Login Data-journal -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\LOGIND~2 [1]
=> Preferences -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\PREFER~1 [1]
=> previews_opt_out.db -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\PREVIE~1.DB [1]
=> previews_opt_out.db-journal -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\PREVIE~1.DB- [1]
=> Secure Preferences -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SECURE~1 [1]
=> 000003.log -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SESSIO~1\000003.log [1]
=> LOCK -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SESSIO~1\LOCK [1]
=> LOG -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SESSIO~1\LOG [1]
=> MANIFEST-000001 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SESSIO~1\MANIFE~1 [1]
=> Session Storage -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SESSIO~1 [1]
=> Shortcuts -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SHORTC~1 [1]
=> Shortcuts-journal -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SHORTC~2 [1]
=> 000003.log -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SYNCDA~1\LevelDB\000003.log [1]
=> LOCK -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SYNCDA~1\LevelDB\LOCK [1]
=> LOG -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SYNCDA~1\LevelDB\LOG [1]
=> MANIFEST-000001 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SYNCDA~1\LevelDB\MANIFE~1 [1]
=> LevelDB -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SYNCDA~1\LevelDB [1]
=> Sync Data -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\SYNCDA~1 [1]
=> 000003.log -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\THUMBN~1\000003.log [1]
=> LOCK -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\THUMBN~1\LOCK [1]
=> LOG -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\THUMBN~1\LOG [1]
=> MANIFEST-000001 -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\THUMBN~1\MANIFE~1 [1]
=> Thumbnails -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\THUMBN~1 [1]
=> Top Sites -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\TOPSIT~1 [1]
=> Top Sites-journal -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\TOPSIT~2 [1]
=> Visited Links -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\VISITE~1 [1]
=> Web Data -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\WEBDAT~1 [1]
=> Web Data-journal -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default\WEBDAT~2 [1]
=> Default -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\Default [1]
=> Local State -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\LOCALS~1 [1]
=> Safe Browsing Channel IDs -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\SAFEBR~4 [1]
=> Safe Browsing Channel IDs-journal -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\SAA614~1 [1]
=> Safe Browsing Cookies -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\SAFEBR~2 [1]
=> Safe Browsing Cookies-journal -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1\SAFEBR~3 [1]
=> User Data -- C:\Users\User\AppData\Local\WEBDIS~1\USERDA~1 [1]
[PUP.Gen1 (Potentially Malicious)] Web Companion -- %programdata%\Lavasoft\Web Companion -> Deleted
=> webcompanion.log -- C:\PROGRA~3\Lavasoft\WEBCOM~1\Logs\WEBCOM~1\WEBCOM~1.LOG [1]
=> Webcompanion -- C:\PROGRA~3\Lavasoft\WEBCOM~1\Logs\WEBCOM~1 [1]
=> WCAssistantServiceLog.log -- C:\PROGRA~3\Lavasoft\WEBCOM~1\Logs\WINDOW~1\WCASSI~1.LOG [1]
=> WindowsService -- C:\PROGRA~3\Lavasoft\WEBCOM~1\Logs\WINDOW~1 [1]
=> Logs -- C:\PROGRA~3\Lavasoft\WEBCOM~1\Logs [1]
=> ActiveFeatures.zip -- C:\PROGRA~3\Lavasoft\WEBCOM~1\Options\ACTIVE~1.ZIP [1]
=> Options -- C:\PROGRA~3\Lavasoft\WEBCOM~1\Options [1]
[PUP.Gen1 (Potentially Malicious)] WebDiscoverBrowser -- %ProgramFiles%\WebDiscoverBrowser -> Deleted
=> browser.exe -- C:\PROGRA~1\WEBDIS~1\428~1.2\browser.exe [1]
=> chrome.dll -- C:\PROGRA~1\WEBDIS~1\428~1.2\chrome.dll [1]
=> chrome_100_percent.pak -- C:\PROGRA~1\WEBDIS~1\428~1.2\CHROME~1.PAK [1]
=> chrome_200_percent.pak -- C:\PROGRA~1\WEBDIS~1\428~1.2\CHROME~2.PAK [1]
=> chrome_elf.dll -- C:\PROGRA~1\WEBDIS~1\428~1.2\CHROME~2.DLL [1]
=> icudtl.dat -- C:\PROGRA~1\WEBDIS~1\428~1.2\icudtl.dat [1]
=> en-US.pak -- C:\PROGRA~1\WEBDIS~1\428~1.2\Locales\en-US.pak [1]
=> Locales -- C:\PROGRA~1\WEBDIS~1\428~1.2\Locales [1]
=> resources.pak -- C:\PROGRA~1\WEBDIS~1\428~1.2\RESOUR~1.PAK [1]
=> 4.28.2 -- C:\PROGRA~1\WEBDIS~1\428~1.2 [1]
[PUP.WebCompanion|PUP.Gen1 (Potentially Malicious)] Web Companion -- %programfiles(x86)%\Lavasoft\Web Companion -> Deleted
=> Ad-Aware Web Companion.exe -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\AD-AWA~1.EXE [1]
=> BCUEngineS.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\BCUENG~1.DLL [1]
=> BCUSDK.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\BCUSDK.dll [1]
=> BrowserManager.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\BROWSE~1.DLL [1]
=> BrowserParameters.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\BROWSE~2.DLL [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\de-DE\WEBCOM~1.DLL [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\de-DE\WEBCOM~2.DLL [1]
=> de-DE -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\de-DE [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\en-US\WEBCOM~1.DLL [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\en-US\WEBCOM~2.DLL [1]
=> en-US -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\en-US [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\es-ES\WEBCOM~1.DLL [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\es-ES\WEBCOM~2.DLL [1]
=> es-ES -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\es-ES [1]
=> Esent.Interop.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\ESENTI~1.DLL [1]
=> @wcextensionff.xpi -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\EXTENS~1\@WCEXT~1.XPI [1]
=> Extension -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\EXTENS~1 [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\fr-CA\WEBCOM~1.DLL [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\fr-CA\WEBCOM~2.DLL [1]
=> fr-CA -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\fr-CA [1]
