Premium Search Trojan

**shumik** · 2020-07-20, 23:41

This is Addition Reply Logs #1:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by shumi (18-07-2020 18:26:24)
Running from C:\Users\Mike\Desktop
Windows 10 Home Version 1909 18363.959 (X64) (2020-03-26 04:04:51)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4258859072-2134369477-3650907842-500 - Administrator - Disabled)
Brenda (S-1-5-21-4258859072-2134369477-3650907842-1006 - Limited - Enabled) => C:\Users\Brenda
DefaultAccount (S-1-5-21-4258859072-2134369477-3650907842-503 - Limited - Disabled)
Grandkids (S-1-5-21-4258859072-2134369477-3650907842-1008 - Limited - Enabled) => C:\Users\Grandkids
Guest (S-1-5-21-4258859072-2134369477-3650907842-501 - Limited - Disabled)
Mike (S-1-5-21-4258859072-2134369477-3650907842-1007 - Limited - Enabled) => C:\Users\Mike
shumi (S-1-5-21-4258859072-2134369477-3650907842-1001 - Administrator - Enabled) => C:\Users\shumi
WDAGUtilityAccount (S-1-5-21-4258859072-2134369477-3650907842-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alienware Command Center Suite (HKLM\...\{8C91E386-C6DD-4387-AD74-415895342AE5}) (Version: 5.2.81.0 - Dell Inc) Hidden
Alienware Command Center Suite (HKLM-x32\...\InstallShield_{8C91E386-C6DD-4387-AD74-415895342AE5}) (Version: 5.2.81.0 - Dell Inc)
Alienware OC Controls (HKLM-x32\...\{dd646d80-7aea-4d5b-8de0-9b525f4e52ca}) (Version: 1.2.50.1227 - Dell Inc)
Alienware OCControls Service Installer (HKLM\...\{0DB99C1B-9D42-42F3-9F8B-A6BF263ED0CC}) (Version: 1.2.50.1227 - DELL Inc) Hidden
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{4A30C4EE-52AC-4A6B-A898-D484E9FAED63}) (Version: 1.5.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{AA380E53-F930-47A3-BFD6-F8762EB73755}) (Version: 1.0.16.11 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
ControlCenter4 (HKLM-x32\...\{C5744F42-FDC4-4CC2-B4A8-47C9AA9553B4}) (Version: 4.2.435.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{2F67D318-DCDC-4D94-9048-37789F3C065B}) (Version: 4.0.51.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{4674F112-9AB7-4701-AEC0-C1FD1FE7CD4E}) (Version: 2.0.8401 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{6D2933E3-DC42-44E5-B80E-DACDD64ADFF5}) (Version: 3.5.0.448 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{1906C253-4035-4CA5-A501-075E691CCEC9}) (Version: 5.0.0.10859 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{96846915-505c-49a2-8aa0-63f90927de87}) (Version: 5.0.0.10859 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{C559D0AB-2D9E-4B59-B2B8-0C2061B3F9BC}) (Version: 5.0.0.10859 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{3a267e2b-0948-4f12-a103-e2ac0461179d}) (Version: 5.0.0.10859 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{70E9F8CC-A23E-4C25-B292-C86C1821587C}) (Version: 3.1.2 - Dell, Inc.)
DeviceDetect (HKLM-x32\...\{F805D16D-AB79-4DC7-A60F-436621995275}) (Version: 1.2.1.0 - Brother Industries Ltd.) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{293FF2BA-6A87-4B73-8B63-B0D252C34A8B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EaseUS Todo Backup Free 12.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 12.0 - CHENGDU YIWO Tech Development Co., Ltd)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
iCloud Outlook (HKLM\...\{A8C64C2A-BD34-464F-BA61-A969BA46FC2B}) (Version: 10.9.3.62 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1938.12.0.1317 - Intel Corporation)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R26 - McAfee, LLC)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.123 - McAfee, LLC)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13001.20384 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.64 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft OneDrive (HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720) (HKLM\...\Creative OEM005) (Version: - )
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Nuance PaperPort 14 (HKLM-x32\...\{6CC9391F-D441-4D2E-9ECC-1F7084C733ED}) (Version: 14.5.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer SE (HKLM-x32\...\{7BAC9170-359D-4EAD-B6E4-238A14940C11}) (Version: 7.20.3230 - Nuance Communications, Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 451.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.48 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.42.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.42.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20384 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PC-FAXReceive (HKLM-x32\...\{DD40894F-7575-4905-90AB-695FD827E358}) (Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{63530B2D-3A34-4D79-A52D-F3EB5D99A7C1}) (Version: 1.1.1.1 - Brother Industries Ltd.) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8734.1 - Realtek Semiconductor Corp.)
RemoteSetup (HKLM-x32\...\{BDD8C463-1183-4A91-9EC8-BF68E4ECA9B6}) (Version: 3.9.2.1 - Brother Industries Ltd.) Hidden
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.67.0 - Safer-Networking Ltd.)
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
Windows Driver Package - STMicroelectronics (STTub30) USB (04/03/2017 3.0.6.0) (HKLM\...\BFD1FB244691FDF6328C70B79647C9046B65397A) (Version: 04/03/2017 3.0.6.0 - STMicroelectronics)
Yahoo (HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\6689f6b3e158ee57a82cabe9205be9be) (Version: 1.0 - Yahoo)

