Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm infected with something I do believe


  • Please log in to reply

#1
sweetsuzee

sweetsuzee

    Member

  • Member
  • PipPip
  • 15 posts
I started having problems a few months ago in that sometimes it takes up to 20 minutes for a link or a site to open. Other times addresses entered into the URL are ignored and the computer heads to a site I opened maybe 4 or 5 sites earlier such as going to nbc.com when I'm trying to get to google.com. Sometimes I am directed to a site I've never visited but thank God that is infrequently. But, it does happen. I have also had a lot of "not responding" prompts whereby the computer lags for a long time or actually freezes and I have to shut down and relaunch.  And lst, but definitely not least, I have advertising pop-ups everywhere.  When reading an online paper or article they'll be popups at every single paragraph break and along the margins.  They are ALWAYS from a site I've visited or an item I've looked at recently.  Sometimes not so recently.  
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2019
Ran by suesarkis (administrator) on SUESBABY (Hewlett-Packard HP Spectre XT TouchSmart PC) (17-09-2019 14:47:21)
Running from C:\Users\suesarkis\Desktop
Loaded Profiles: suesarkis & User & Administrator (Available Profiles: suesarkis & User & Administrator)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(AOL, Inc -> AOL Inc.) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\AolDesktop.exe
(AOL, Inc -> AOL Inc.) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\AolDesktop.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Netherlands B.V. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler.exe
(AVG Netherlands B.V. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler64.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe
(Comfort Software Group -> Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Comfort Software Group -> Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(Copernic Inc. -> Copernic Inc.) C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearch.exe
(Copernic Inc. -> Copernic Inc.) C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_972058dc64815bf9\RstMwService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\suesarkis\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19061.18920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\CORK.EXE
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Trend Micro Inc.) [File not signed] C:\Users\suesarkis\Downloads\HijackThis.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [316336 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE [166240 2015-04-21] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [Copernic Desktop Search - Home] => C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [1692200 2013-01-28] (Copernic Inc. -> Copernic Inc.)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [4126624 2016-01-22] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [AOLDesktop] => C:\Users\suesarkis\AppData\Local\AOLDesktop\AolDesktop.exe [563216 2019-09-16] (AOL, Inc -> AOL Inc.)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\Installer\chrmstp.exe [2019-09-04] (AVG Technologies USA, Inc. -> AVG Technologies)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
IFEO\aolonepoint.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\idvault.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\javacpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\javaw.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\jp2launcher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mcuicnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshopelementseditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ssscheduler.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AOL OnePoint.lnk [2018-08-01]
ShortcutTarget: AOL OnePoint.lnk -> C:\Program Files (x86)\AOL OnePoint\IDVault.exe (Intersections Inc -> White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-10-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop Launcher.lnk [2019-09-17]
ShortcutTarget: AOL Desktop Launcher.lnk -> C:\Users\suesarkis\AppData\Local\AOLDesktop\AolTrayApp.exe (AOL, Inc -> AOL Inc.)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyCorkboard.lnk [2017-10-15]
ShortcutTarget: MyCorkboard.lnk -> C:\Program Files (x86)\Corkboard\CORK.EXE (PC Dynamics, Inc.) [File not signed]
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop Launcher.lnk [2017-08-06]
ShortcutTarget: AOL Desktop Launcher.lnk -> C:\Users\suesarkis\AppData\Local\AOLDesktop\AolTrayApp.exe (AOL, Inc -> AOL Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01AEFE23-8B51-4189-9C7B-9F6A3EE580CB} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [39176 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {0405FE5E-2941-48AF-AE02-56CAE1594428} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [1452544 2019-02-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {08CC228D-2B16-4FFF-8325-5F9227F68CB9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {185D8A69-4E7C-488D-AE93-83A8460CF2F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1571464 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {2327FDBA-E77C-4DBD-8194-A7794FD85FE4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1905072 2019-09-17] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {30515428-0D06-4844-BAC0-7FADFE6C79C3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {314BB6F2-FA08-4DD6-A0A4-CB24F0BF7207} - System32\Tasks\AVG EUpdate Task => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe [4072504 2018-06-20] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
Task: {3DD28AD3-5F7A-4089-949B-F026666F2588} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {48F582DD-B519-49AB-AFF7-1E812641931A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {559C1EE8-B918-4FF8-B901-40131935A0E1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel® Trusted Connect Service -> Intel® Corporation)
Task: {57100AE3-B92D-4FC1-8D7F-8CFB19AA6707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-01] (Google Inc -> Google Inc.)