=> ICSharpCode.SharpZipLib.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\ICSHAR~1.DLL [1]
=> Interop.IWshRuntimeLibrary.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\INTERO~1.DLL [1]
=> Interop.LavasoftTcpServiceLib.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\INTERO~2.DLL [1]
=> Interop.SHDocVw.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\INTERO~3.DLL [1]
=> Interop.Shell32.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\INTERO~4.DLL [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\it-IT\WEBCOM~1.DLL [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\it-IT\WEBCOM~2.DLL [1]
=> it-IT -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\it-IT [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\ja-JP\WEBCOM~1.DLL [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\ja-JP\WEBCOM~2.DLL [1]
=> ja-JP -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\ja-JP [1]
=> Lavasoft.adblocker.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LAVASO~1.DLL [1]
=> Lavasoft.AppCore.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LAVASO~2.DLL [1]
=> Lavasoft.Automation.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LAVASO~3.DLL [1]
=> Lavasoft.CSharp.Utilities.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LAVASO~4.DLL [1]
=> Lavasoft.IEController.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LA21E8~1.DLL [1]
=> Lavasoft.SearchProtect.Business.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LAE30D~1.DLL [1]
=> Lavasoft.SearchProtect.Repositories.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LA2CAC~1.DLL [1]
=> Lavasoft.SmartAssemblyUI.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LA0BC8~1.DLL [1]
=> Lavasoft.SysInfo.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LAC1FE~1.DLL [1]
=> Lavasoft.Utils.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LA04CD~1.DLL [1]
=> Lavasoft.Utils.SqlLite.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LA84A0~1.DLL [1]
=> Lavasoft.WCAssistant.Service.Logger.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LA8AF0~1.DLL [1]
=> Lavasoft.WCAssistant.WcfService.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LACECB~1.DLL [1]
=> Lavasoft.WCAssistant.WinService.exe -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LAVASO~1.EXE [1]
=> Lavasoft.WCAssistant.WinService.exe.config -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LAVASO~1.CON [1]
=> liblz4.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\liblz4.dll [1]
=> log4net.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\log4net.dll [1]
=> LogicNP.EZShellExtensions.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LOGICN~1.DLL [1]
=> LZ4.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\LZ4.dll [1]
=> Microsoft.mshtml.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\MICROS~1.DLL [1]
=> MozCompressor.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\MOZCOM~1.DLL [1]
=> Newtonsoft.Json.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\NEWTON~1.DLL [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\pt-BR\WEBCOM~1.DLL [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\pt-BR\WEBCOM~2.DLL [1]
=> pt-BR -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\pt-BR [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\ru-RU\WEBCOM~1.DLL [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\ru-RU\WEBCOM~2.DLL [1]
=> ru-RU -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\ru-RU [1]
=> SmartAssembly.ReportException.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\SMARTA~1.DLL [1]
=> SmartExceptionsCore.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\SMARTE~1.DLL [1]
=> System.Data.SQLite.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\SYSTEM~1.DLL [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\tr-TR\WEBCOM~1.DLL [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\tr-TR\WEBCOM~2.DLL [1]
=> tr-TR -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\tr-TR [1]
=> ucrtbased.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\UCRTBA~1.DLL [1]
=> vcruntime140d.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\VCRUNT~1.DLL [1]
=> WebcompaionReimageIcon.ico -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\WEBCOM~1.ICO [1]
=> WebCompanion.exe -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\WEBCOM~1.EXE [1]
=> WebCompanion.exe.config -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\WEBCOM~1.CON [1]
=> WebCompanionExtensionIE.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\WEBCOM~1.DLL [1]
=> WebCompanionIcon.ico -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\WEBCOM~2.ICO [1]
=> WebCompanionIcon_Pro.ico -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\WEBCOM~3.ICO [1]
=> WebCompanionInstaller.exe -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\WEBCOM~2.EXE [1]
=> WebCompanionInstaller.exe.config -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\WEBCOM~2.CON [1]
=> WebCompanionInstaller.pdb -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\WEBCOM~1.PDB [1]
=> SQLite.Interop.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\x64\SQLITE~1.DLL [1]
=> x64 -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\x64 [1]
=> SQLite.Interop.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\x86\SQLITE~1.DLL [1]
=> x86 -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\x86 [1]
=> WebCompanionInstaller.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\zh-CHS\WEBCOM~1.DLL [1]
=> zh-CHS -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\zh-CHS [1]
=> WebCompanion.resources.dll -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\zh-Hans\WEBCOM~1.DLL [1]
=> zh-Hans -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1\zh-Hans [1]
=> Application -- C:\PROGRA~2\Lavasoft\WEBCOM~1\APPLIC~1 [1]
[PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename -- Yahoo! Search Engine -> Deleted
[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Yahoo! Search Engine -> Deleted
[PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.keyword -- google.co.jp_ -> Deleted
 