Packages:
=========
Alienware Command Center -> C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
Alienware Control Center -> C:\Program Files\WindowsApps\DellInc.6066037A8FCF7_1.1.22.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
Alienware FX 02 -> C:\Program Files\WindowsApps\DellInc.AlienwareFX02_1.2.29.0_x64__htrsf667h5kn2 [2020-03-28] (Dell Inc)
Alienware OC Controls -> C:\Program Files\WindowsApps\DellInc.423703F9C7E0E_1.2.38.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
Alienware Sound Center -> C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2020-03-25] (Dell Inc)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.40.0_x64__htrsf667h5kn2 [2020-05-07] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.52.0_x64__htrsf667h5kn2 [2020-05-27] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9518.0_x64__0vhbc3ng4wbp0 [2020-07-13] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.5.13.0_x64__htrsf667h5kn2 [2020-05-05] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_3.1.99.0_x64__htrsf667h5kn2 [2020-05-25] (Dell Inc)
DellTypeCStatus -> C:\Program Files\WindowsApps\MSWP.DellTypeCStatus_3.1.3920.0_x64__9j0h69dmw0fzc [2020-03-25] (WISTRON CORPORATION) [Startup Task]
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-03-25] (Dropbox Inc.)
eM Client -> C:\Program Files\WindowsApps\eMClient.20054CA46072C_7.2.38682.0_neutral__rq410mg92b554 [2020-04-13] (eM Client)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-06-06] (Apple Inc.) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_17.9.1008.0_x64__8j3eq9eme6ctt [2020-06-23] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa [2020-05-22] (Apple Inc.) [Startup Task]
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.3163.0_x64__rh07ty8m5nkag [2020-03-21] (Rivet Networks LLC) [Startup Task]
LastPass for Windows Desktop -> C:\Program Files\WindowsApps\LastPass.LastPass_4.4.3.0_x64__qq0fmhteeht3j [2020-07-02] (LastPass)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.51.0.0_neutral__qq0fmhteeht3j [2020-07-03] (LastPass)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.39.0_x64__wafk5atnkzcwy [2020-06-06] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.4.22.0_x64__htrsf667h5kn2 [2020-04-15] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.183.0_x64__dt26b99r8h8gj [2020-03-25] (Realtek Semiconductor Corp)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c [2020-06-25] (Skype) [Startup Task]
Snipaste -> C:\Program Files\WindowsApps\45479liulios.17062D84F7C46_2.4.0.0_x64__p7pnf6hceqser [2020-07-03] (Le Liu) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001_Classes\CLSID\{4956AA8B-F7B5-4E91-AACC-5E272CDA771F} -> [iCloud Photos] => D:\shumi\Pictures\iCloud Photos\Photos [2020-06-06 19:08]
CustomCLSID: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001_Classes\CLSID\{60B36EBA-CCE1-42DA-9A67-FF839FCC4C60} -> [iCloud Drive] => C:\Users\shumi\iCloudDrive [2020-04-07 20:26]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\nvshext.dll [2020-06-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-02-27 16:38 - 2009-02-27 16:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-01-24 17:38 - 2020-01-24 17:38 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2020-04-03 14:58 - 2019-06-28 11:09 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2020-04-03 14:58 - 2019-06-28 11:09 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 005013504 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.423703F9C7E0E_1.2.38.0_x64__htrsf667h5kn2\DellInc.423703F9C7E0E.AWCC.Plugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000483328 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCC.RPC.Proxy.WinRT.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000178688 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCCPlugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000021504 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\IInspectableParser.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000316416 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\PM.UI.Controls.dll
2020-03-28 00:29 - 2020-03-28 00:29 - 001629696 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareFX02_1.2.29.0_x64__htrsf667h5kn2\DellInc.AlienwareFX02.AFX.Model.Plugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000576000 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\DataSystemWRC.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 001071616 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\DellInc.AlienwareSoundCenter.AFX.Model.Plugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 005350912 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\DellInc.AlienwareSoundCenter.AWCC.Plugin.dll
2020-03-21 04:01 - 2020-03-21 04:01 - 000143360 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\Gaming.API.WinRT.HeadsetControl.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\JabraManager.dll
2020-03-21 04:01 - 2020-03-21 04:01 - 000035328 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\RPCClient.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000059904 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\SoundCenter.Daemon.Client.dll
2020-04-08 09:01 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\Windows\system32\BrSNMP64.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 001550208 _____ (A-Volute -> ) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\AGSWRC.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 004883456 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\BCGCBPRO1100u100.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2014-11-13 18:55 - 2014-11-13 18:55 - 000461824 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2010-09-29 17:07 - 2010-09-29 17:07 - 000180224 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2013-10-10 21:55 - 2013-10-10 21:55 - 002040320 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2014-11-12 09:17 - 2014-11-12 09:17 - 000137728 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2014-09-09 09:38 - 2014-09-09 09:38 - 000083968 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2014-09-09 09:38 - 2014-09-09 09:38 - 017974784 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2014-09-09 09:39 - 2014-09-09 09:39 - 000080896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2020-04-08 09:01 - 2013-03-08 15:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 001945600 _____ (Dell Inc) [File not signed] C:\Program Files\WindowsApps\DellInc.6066037A8FCF7_1.1.22.0_x64__htrsf667h5kn2\DellInc.6066037A8FCF7.AFX.Model.Plugin.dll
2019-11-21 00:38 - 2019-11-21 00:38 - 000081920 _____ (Dell Technologies) [File not signed] [File is in use] C:\Program Files\Alienware\Alienware Command Center\OCControl.Rpc.Server.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000031744 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.423703F9C7E0E_1.2.38.0_x64__htrsf667h5kn2\OCControl.Rpc.Client.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000110080 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AFXModelPlugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 030830592 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCC.dll
2020-04-03 14:58 - 2019-06-28 11:09 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2020-04-08 09:04 - 2013-08-06 12:15 - 000181248 _____ (Nuance Communications, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\nuanoemuires.dll
2020-04-08 09:04 - 2013-08-06 12:15 - 000027648 _____ (Nuance Communications, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\NuanUI.DLL
2020-01-13 09:04 - 2020-01-13 09:04 - 001899008 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\sqlite3.dll
2020-04-03 14:58 - 2019-10-09 09:05 - 001359872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\LIBEAY32.dll
2020-04-03 14:58 - 2019-10-09 09:05 - 000365056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mike\Desktop\FRST64.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Mike\Desktop\tweaking.com_registry_backup_setup.exe:SmartScreen [7]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2020-07-12 12:31 - 000454708 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15607 more lines.

