Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by Dell (13-05-2018 13:11:25)
Running from C:\Users\Dell\Desktop
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-10 21:06:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2909802881-1809305294-4137571501-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2909802881-1809305294-4137571501-503 - Limited - Disabled)
Dell (S-1-5-21-2909802881-1809305294-4137571501-1001 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-2909802881-1809305294-4137571501-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2909802881-1809305294-4137571501-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2909802881-1809305294-4137571501-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Artisan (HKLM-x32\...\Artisan) (Version: 1.2.0.3 - The Artisan Team)
Avira (HKLM-x32\...\{40F72BC9-0C14-4122-8930-4B037EAEAD45}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{4b629f54-1d82-40c9-9979-4485bb58d155}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.163 - Avira Operations GmbH & Co. KG)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.103 - ALPS ELECTRIC CO., LTD.)
Fresh Beans SR-700 (HKLM-x32\...\{D09D0DA0-2423-4CD9-AF24-F9FACF0FB1E6}) (Version: 1.03 - Fresh Beans)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
LibreOffice 5.4.3.2 (HKLM-x32\...\{CAE1C579-A42B-4A1E-9765-9D6648EFBD25}) (Version: 5.4.3.2 - The Document Foundation)
Microsoft OneDrive (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\SourceUser(S-1-5-21-2909802881-1809305294-4137571501-1001)\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 cs) (HKLM\...\Mozilla Firefox 57.0 (x64 cs)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Openroast 1.2.0rc3 (HKLM\...\Openroast 1.2.0rc3) (Version: 1.2.0rc3 - Roastero)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 (32-bit) (HKU\SourceUser(S-1-5-21-2909802881-1809305294-4137571501-1001)\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Add to Path (32-bit) (HKLM-x32\...\{B7F6071F-CC88-469C-9AC6-BEBA83594819}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2909802881-1809305294-4137571501-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-04] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04F48FCB-64FF-410E-B41D-D24BF9D0723B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {058FF6C4-AC45-45A0-9C54-8F7EF961B50C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {07C96D22-783E-4E04-9132-88943FEF1481} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1D31F5A1-1482-49AE-8D87-CD6FFC0CBB72} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2DD2127E-3F47-4C47-BB1E-63C30B730760} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3310015C-DA70-4F13-926D-844006123C46} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5292F73E-486D-4D42-9468-88B63131671A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5EC51427-C4F1-4107-8859-B6C00249CB57} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5F0DBDA1-D051-42ED-883D-EF3D8DB529F1} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-05-04] (Avira Operations GmbH & Co. KG)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {77654389-3548-4439-8E5E-A76E7C13A05C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {83A6BB13-C131-412C-819C-6F695ACFDC89} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {84095955-7ECA-4A1E-94AC-3196D28CB12E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {842E245F-75ED-4A2A-BF06-1E87762FFDFB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {957C8364-7BDE-48F2-913A-6AEFF3BA9467} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9D17742B-7AD0-49B8-A008-B940922C97DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-23] (Google Inc.)
Task: {A2F0C58E-1478-4A95-95A5-BEC84222C3CB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AB909709-E4D6-44A6-BC73-F39A76887DB5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0811582-F540-4804-8E7F-7A41392C8A4B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BBF820C6-2B7E-4336-8088-4292970AA9AC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD4B99C7-5C62-4EF1-B692-8B403FCAA9C1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BE11E7B8-323B-4B2B-9FA3-5EF97C6095BA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C334E7E8-342F-454E-A6CE-35AC418EFBD0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EC544BCE-9112-4E41-BA28-E27BBDD3165F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F1846765-1A57-40F3-86E5-71C045208183} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-23] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 01:35 - 2018-04-12 17:53 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-25 22:08 - 2018-04-26 14:25 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-25 22:08 - 2018-04-26 14:25 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-25 22:08 - 2018-04-26 14:25 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-25 22:08 - 2018-04-26 14:25 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-27 14:37 - 2018-04-26 05:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-04-27 14:37 - 2018-04-26 05:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
2018-05-04 16:53 - 2018-05-04 16:54 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-05-04 16:53 - 2018-05-04 16:54 - 066466304 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-11-28 18:59 - 2017-11-28 19:11 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-04 16:53 - 2018-05-04 16:54 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-04 16:53 - 2018-05-04 16:53 - 004173312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 16:53 - 2018-05-04 16:53 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-04 16:53 - 2018-05-04 16:54 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-29 22:47 - 2018-03-29 22:54 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-05-04 16:53 - 2018-05-04 16:54 - 015563776 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-04 16:53 - 2018-05-04 16:53 - 004018176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-05-04 16:53 - 2018-05-04 16:53 - 003281920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-04 16:53 - 2018-05-04 16:54 - 001386496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-01-31 19:44 - 2018-01-31 19:47 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-04 16:53 - 2018-05-04 16:54 - 000878080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dell\Documents\OP1.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Dell\Documents\OP1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Dell\Documents\OP2.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Dell\Documents\OP2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-0-0\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\SourceUser(S-1-5-21-2909802881-1809305294-4137571501-1001)\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