BefuddledB

TS Enthusiast
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/21/19
Scan Time: 4:33 AM
Log File: e203c40a-0bfe-11ea-b32b-101f741c2452.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.750
Update Package Version: 1.0.15208
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User-PC\User

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 232521
Threats Detected: 25
Threats Quarantined: 25
Time Elapsed: 13 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nladljmabboanhihfkjacnnkgjhnokhj, Quarantined, 315, 550469, 1.0.15208, , ame,

Registry Value: 1
PUP.Optional.DefaultSearch, HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, Quarantined, 315, 550469, , , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.DefaultSearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 315, 469798, , , ,
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 120, 663899, , , ,
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 120, 663899, , , ,
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 120, 663899, , , ,

File: 19
PUP.Optional.DefaultSearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 315, 550469, , , ,
PUP.Optional.FusionCore, C:\PROGRAM FILES (X86)\FROSTWIRE 6\FROSTWIRE-INSTALLER.EXE, Quarantined, 7469, 611706, 1.0.15208, , ame,
Trojan.Agent, C:\USERS\USER\APPDATA\LOCAL\TEMP\ZERNVO.EXE, Quarantined, 470, 681293, 1.0.15208, , ame,
Generic.Malware/Suspicious, C:\USERS\USER\DOWNLOADS\FROSTWIRE-6.6.6.WINDOWS.FUSION.EXE, Quarantined, 0, 392686, 1.0.15208, , shuriken,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000527.ldb, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000530.ldb, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000533.ldb, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000535.log, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000536.ldb, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 315, 469798, , , ,
PUP.Optional.DefaultSearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 315, 469798, 1.0.15208, , ame,
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 120, 663899, 1.0.15208, , ame,
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 120, 663899, 1.0.15208, , ame,
PUP.Optional.MySearchDial, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 120, 663899, 1.0.15208, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

BefuddledB

TS Enthusiast
# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build: 10-21-2019
# Database: 2019-10-21.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-21-2019
# Duration: 00:00:41
# OS: Windows 7 Ultimate
# Scanned: 35182
# Detected: 33


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WebCompanion C:\Users\User\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG

***** [ Files ] *****

PUP.Optional.WebCompanion C:\Users\User\AppData\Local\Temp\WebCompanion.zip

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{04A6690A-89BB-45E6-ACD7-18560133EFE8}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6F3B4A0C-1DE7-4A3C-8F0C-1BDDBD05D808}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7B13D7D0-6CE5-4178-82F5-6A72AFA00F94}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9441B7BE-4D46-4807-89ED-169BC79E1A81}
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy AVG Secure Search
PUP.Optional.Legacy azlyrics.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6721BCE8-2C3F-4250-9DB3-44ADDD103508}
Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6721BCE8-2C3F-4250-9DB3-44ADDD103508}
Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForUser
Preinstalled.HPCeement Task C:\Windows\System32\Tasks\HPCEESCHEDULEFORUSER
Preinstalled.HPCeement Task C:\Windows\Tasks\HPCEESCHEDULEFORUSER.JOB
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\User\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\User\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}