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\shumi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win ltblue 1920x1200.jpg
HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win ltblue 1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1FA227C9-9915-4999-B203-D19D6BC4F113}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9A5D1CA6-AE4F-4ABB-A15B-308099236299}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4D70D8C2-867C-4AAD-9C0E-9945A9B83B0D}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{BDBB396D-7359-4150-9B63-75664BBF4EE4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{A013FB41-52EB-464C-B188-E6D0B7123EA0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{48E60FEA-41E0-402F-9363-DF432E0B01EC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{EF1938AC-E5CB-4552-8E64-2B9386EB19A9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{47AE8974-C482-44DA-8F4F-6044C056164D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{EC867A7B-4B2A-420B-9AFC-7E52F0ECC47E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{2D0FD69F-A7A6-4F73-9209-6095E098BD53}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{ED4D1C17-5077-409E-A9BB-02887BAA6828}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{D3F1E077-C455-4023-86F3-B0968D44B158}] => (Allow) LPort=54925
FirewallRules: [{480B21CE-58CA-4895-A374-745888FF4DA1}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{9F81E6ED-AF09-43BF-9BA2-051F7C4D86F6}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{8C4C884E-E3B0-4AA7-973D-6AD06C087DE3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{62342597-3B6E-411C-8DBD-A0A24341AC19}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4F7D1D1B-8C69-458B-AC7E-EA0509A0BEDA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7817FE59-2466-45DE-B548-331E7A48FD2C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A9802D92-7427-48D0-A08B-4969E676E504}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{91BDE927-DDB7-40FA-AB17-16CF3E4975F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{621C46C9-CE37-4550-80E8-AA00A2102210}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EDDEB922-77C4-4962-BEED-AF60CA29FDAD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{01FA593F-B31A-48B4-9B96-9A31D79EA8D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8340D560-C8D8-405D-A55E-91CD1EE4BCB9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E990FB8D-631F-4003-8C7D-4F5915D4E7EC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4AE0FA42-8FE6-4932-A3CB-1C053113CD79}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E5C4F85B-0088-41DA-9426-B08ADC628689}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4BAA2239-3DEA-4A8B-91FA-905B07D85EE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{398618A8-DEBD-4385-98D7-37A8DB639598}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8FCBC28B-ECBA-4865-ABB3-2C5154C649E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8062D565-59CF-4C06-9760-DF85AF4B890C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{448A4F41-E7A1-43CC-A92A-5A269E4AA4A5}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9518.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{2AE6DF57-F85B-4958-93C1-CBFC8A29ED29}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9518.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:101.34 GB) (Free:38.28 GB) (38%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (07/18/2020 06:27:42 PM) (Source: XTUService) (EventID: 0) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
at IronCity.Core.Server.CoreServer.Start()
at XtuService.XtuService1.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/18/2020 06:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x34f9c
Faulting application start time: 0x01d65d5b063aa1f9
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: 2c2adc60-6d47-4afe-8c43-627423ab5dbe
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x34fa0
Faulting application start time: 0x01d65d5b0342de92
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: 59d05f95-1f33-467e-8308-70c59369aa08
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:29 PM) (Source: XTUService) (EventID: 0) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
at IronCity.Core.Server.CoreServer.Start()
at XtuService.XtuService1.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/18/2020 06:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x30cec
Faulting application start time: 0x01d65d5b0046dfca
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: c26b6e72-623a-4d72-ad83-34f057ce0212
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x2da30
Faulting application start time: 0x01d65d5afd4b477f
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: 4ad4ed84-96e7-45a3-ac92-9ae7b9a65e0e
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x32054
Faulting application start time: 0x01d65d5afa509d0c
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: ae4c86a9-4cb5-48e7-8c0f-8a0c9d3abeee
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:17 PM) (Source: XTUService) (EventID: 0) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
at IronCity.Core.Server.CoreServer.Start()
at XtuService.XtuService1.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