Task: {5C917868-F942-4B66-B771-5E38612C276E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {632E7769-C60E-4A67-88BD-0D154557E567} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
Task: {694E6B06-BF67-4D5D-8BF1-7E87C2899928} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3990448 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {75BF6DE9-4FCA-4BC3-827F-FE7528955A2E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A16F885-42CC-43BA-A14D-E4A493001610} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {8FA0207E-0F04-4B48-BD37-B2136C28A95A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-01] (Google Inc -> Google Inc.)
Task: {A2ACCDE7-0FC2-41A1-9CF0-B48A24B0659F} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1853184 2019-08-20] (AVG Technologies USA, Inc. -> AVG Technologies)
Task: {A330AAEB-37AA-4A78-86A0-81001483C172} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2670944 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
Task: {A9A555E0-9B0D-4230-B577-05A5E76B8619} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [1967880 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {AA23C637-1CA9-44E0-8F5F-77ACEC044170} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {AD7AAA14-F069-48A8-B7A0-1F89E1878C1C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {B2A8DC90-58FC-4E6F-A8CF-E058AED0BD75} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B98CB605-95F8-477F-9F99-7B71124107AC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BA66CF97-BF0D-4C4A-8E44-91B8D1F91147} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
Task: {BBF33665-2444-4F15-A3F4-F7AEC254031D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5F29938-7FA0-4DC3-86BE-B82B60864EB5} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1853184 2019-08-20] (AVG Technologies USA, Inc. -> AVG Technologies)
Task: {C9787608-A4F7-4303-BE7D-7A769FC90477} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {CFF502A0-0004-4156-BB88-0629DD3FCF54} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D3E7A5BA-8711-4C39-A740-CB97F17D91AB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE803938-3668-4207-9257-29A01FC30E98} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {DEC2E8AB-AF71-4069-837A-F83ADD0F36EC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0BAA7F2-E2D1-4495-901C-7A1B7D451F8F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2CB30AE-6AB6-453C-B8AD-A9BBF35B2DA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {ECA727E2-B229-46F7-8BE8-13B2B09AACF8} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{1b626343-04a6-45cd-b559-9a91b11fb27c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dace9ba1-7c81-4972-8e00-a728cdf2e3da}: [DhcpNameServer] 209.18.47.63 209.18.47.61
 
Internet Explorer:
==================
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311447&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3gnvVgOifspTi86wSYOlHlOG6%2BtVnCQTPpJaBYKyPXcXu1RcRS%2FJHmEQVwphjS2waGJpPH4lnNkBodHJLCgie4PDTUtxfp%2FNTFURtUMLVPH5K4mTGaQwTTZN3ERQbR8qX3zLccGPyG48AdczGa%2BbtJCvzD0JQMmEs84vUrZAfOanSScV9uHqHBwdLR8%2Bl6IT6abKVT8La4aPG7Wf78KPSR9XH1r0wi7dgDXVWr0CL02Q%3D%3D
SearchScopes: HKU\S-1-5-21-2069550446-780284186-1707450264-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311447&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3gnvVgOifspTi86wSYOlHlIXEd7dAGZxfhvOW1nnRTWLw6Y7G5F4CYbo3aePVc%2FBCkYwaWk9Da0A6WL2J8YbatpjZ37CAVIGERKfv%2BUPLZJNnZYKdm9SOOQK2Me%2BisD3%2BEZ%2B4UxMaBeFWE2YGAiOdgxkFBGVtgSYtv6AylZ1RaNkLsvhvhptirrHSvsm81HgmpCLyo1fpz9WybLWNQHt0b5iRB3tki3qpTehJs9wO6Yw%3D%3D&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-09-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: AOL OnePoint -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.18.315.5\NativeBHO.dll [2018-03-15] (Intersections Inc -> WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-09-10] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311457&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2KzKng6DqDwLXGzQuImnSkuMRjGBMJKVXU9IRCVZHYmv03SMviyUpr2foFPnoYkJaB3zfa5tmymI5biZxxjmVTIbN5ffDfL8kCtQrGoxi2kMRzHbkFAtg5EnpK5Hu5iMnnZUYerfkfO61IRimZ47UAtI3vkxx%2FSpXj3joplwZyWJfCIZm2pmJkfO%2F12o7jo58hmN5FO46RpWqsGGdB92u35v50dGIfe8QyECGyKPI9WTZlPjMpXto87EcWfoMMx88%3D"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default [2019-09-17]
CHR Extension: (Slides) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Entanglement Web App) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-10-08]
CHR Extension: (e-Player (Flash,Video,MP3..)) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\agilokibjakdcmghlogojfbjmhbkhgmc [2017-08-17]
CHR Extension: (Docs) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (YouTube) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (Adobe Acrobat) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-16]