AdwCleaner_Debug.log - [11956 octets] - [20/11/2019 05:32:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

BefuddledB

TS Enthusiast
# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build: 10-21-2019
# Database: 2019-10-21.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-21-2019
# Duration: 00:00:09
# OS: Windows 7 Ultimate
# Cleaned: 12
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\User\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG

***** [ Files ] *****

Deleted C:\Users\User\AppData\Local\Temp\WebCompanion.zip

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{04A6690A-89BB-45E6-ACD7-18560133EFE8}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6F3B4A0C-1DE7-4A3C-8F0C-1BDDBD05D808}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7B13D7D0-6CE5-4178-82F5-6A72AFA00F94}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9441B7BE-4D46-4807-89ED-169BC79E1A81}
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted AVG Secure Search
Deleted azlyrics.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [37496 octets] - [20/11/2019 05:32:07]
AdwCleaner[S00].txt - [5271 octets] - [21/11/2019 04:52:59]
AdwCleaner[S01].txt - [5332 octets] - [21/11/2019 04:54:43]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

BefuddledB

TS Enthusiast
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2019
Ran by User (administrator) on USER-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC) (26-11-2019 00:45:42)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.12228.20250\OfficeClickToRun.exe
(PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.) [File not signed]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540416 2019-04-16] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {23312558-207b-11e9-8379-ac7289c252c1} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\MountPoints2: {9fb92af0-d822-11e8-aa55-ac7289c252c1} - F:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-22] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C28CD7-530A-4953-BCC5-021690371834} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26042960 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {296BE3F2-8435-4DBD-A973-3F28464DBF50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [250232 2019-10-08] (HP Inc. -> HP Inc.)
Task: {2F3CCCD3-CF46-4DE2-80F6-4AB549C147E9} - System32\Tasks\{3B953E3C-891C-4131-8CD3-0642DB8D2E73} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\Downloads\Bluetooth hpdv6\sp61617.exe" -d "C:\Users\User\Downloads\Bluetooth hpdv6"
Task: {32A88FCA-D3B0-4A19-9140-38373B94969B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-22] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3F92D4D8-1A15-4D8F-9C39-6C069BB93D5C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2414739685-3642484520-4203288351-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {43348884-4E24-4AF6-8A62-4EE50DCC622C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2151992 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {482F3F6C-8AA8-43AE-920E-DB0270CC26E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {4874A1D2-177A-4F1E-9E14-BDEB50A96B11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058104 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5935E43C-8797-4372-98D6-C95193B42C61} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [135704 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E124DDC-2D0D-462E-A290-6B174E1E0C16} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [35096632 2019-11-07] (Adlice -> )
Task: {78AE1C7E-9FA3-42BC-82E9-8ED455813A0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {7BE16C90-4BF1-41B2-A01A-47D9C98FA39D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-22] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7C30876A-9D75-4064-AA58-DC8C5E6F9FAC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {800BBF29-4D99-4FAE-B40C-F16C01F7A1C0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [135704 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {96176D95-2445-4C0F-A9EA-3235112F8E9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {A3BC7E80-598B-448E-98F9-75E000EA2870} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2151992 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC8BBB27-FCFD-479B-8FDA-D70AE0EF5067} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058104 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {B67D3B71-B1D4-4CEB-A0C9-5FD66D25E0E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-17] (Google Inc -> Google Inc.)
Task: {CA2010BA-07CB-4E25-91E1-18AEF6BD304A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26042960 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCAD9BA1-CCA4-455B-946C-28F22F7FB096} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-10-10] (HP Inc. -> HP Inc.)
Task: {DC9FE7DB-0187-4AA1-9E77-08F7018D3338} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {DECDB3C5-2DA8-45B3-BC3E-0B04AE6B6A02} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {DF62633B-688B-455C-ACFC-FC190BA450FE} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)
Task: {FBCC263E-A47B-4D42-A58E-99C91F2ECD95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-10-10] (HP Inc. -> HP Inc.)
Task: {FE82DD8A-B5DE-4227-83C4-8CAEFC4B7F5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {FFD19AA6-7616-4174-B709-757AC2589C98} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{11E4DE98-3DF0-4B24-8DF3-DC73EEC1F140}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://gr.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180508__yaie&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1ai3eh1c.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default [2019-09-19]