System errors:
=============
Error: (07/18/2020 01:35:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 3 time(s).

Error: (07/18/2020 12:30:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/18/2020 12:14:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/17/2020 01:36:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Digital Delivery Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (07/17/2020 01:34:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AppX Deployment Service (AppXSVC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/12/2020 12:27:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/12/2020 12:10:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/12/2020 10:43:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:09:02 PM on ‎7/‎11/‎2020 was unexpected.

Windows Defender:
===================================
Date: 2020-05-04 20:15:35.729
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

CodeIntegrity:
===================================

Date: 2020-07-18 18:24:55.903
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 18:19:53.739
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 18:14:51.494
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 18:09:49.688
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 18:04:46.761
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 17:59:43.872
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 17:54:41.651
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 17:49:39.125
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.2.1 03/20/2020
Motherboard: Dell Inc. 0DXJD9
Processor: Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz
Percentage of memory in use: 82%
Total physical RAM: 8046.91 MB
Available physical RAM: 1370.94 MB
Total Virtual: 30574.91 MB
Available Virtual: 20379.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:101.34 GB) (Free:38.28 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:856.73 GB) NTFS
Drive e: ( My Backups) (Fixed) (Total:5589 GB) (Free:3439.88 GB) NTFS
Drive f: (EASEUSBOOT) (Removable) (Total:28.64 GB) (Free:27.89 GB) FAT32