CHR Extension: (Sheets) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (letgo-web) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkfhekkfmipomaepmpocikpjpgffkop [2018-12-01]
CHR Extension: (Poppit!) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Web) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\odfkmcgoekmeaefkeockmfgnghppockc [2018-09-19]
CHR Extension: (Gmail) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-17]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-09-17]
CHR Extension: (Slides) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-24]
CHR Extension: (Docs) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-24]
CHR Extension: (Google Drive) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-24]
CHR Extension: (YouTube) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-24]
CHR Extension: (Adobe Acrobat) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-02-24]
CHR Extension: (Sheets) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-24]
CHR Extension: (Gmail) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-24]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [405120 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6023528 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\elevation_service.exe [976664 2019-08-20] (AVG Technologies USA, Inc. -> AVG Technologies)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [110048 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_972058dc64815bf9\HfcDisableService.exe [1860784 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2833584 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
S4 IDVaultSvc; C:\Program Files (x86)\AOL OnePoint\IDVaultSvc.exe [40984 2018-03-15] (Intersections Inc -> White Sky, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [320472 2017-12-27] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Trusted Connect Service -> Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-05-09] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.812\McCHSvc.exe [405392 2018-09-27] (McAfee, Inc. -> McAfee, Inc.)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_972058dc64815bf9\RstMwService.exe [2113200 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [399400 2018-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
S2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
S2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [6598496 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
S2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37368 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [209816 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [263784 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [206624 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61736 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15280 2019-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [169672 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112576 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [88200 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1031048 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [478144 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [236288 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [387440 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-08-27] (Malwarebytes Corporation -> Malwarebytes)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1018544 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [73904 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2013-04-29] (Intel® Software -> Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] (Intel® Smart Connect software -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-16] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [225944 2019-09-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-09-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-09-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-09-16] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1137928 2019-01-20] (Realtek Semiconductor Corp. -> Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [52392 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [48168 2018-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-07-26] (AVG Technologies CZ, s.r.o. -> AVG Netherlands B.V.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-09-17 14:48 - 2019-09-17 14:48 - 000000864 _____ C:\Users\suesarkis\Desktop\my problems.txt
2019-09-17 13:33 - 2019-09-17 13:54 - 000051646 _____ C:\Users\suesarkis\Desktop\Addition.txt
2019-09-17 13:19 - 2019-09-17 14:50 - 000045048 _____ C:\Users\suesarkis\Desktop\FRST.txt
2019-09-17 13:17 - 2019-09-17 13:17 - 001614848 _____ (Farbar) C:\Users\suesarkis\Desktop\FRST64 (1).exe
2019-09-17 09:11 - 2019-09-17 09:11 - 006396423 _____ C:\Users\suesarkis\Downloads\CNN Coverage.mp4