FF Homepage: Mozilla\Firefox\Profiles\1ai3eh1c.default -> search.yahoo.com
FF NewTab: Mozilla\Firefox\Profiles\1ai3eh1c.default -> hxxps://gr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180508__yaff
FF Extension: (anonymoX) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\client@anonymox.net.xpi [2018-12-18]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\sp@avast.com.xpi [2019-11-19]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\Extensions\wrc@avast.com.xpi [2019-11-19]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1ai3eh1c.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-08]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-06] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-06] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.gmail.com/","hxxp://www.bbc.co.uk/","hxxp://www.sudantribune.com/","hxxps://www.lrb.co.uk/"
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://mail.yahoo.com; hxxps://www.reddit.com
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-11-26]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-17]
CHR Extension: (TheFreeDictionary.com Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap [2018-04-26]
CHR Extension: (Ultimate Video Saver) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkpfjljjhhonjehpkmgonimjjgaheap [2019-11-21]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-26]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-11-07]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-11-21]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2019-04-04]
CHR Extension: (Kindle Cloud Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-04-26]
CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2019-11-07]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2019-11-21]
CHR Extension: (Plugins) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2018-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-07]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-22] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-22] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [357240 2019-07-05] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-20] (Malwarebytes Inc -> Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
S3 DSE_USB; C:\Windows\System32\drivers\DSE_USB.sys [336872 2017-10-24] (Jungo Connectivity Ltd. -> Jungo Connectivity)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216544 2019-11-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [278344 2019-11-21] (Malwarebytes Inc -> Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-29] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [91648 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [208896 2011-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [85424 2009-03-15] (Fenghua Lee -> PowerISO Computing, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-11-21] (Adlice -> )
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-26 00:33 - 2019-11-26 00:33 - 000000000 ____H C:\Users\User\BIT62B8.tmp
2019-11-21 22:15 - 2019-11-21 22:15 - 000216544 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-11-21 22:13 - 2019-11-21 22:13 - 000278344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-21 04:50 - 2019-11-21 04:50 - 000004772 _____ C:\Users\User\Desktop\Malawarebyte Report.txt
2019-11-21 04:27 - 2019-11-21 04:27 - 000033428 _____ C:\Users\User\Desktop\Rougue as_DE67.tmp.txt
2019-11-21 04:07 - 2019-11-21 04:07 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys
2019-11-21 04:02 - 2019-11-21 22:21 - 000003012 _____ C:\Windows\system32\Tasks\RogueKiller Anti-Malware
2019-11-21 04:02 - 2019-11-21 04:02 - 000000000 ____D C:\ProgramData\RogueKiller
2019-11-21 04:01 - 2019-11-21 04:01 - 000000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-11-21 04:01 - 2019-11-21 04:01 - 000000860 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2019-11-21 04:01 - 2019-11-21 04:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-11-21 04:01 - 2019-11-21 04:01 - 000000000 ____D C:\Program Files\RogueKiller
2019-11-20 05:32 - 2019-11-21 05:03 - 000000000 ____D C:\AdwCleaner
2019-11-20 05:31 - 2019-11-20 05:31 - 000000000 ____D C:\Users\User\AppData\Local\cache
2019-11-20 05:28 - 2019-11-20 05:28 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2019-11-20 05:27 - 2019-11-20 05:27 - 000001950 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-20 05:27 - 2019-11-20 05:27 - 000001950 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-11-20 05:27 - 2019-11-20 05:27 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
2019-11-20 05:27 - 2019-11-20 05:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-11-20 05:25 - 2019-11-20 05:23 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-20 05:24 - 2019-11-20 05:25 - 007622344 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner.exe
2019-11-20 05:23 - 2019-11-20 05:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-20 05:20 - 2019-11-20 05:20 - 000000000 ____D C:\Program Files\Malwarebytes
2019-11-20 05:18 - 2019-11-20 05:18 - 001883976 _____ (Malwarebytes) C:\Users\User\Desktop\MBSetup.exe
2019-11-20 05:14 - 2019-11-20 05:17 - 033068608 _____ (Adlice Software ) C:\Users\User\Desktop\RogueKiller_setup_ref3.exe
2019-11-19 04:24 - 2019-11-19 04:27 - 000028735 _____ C:\Users\User\Desktop\Addition.txt
2019-11-19 04:22 - 2019-11-26 00:47 - 000028712 _____ C:\Users\User\Desktop\FRST.txt
2019-11-19 04:21 - 2019-11-26 00:44 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2019-11-19 04:20 - 2019-11-26 00:46 - 000000000 ____D C:\FRST