\\?\Volume{d563a30d-01d7-4124-b9bc-3b031606b3e3}\ (WINRETOOLS) (Fixed) (Total:0.93 GB) (Free:0.34 GB) NTFS
\\?\Volume{c1bd49fd-9eeb-4298-aa1a-3b448f4d5e9d}\ (Image) (Fixed) (Total:15.26 GB) (Free:0.13 GB) NTFS
\\?\Volume{80422f68-d197-4690-9b15-3fe274ccec64}\ (DELLSUPPORT) (Fixed) (Total:1.42 GB) (Free:0.45 GB) NTFS
\\?\Volume{87be7d44-d7e7-4d22-a188-47fb3e14b20b}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7A420BC1)

Partition: GPT.

==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 7A420BB6)

Partition: GPT.

==========================================================
Disk: 2 (Size: 5589 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 3 (Size: 28.7 GB) (Disk ID: FE429E9F)
Partition 1: (Active) - (Size=28.7 GB) - (Type=0C)

==================== End of Addition.txt =======================

**Juliet** · 2020-07-21, 00:07

OK, looks pretty good actually.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
Task: {055121b2-0927-4254-af0a-4f668e39e469} - no filepath
Task: {2cb54e1f-62d9-4c14-814c-955ef69c155b} - no filepath
Task: {30bdde01-accc-4d79-8aa1-44749ff27256} - no filepath
Task: {3369d6ed-ba7f-49d1-8833-d3a224675608} - no filepath
Task: {3497e3f2-c9b7-425a-9fec-440c2225f44b} - no filepath
Task: {3c2803c4-858e-4647-bcea-ae4e80f67684} - no filepath
Task: {3d72d2b4-03b7-4849-ab88-a5fff70cf3ca} - no filepath
Task: {5b49af16-6ab4-45fc-9d9d-dcd31eed3710} - no filepath
Task: {5f143149-37b1-49a4-8891-7cd86fc9ae8b} - no filepath
Task: {5f6a4b10-041d-4264-83bb-02eaed7bb197} - no filepath
Task: {81d18dbf-731c-4226-8e85-44bda75e5bc7} - no filepath
Task: {8bc86d5f-5453-4d79-b4f2-dac073199006} - no filepath
Task: {9553b533-d4c8-4a4d-a7a9-beecf3652c25} - no filepath
Task: {964ea2cc-52f0-4e92-957f-8c54d1145996} - no filepath
Task: {9e5834c3-5a31-45d9-8652-74df9bb6aea7} - no filepath
Task: {a687a4ff-47a3-4310-a426-fa53bba6280a} - no filepath
Task: {d0815cd0-a575-4fde-82fb-9a3e8c9b4c24} - no filepath
Task: {d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f} - no filepath
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

Logs to include with the next post:

Fixlog.txt
AdwCleaner log
Mbam.txt

**shumik** · 2020-07-21, 03:21

Thank you so much for helping me. What do you think was going on with my computer? Malaware? The grandkids play Roblox on it, could that be where it came from? Any insight you can provide is greatly appreciated

One other thing I noticed in one of the logs, where "Internet Explorer trusted/restricted" lists some porn sites. Can you tell me what that's from. There shouldn't be anybody accessing porn from this computer.

Here are the logs:

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2020
Ran by shumi (20-07-2020 19:36:01) Run:1
Running from C:\Users\Mike\Desktop
Loaded Profiles: shumi & Brenda & Mike & Grandkids
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {055121b2-0927-4254-af0a-4f668e39e469} - no filepath
Task: {2cb54e1f-62d9-4c14-814c-955ef69c155b} - no filepath
Task: {30bdde01-accc-4d79-8aa1-44749ff27256} - no filepath
Task: {3369d6ed-ba7f-49d1-8833-d3a224675608} - no filepath
Task: {3497e3f2-c9b7-425a-9fec-440c2225f44b} - no filepath
Task: {3c2803c4-858e-4647-bcea-ae4e80f67684} - no filepath
Task: {3d72d2b4-03b7-4849-ab88-a5fff70cf3ca} - no filepath
Task: {5b49af16-6ab4-45fc-9d9d-dcd31eed3710} - no filepath
Task: {5f143149-37b1-49a4-8891-7cd86fc9ae8b} - no filepath
Task: {5f6a4b10-041d-4264-83bb-02eaed7bb197} - no filepath
Task: {81d18dbf-731c-4226-8e85-44bda75e5bc7} - no filepath
Task: {8bc86d5f-5453-4d79-b4f2-dac073199006} - no filepath
Task: {9553b533-d4c8-4a4d-a7a9-beecf3652c25} - no filepath
Task: {964ea2cc-52f0-4e92-957f-8c54d1145996} - no filepath
Task: {9e5834c3-5a31-45d9-8652-74df9bb6aea7} - no filepath
Task: {a687a4ff-47a3-4310-a426-fa53bba6280a} - no filepath
Task: {d0815cd0-a575-4fde-82fb-9a3e8c9b4c24} - no filepath
Task: {d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f} - no filepath
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{055121b2-0927-4254-af0a-4f668e39e469}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2cb54e1f-62d9-4c14-814c-955ef69c155b}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30bdde01-accc-4d79-8aa1-44749ff27256}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3369d6ed-ba7f-49d1-8833-d3a224675608}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3497e3f2-c9b7-425a-9fec-440c2225f44b}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3c2803c4-858e-4647-bcea-ae4e80f67684}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3d72d2b4-03b7-4849-ab88-a5fff70cf3ca}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5b49af16-6ab4-45fc-9d9d-dcd31eed3710}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5f143149-37b1-49a4-8891-7cd86fc9ae8b}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5f6a4b10-041d-4264-83bb-02eaed7bb197}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81d18dbf-731c-4226-8e85-44bda75e5bc7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8bc86d5f-5453-4d79-b4f2-dac073199006}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9553b533-d4c8-4a4d-a7a9-beecf3652c25}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{964ea2cc-52f0-4e92-957f-8c54d1145996}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9e5834c3-5a31-45d9-8652-74df9bb6aea7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{a687a4ff-47a3-4310-a426-fa53bba6280a}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d0815cd0-a575-4fde-82fb-9a3e8c9b4c24}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f}" => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db.ses => moved successfully
C:\Windows\Temp\Application_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\AppxErrorReport_5A16D997-5D5F-0005-69FE-175A5F5DD601.txt => moved successfully
Could not move "C:\Windows\Temp\CMcUploader.log" => Scheduled to move on reboot.
C:\Windows\Temp\DESKTOP-AT4C6NI-20200718-1858.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200718-2002.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-0400.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-0717.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1040.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1040a.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1220.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1222.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1224.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1333.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-0618.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-0658.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-0717.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-1336.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-1627.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-1710.log => moved successfully
Could not move "C:\Windows\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
Could not move "C:\Windows\Temp\FXSTIFFDebugLogFile.txt" => Scheduled to move on reboot.
C:\Windows\Temp\mat-debug-2248.log => moved successfully
C:\Windows\Temp\mat-debug-23712.log => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-Store_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20200718185851FF0).log => moved successfully
C:\Windows\Temp\System_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\TBitDefenderUpdaterThread.log => moved successfully
C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
C:\Windows\Temp\{6B457D7E-C7CC-4F1C-86CD-9A732A356345} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{93A6158E-59C5-4C36-8FC5-19278C7412EA} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{BF8647EA-9769-4D5C-9EE2-F93EDB77DE2B} - OProcSessId.dat => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20155403 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3413162 B
Edge => 3633430 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1124524 B
systemprofile32 => 1124613 B
LocalService => 1416017 B
NetworkService => 1421939 B
shumi => 52163186 B
Brenda => 126690920 B
Mike => 168470198 B
Grandkids => 212668323 B
defaultuser100000.DESKTOP-AT4C6NI.000 => 213299818 B

RecycleBin => 0 B
EmptyTemp: => 778 MB temporary data Removed.