2019-11-19 04:10 - 2019-11-19 04:10 - 000000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2019-11-19 04:10 - 2019-11-19 04:10 - 000000000 ____D C:\Users\User\AppData\Local\CEF
2019-11-19 04:09 - 2019-11-21 05:48 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-11-19 04:09 - 2019-11-19 04:09 - 000001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-11-19 04:09 - 2019-11-19 04:09 - 000001924 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2019-11-19 04:09 - 2019-11-19 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-11-19 04:08 - 2019-11-26 00:44 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-11-19 04:08 - 2019-11-19 04:09 - 000848432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-11-19 04:08 - 2019-11-19 04:09 - 000460448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-11-19 04:08 - 2019-11-19 04:08 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-11-19 04:08 - 2019-11-19 04:07 - 000355720 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-11-19 04:08 - 2019-11-19 04:07 - 000316528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000276952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000274456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000236024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000209552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000204824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000171520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000110320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000083792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000065120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-11-19 04:08 - 2019-11-19 04:07 - 000037616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-11-19 04:06 - 2019-11-19 04:06 - 000000000 ____D C:\Program Files\AVAST Software
2019-11-19 04:05 - 2019-11-19 04:08 - 000000000 ____D C:\ProgramData\AVAST Software
2019-11-19 03:45 - 2019-11-19 03:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-11-14 15:19 - 2019-11-14 15:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-11-14 15:19 - 2019-11-14 15:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-11-14 15:19 - 2019-11-14 15:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-11-14 15:19 - 2019-11-14 15:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-11-11 14:18 - 2019-11-26 00:33 - 000003180 _____ C:\Windows\system32\Tasks\HPCeeScheduleForUser
2019-11-11 14:18 - 2019-11-26 00:33 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForUser.job
2019-11-07 16:32 - 2019-11-07 16:33 - 000079439 _____ C:\Users\User\Desktop\574991 Updated.pdf
2019-11-07 00:07 - 2019-11-07 00:07 - 000066796 _____ C:\Users\User\Desktop\574991.pdf
2019-10-29 12:26 - 2018-08-23 04:54 - 2198277120 _____ C:\Users\User\Desktop\Hereditary.2018.1080p.WEBRip.x264-[YTS.AM].mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-26 00:44 - 2019-09-11 11:06 - 002262016 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-11-26 00:39 - 2018-05-22 23:59 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-11-22 05:11 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2019-11-22 03:22 - 2018-05-22 23:59 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-11-22 02:53 - 2018-04-17 20:49 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-22 02:53 - 2018-04-17 20:49 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-22 02:53 - 2018-04-17 20:49 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-21 22:26 - 2009-07-14 07:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-21 22:26 - 2009-07-14 07:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-21 22:12 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-21 05:50 - 2019-04-02 02:53 - 000003186 _____ C:\Windows\system32\Tasks\{3B953E3C-891C-4131-8CD3-0642DB8D2E73}
2019-11-21 05:50 - 2018-05-22 23:59 - 000003910 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2019-11-21 05:50 - 2018-05-22 23:59 - 000003658 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2019-11-21 05:50 - 2018-04-17 20:22 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-21 05:50 - 2018-04-17 20:22 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-21 05:50 - 2018-04-13 12:03 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2019-11-21 05:40 - 2018-04-29 17:13 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2019-11-21 05:03 - 2018-05-08 18:14 - 000000000 ____D C:\Users\User\AppData\Local\Lavasoft
2019-11-21 05:03 - 2018-05-08 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-11-21 04:49 - 2018-05-09 01:29 - 000000000 ____D C:\Program Files (x86)\FrostWire 6
2019-11-21 04:45 - 2019-09-04 16:42 - 2053258667 _____ C:\Users\User\Downloads\The.Pervert's.Guide.To.Ideology.2012.mp4
2019-11-21 04:24 - 2018-05-08 18:14 - 000000000 ____D C:\Users\User\AppData\Roaming\Lavasoft
2019-11-21 04:24 - 2018-05-08 18:14 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-11-21 04:24 - 2018-05-08 18:08 - 000000000 ____D C:\ProgramData\Lavasoft
2019-11-19 04:01 - 2019-09-11 11:11 - 377177560 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_offline.exe
2019-11-19 03:46 - 2018-05-22 23:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-11-19 01:58 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-19 01:58 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2019-11-11 01:59 - 2018-05-22 23:59 - 000000000 ____D C:\Users\User\AppData\Local\Dropbox
2019-11-07 01:06 - 2018-07-25 14:14 - 000000000 ____D C:\Users\User\Documents\C
2019-11-06 23:45 - 2018-04-17 20:22 - 000000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories ========