================================

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build: 06-24-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-20-2020
# Duration: 00:00:40
# OS: Windows 10 Home
# Scanned: 31837
# Detected: 27

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E014A58-DE32-42AD-AB9C-499813346BCA}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E014A58-DE32-42AD-AB9C-499813346BCA}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70E9F8CC-A23E-4C25-B292-C86C1821587C}

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build: 06-24-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-20-2020
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 23
# Failed: 4

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E014A58-DE32-42AD-AB9C-499813346BCA}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E014A58-DE32-42AD-AB9C-499813346BCA}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Deleted Preinstalled.DellUpdateforWindows10 Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70E9F8CC-A23E-4C25-B292-C86C1821587C}
Not Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Not Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5115 octets] - [20/07/2020 19:40:08]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/20/20
Scan Time: 8:01 PM
Log File: b1b54a04-caed-11ea-a64e-a4bb6da79f09.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.979
Update Package Version: 1.0.27127
License: Trial

-System Information-
OS: Windows 10 (Build 18362.959)
CPU: x64
File System: NTFS
User: DESKTOP-AT4C6NI\Mike

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 550104
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

**Juliet** · 2020-07-21, 12:46

Internet Explorer trusted/restricted => The scan is showing us that these are the sites that are being blocked and thats a good thing.

What do you think was going on with my computer? Malaware?

As far as seeing something related to malware, that hasn't showed up. I did see a slight lack of maintenance in cleaning out temp files but actually wasn't in bad shape.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let's do an online scan to see if there are any remnants that can be picked up.

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

How is the computer now?

**shumik** · 2020-07-21, 19:17

The ESET Online Scanner didn't find anything so there is no log to post from that. YAY!!!

Originally Posted by Juliet

As far as seeing something related to malware, that hasn't showed up. I did see a slight lack of maintenance in cleaning out temp files but actually wasn't in bad shape.

I have been running Spybot regularly. I thought that was taking care of temp files?

Originally Posted by Juliet

How is the computer now?

The computer is amazingly fast now. It seems that Dell must have had a bunch of garbage on there. I installed a lot of the Dell utilities because the machine is still under warranty but the scans suggested to quarantine them so I did. I can re-install them if I need them. There are a few more I need to get off of there too. It appears that the machine is running normally now so I want to thank you tremendously for helping me out here but I do have a few more issues to deal with, if you don't mind?

My original problem was the missing .dll files. First, I will try the Microsoft built in file checkers, etc. under command prompt but assuming that doesn't work:

1. How do I get the .dll's back? Is there a safe place to download them from? I tried re-installing Skype but it still has a missing .dll. I really don't want to reconfigure 5 email accounts either as my email client is missing a .dll also.

2.Do you think the Android program for the outdoor movie projector running on my iPhone had anything to do with this?

3.My grandkids love Roblox. Is Roblox a safe site? Is anything coming from there?

4. The Malaware Bytes program is affecting my mouse pointer. Can I remove that program? And what about the other programs you had me download, do I need any/all of them?

5. I'm not a big fan of McAfee but it came with the system. Can I remove it and go with Defender alone? Or, what are the minimum maintenance/security programs a user needs to avoid all of this?

6. Do I need to run Spybot on all users desktops. I normally run it just from my desktop but when I logon to the admin account it will say Spybot hasn't been run in 43 days or something when I just finished running it on the other user logon.

I want to thank you again for taking the time to help not only me but all of the others you have helped and will help in the future. The world is a better place because of people like you. I am forever grateful!

**Juliet** · 2020-07-21, 20:56

I'm going to try and answer all the questions. Some I tried to research because I'm not familiar with the app/program.

The computer is amazingly fast now. It seems that Dell must have had a bunch of garbage on there

Music to my ears.

Google the below.
Is Roblox a safe site
Reason I say this is your going to find the same info I did. You have mixed reviews, some good, some ugly
What I gather is this app is gaming and used along the lines as another social media app, are the children old enough to handle such a deal as this?
Can some of the features be turned off so that others cannot send messages or use voice while they are playing the games?
I think this falls into parental choice.

Do you think the Android program for the outdoor movie projector running on my iPhone had anything to do with this?