2018-12-23 15:31 - 2018-12-23 15:38 - 024568792 _____ (FrostWire LLC) C:\Users\User\AppData\Roaming\Frostwire_setup.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-11 02:58
==================== End of FRST.txt ========================
 

BefuddledB

TS Enthusiast
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019
Ran by User (26-11-2019 00:48:11)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-04-13 08:44:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2414739685-3642484520-4203288351-500 - Administrator - Disabled)
Guest (S-1-5-21-2414739685-3642484520-4203288351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2414739685-3642484520-4203288351-1002 - Limited - Enabled)
User (S-1-5-21-2414739685-3642484520-4203288351-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5KPlayer (HKLM-x32\...\5KPlayer) (Version: 5.2 - DearMob, Inc.)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
ApowerPDF V4.1.1.315 (HKLM-x32\...\{99A1CF84-3154-433D-9F73-0A4D4DACBA1A}_is1) (Version: 4.1.1.315 - Apowersoft LIMITED)
Apowersoft Online Launcher version 1.7.1 (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.1 - APOWERSOFT LIMITED)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
calibre 64bit (HKLM\...\{7CA53963-20B2-4EF3-B166-C26852019564}) (Version: 3.30.0 - Kovid Goyal)
Dropbox (HKLM-x32\...\Dropbox) (Version: 85.4.155 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
FrostWire 6.7.8 (HKLM-x32\...\FrostWire 6) (Version: 6.7.8.276 - FrostWire LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.11.27.1 - HP Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: - )
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
qBittorrent 4.1.0 (HKLM-x32\...\qBittorrent) (Version: 4.1.0 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.28162 - Realtek Semiconduct Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
RogueKiller version 13.5.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.6.0 - Adlice Software)
Skype version 8.43 (HKLM-x32\...\Skype_is1) (Version: 8.43 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-07-03] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-07-03] () [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2009-03-15] (PowerISO Computing, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-07-03] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.7.8-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()

==================== Loaded Modules (Whitelisted) =============

2018-04-16 15:45 - 2018-04-16 15:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2018-04-16 15:51 - 2018-04-16 15:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\AppVIsvSubsystems64.dll
2018-04-16 15:51 - 2018-04-16 15:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2414739685-3642484520-4203288351-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E6E2B68-CA7B-43DB-BAE5-B07F82013E2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{12CD2F71-B2EA-4F28-AB73-4E5CF32EF49E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{336A1C8D-D1B5-49E1-80BA-9DE349C88353}] => (Allow) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB478F12-AA9A-4C5D-BB7C-69D6CE0FE8C0}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{D2D089DB-96EB-485D-9113-D636DF6AD8E8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{B7B3063C-CD8E-445D-AA37-ECE9729C0E9A}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{93321135-0FC9-48EF-9B28-97224F24EB7A}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{59CB665C-2310-40EA-AE21-579139775D0B}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe (Frostwire, LLC -> FrostWire)
FirewallRules: [{613B0F5C-3DFC-475B-A169-0E90046BDCAF}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe (Frostwire, LLC -> FrostWire)
FirewallRules: [TCP Query User{9AD1FC98-C438-408C-ABC3-605A8D79984E}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty Software, Inc. -> DearMob)
FirewallRules: [UDP Query User{21D347A6-6487-401C-A3F6-E8DA1118E98A}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty Software, Inc. -> DearMob)
FirewallRules: [TCP Query User{364F560B-FA0E-4313-A41C-968CEE5BA3F6}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty Software, Inc. -> DearMob)
FirewallRules: [UDP Query User{70EAF6CC-A943-40E3-B8D3-8A488D075D56}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty Software, Inc. -> DearMob)
FirewallRules: [{67912744-3F76-4A29-B5F5-5810DA518EB2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6874FAA2-DB94-4D9C-9A9C-272EE542F0E7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AC0CA2C1-A9FF-4BA6-B1E9-FAC738EEEEF6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{82F887B9-1D0B-4F9D-BA30-69DA674DB76B}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{77ABB9C1-5109-44ED-9777-A5FEAFC5520A}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{4296B873-7DC7-4649-925E-683452B52872}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe (Frostwire, LLC -> FrostWire)
FirewallRules: [UDP Query User{7E1BA250-BA92-4FF9-888A-0B371C5A56AF}C:\program files (x86)\frostwire 6\frostwire.exe] => (Block) C:\program files (x86)\frostwire 6\frostwire.exe (Frostwire, LLC -> FrostWire)
FirewallRules: [{D9CC29E9-3BDA-407E-88BC-FB3FAB628055}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EC17F222-80A8-4415-B039-79456B44F243}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0F2AAE55-5173-4A81-98C3-902BA45EFC0D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{CF0398DE-411C-40CE-80D9-DD4085DE5350}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