I really can't say. Did you start having issues after it was installed? Was it downloaded from a reputable site?(Although safe sites can be hit with malicious scripts)

I tried re-installing Skype

Let's try this to see if you can get all remnants off

Please download and install Revo Uninstaller.
or from here https://www.bleepingcomputer.com/dow...o-uninstaller/

Right click Revo Uninstaller and select Run as administrator
From the list of programs double click on the listed program(s), or anything similar, SKYPE to remove it (if it exists)
Click Yes to any warning screen that may appear
If presented with the program uninstall option click Uninstall
If asked to restart now click No
Under Scanning Modes select Advanced then select Scan
On the Found leftover Registry items window click Select All, Delete, then Yes
If prompted click on Next
On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
Reboot your computer if requested

============================================

Afterwards try a new download and install to see if the errors are still there.

The Malaware Bytes program is affecting my mouse pointer. Can I remove that program? And what about the other programs you had me download, do I need any/all of them?

I'm not a big fan of McAfee but it came with the system. Can I remove it and go with Defender alone? Or, what are the minimum maintenance/security programs a user needs to avoid all of this?

6. Do I need to run Spybot on all users desktops. I normally run it just from my desktop but when I logon to the admin account it will say Spybot hasn't been run in 43 days or something when I just finished running it on the other user logon.

I want to thank you again for taking the time to help not only me but all of the others you have helped and will help in the future. The world is a better place because of people like you. I am forever grateful!

All the tools we downloaded will be removed.

Uninstalling McAfee can certainly be done and Microsoft recommends Windows Defender which comes with the Operating system.

Answers for running Spybot on all user accounts, I'll probably have to refer you over to the help forum because I'm not sure.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

For your email client

eMClient missing DLL libcef
https://forum.emclient.com/t/update-...0-errors/61730

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Let's see about running SFC.exe to try and correct missing anythings
https://support.microsoft.com/en-us/...rrupted-system

Run the System File Checker tool (SFC.exe)
To do this, follow these steps:

Open an elevated command prompt. To do this, do the following as your appropriate:
Show all
Windows 8.1 or Windows 8
Windows 10, Windows 7, or Windows Vista

If you are running Windows 10, Windows 8.1 or Windows 8, first run the inbox Deployment Image Servicing and Management (DISM) tool prior to running the System File Checker. (If you are running Windows 7 or Windows Vista, skip to Step 3.)

Type the following command, and then press Enter. It may take several minutes for the command operation to be completed.
DISM.exe /Online /Cleanup-image /Restorehealth

Important: When you run this command, DISM uses Windows Update to provide the files that are required to fix corruptions. However, if your Windows Update client is already broken, use a running Windows installation as the repair source, or use a Windows side-by-side folder from a network share or from a removable media, such as the Windows DVD, as the source of the files. To do this, run the following command instead:
DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess

Note: Replace the C:\RepairSource\Windows placeholder with the location of your repair source. For more information about using the DISM tool to repair Windows, reference Repair a Windows Image.

At the command prompt, type the following command, and then press ENTER:

sfc /scannow

Command Prompt with administrator rights - sfc /scannow

The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy that is located in a compressed folder at %WinDir%\System32\dllcache.
The %WinDir% placeholder represents the Windows operating system folder. For example, C:\Windows.

Note Do not close this Command Prompt window until the verification is 100% complete. The scan results will be shown after this process is finished.

After the process is finished, you may receive one of the following messages:
Windows Resource Protection did not find any integrity violations.

This means that you do not have any missing or corrupted system files.
Windows Resource Protection could not perform the requested operation.

To resolve this problem, perform the System File Checker scan in safe mode, and make sure that the PendingDeletes and PendingRenames folders exist under %WinDir%\WinSxS\Temp.
Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.

**shumik** · 2020-07-22, 05:09

Juliet, the System File Check did the trick. When Spybot quarantined the infected files is when the trouble started. I noticed in the sfc logs that the files that sfc repaired were mainly the same ones that Spybot moved to quarantine, actually I'm the one that moved them

. Now it all makes sense. I'm not sure what I should do if this happens again in Spybot, I'll just have to educate myself on the ins and outs of Spybot and decide what I should do with the infected files. Thanks to you though, I'm pretty sure I can take care of it myself, if there is a next time. So all in all I have the fast computer I thought I was getting and I got rid of a bunch of junk and bloatware in the process. Plus, I learned about some great free programs. So if you don't have anything else for me then I'm going to sign off and again,

THANK YOU, THANK YOU, THANK YOU!!!

Thread: Premium Search Trojan

Thread Tools

Display

Hybrid View

Tags for this Thread

Posting Permissions