02-09-2019 14:01:50 Scheduled Checkpoint
05-10-2019 21:02:41 Scheduled Checkpoint
21-10-2019 23:20:39 Scheduled Checkpoint
29-10-2019 14:27:34 Scheduled Checkpoint
06-11-2019 02:45:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/20/2019 05:28:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMInstallerService.exe, version: 4.0.0.130, time stamp: 0x5daf8771
Faulting module name: ole32.dll, version: 6.1.7601.24335, time stamp: 0x5c2680c4
Exception code: 0xc0000005
Fault offset: 0x0000000000040cc2
Faulting process id: 0x2420
Faulting application start time: 0x01d59f492f3ded49
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
Faulting module path: C:\Windows\system32\ole32.dll
Report Id: 6810b748-0b3d-11ea-a820-ac7289c252c1

Error: (11/19/2019 03:45:37 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (11/19/2019 03:45:37 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (11/19/2019 02:54:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDXHelper.exe, version: 16.0.11328.20146, time stamp: 0x5c794729
Faulting module name: osftaskengine.dll, version: 16.0.11328.20068, time stamp: 0x5c61e1e3
Exception code: 0xc0000005
Fault offset: 0x00000000000d7916
Faulting process id: 0x17b4
Faulting application start time: 0x01d59e6ad0b57338
Faulting application path: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\SDXHelper.exe
Faulting module path: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\osftaskengine.dll
Report Id: b9b70d6c-0a5e-11ea-a820-ac7289c252c1

Error: (11/17/2019 11:53:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.0.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ea4

Start Time: 01d59d6fb0a53454

Termination Time: 7

Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Report Id: 3273e46e-097c-11ea-9353-ac7289c252c1

Error: (11/11/2019 02:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDXHelper.exe, version: 16.0.11328.20146, time stamp: 0x5c794729
Faulting module name: osftaskengine.dll, version: 16.0.11328.20068, time stamp: 0x5c61e1e3
Exception code: 0xc0000005
Fault offset: 0x00000000000d7916
Faulting process id: 0x1790
Faulting application start time: 0x01d59881b73dbb32
Faulting application path: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\SDXHelper.exe
Faulting module path: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\osftaskengine.dll
Report Id: 4bd3d664-0475-11ea-9353-ac7289c252c1

Error: (11/11/2019 05:04:58 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)

Error: (11/11/2019 02:02:29 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.


System errors:
=============
Error: (11/22/2019 05:06:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/22/2019 05:06:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/22/2019 05:06:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/21/2019 10:20:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/21/2019 05:03:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/21/2019 05:03:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/21/2019 05:03:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/21/2019 05:03:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2018-07-13 17:31:16.023
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.925.0
Previous Signature Version:1.267.1524.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14800.3
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-13 17:31:16.023
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14800.3
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: Hewlett-Packard F.1A 07/20/2011
Motherboard: Hewlett-Packard 1657
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 86%
Total physical RAM: 6091.86 MB
Available physical RAM: 815.14 MB
Total Virtual: 12181.86 MB
Available Virtual: 2459.56 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:292.87 GB) (Free:44.29 GB) NTFS
Drive d: (DATA) (Fixed) (Total:638.54 GB) (Free:564.46 GB) NTFS

\\?\Volume{69b854b3-3f47-11e8-8300-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3C7E929E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Malware Annihilator
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

BefuddledB

TS Enthusiast
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by User (26-11-2019 02:15:53) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-12-23 15:31 - 2018-12-23 15:38 - 024568792 _____ (FrostWire LLC) C:\Users\User\AppData\Roaming\Frostwire_setup.exe
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
FirewallRules: [{B7B3063C-CD8E-445D-AA37-ECE9729C0E9A}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{93321135-0FC9-48EF-9B28-97224F24EB7A}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File

*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
HKLM\System\CurrentControlSet\Services\Synth3dVsc => removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Users\User\AppData\Roaming\Frostwire_setup.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7B3063C-CD8E-445D-AA37-ECE9729C0E9A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93321135-0FC9-48EF-9B28-97224F24EB7A}" => removed successfully


The system needed a reboot.

==== End of Fixlog 02:15:53 ====
 

Broni

Malware Annihilator
Last scans...

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

BefuddledB

TS Enthusiast
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 10.1.3 Adobe Reader out of Date!
Google Chrome (78.0.3904.108)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast aswidsagent.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

BefuddledB

TS Enthusiast
Farbar Service Scanner Version: 27-01-2016
Ran by User (administrator) on 26-11-2019 at 03:02:16
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Broni

Malware Annihilator
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.