2019-09-17 07:14 - 2019-09-17 07:14 - 000000000 ___HD C:\OneDriveTemp
2019-09-16 20:35 - 2019-09-16 20:35 - 000225944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-09-16 20:35 - 2019-09-16 20:35 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-09-16 20:35 - 2019-09-16 20:35 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-09-16 20:34 - 2019-09-16 20:34 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-09-16 19:21 - 2019-09-16 19:21 - 007622344 _____ (Malwarebytes) C:\Users\suesarkis\Downloads\AdwCleaner (1).exe
2019-09-16 19:20 - 2019-09-16 19:20 - 007622344 _____ (Malwarebytes) C:\Users\suesarkis\Downloads\AdwCleaner.exe
2019-09-16 18:11 - 2019-09-16 18:11 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-09-16 18:11 - 2019-09-16 18:11 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-16 18:11 - 2019-09-16 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-16 18:11 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-09-16 18:11 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-09-16 18:10 - 2019-09-16 18:11 - 000000000 ___HD C:\$WINDOWS.~BT
2019-09-16 18:08 - 2019-09-16 18:08 - 066427128 _____ (Malwarebytes ) C:\Users\suesarkis\Downloads\mb3-setup-43841.43841-3.8.3.2965-1.0.625-1.0.12399.exe
2019-09-16 18:02 - 2018-12-03 08:52 - 000000869 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190916-180238.backup
2019-09-16 16:34 - 2019-09-16 16:35 - 000074144 _____ C:\Users\suesarkis\Documents\cc_20190916_163413.reg
2019-09-12 20:03 - 2019-09-12 20:03 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-09-09 12:31 - 2019-09-09 12:29 - 000363952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2019-09-09 12:31 - 2019-09-09 12:29 - 000236288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2019-09-09 12:31 - 2019-09-09 12:29 - 000169672 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2019-09-06 20:22 - 2019-09-06 20:22 - 000008622 _____ C:\Users\suesarkis\Desktop\[bleep]ün Bull Story Has a Sad Ending.wpd
2019-08-28 19:26 - 2019-08-28 19:26 - 000000000 __SHD C:\IntelOptaneData
2019-08-28 19:25 - 2019-08-28 19:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2019-08-28 08:33 - 2019-08-28 08:34 - 005347549 _____ C:\Users\suesarkis\Downloads\Sculptures3.pdf
2019-08-26 15:00 - 2019-08-26 15:00 - 000000019 _____ C:\Users\suesarkis\Desktop\test.txt
2019-08-25 21:00 - 2019-08-25 21:00 - 000000307 _____ C:\Users\suesarkis\Desktop\Filipino.txt
2019-08-23 23:22 - 2019-08-23 23:22 - 000000093 _____ C:\Users\suesarkis\Desktop\Laura.txt
2019-08-22 21:12 - 2019-08-22 21:12 - 000000358 _____ C:\Users\suesarkis\Desktop\meal choices for Charlie.txt
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-09-17 14:47 - 2013-11-20 14:44 - 000000000 ____D C:\FRST
2019-09-17 14:45 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-17 14:19 - 2019-07-18 23:14 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-09-17 14:19 - 2018-08-30 08:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-09-17 14:19 - 2018-05-18 10:20 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-09-17 14:19 - 2018-05-18 10:20 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-09-17 14:19 - 2018-05-18 10:20 - 000003302 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2E84DCE-1944-445C-A875-3E8412E6C94E}
2019-09-17 14:19 - 2018-05-18 10:20 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-09-17 14:19 - 2018-05-18 10:20 - 000003056 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2019-09-17 14:19 - 2018-05-18 10:20 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-09-17 14:19 - 2018-05-18 10:20 - 000002896 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002858 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2069550446-780284186-1707450264-1001
2019-09-17 14:19 - 2018-05-18 10:20 - 000002444 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002392 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002388 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002374 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002370 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-09-17 14:14 - 2017-06-01 07:29 - 000000000 ____D C:\Users\suesarkis\AppData\Local\VirtualStore
2019-09-17 12:39 - 2018-05-18 09:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-17 08:43 - 2017-12-11 17:44 - 000002339 _____ C:\Users\suesarkis\Desktop\AOL Desktop Gold.lnk
2019-09-17 08:43 - 2017-06-01 08:00 - 000000000 ____D C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aol Inc
2019-09-17 07:14 - 2014-12-28 20:34 - 000000000 ___RD C:\Users\suesarkis\OneDrive
2019-09-17 07:11 - 2014-11-23 14:39 - 000000000 __SHD C:\Users\suesarkis\IntelGraphicsProfiles
2019-09-16 21:21 - 2019-07-10 06:51 - 000000000 ____D C:\WINDOWS\Panther
2019-09-16 20:34 - 2018-05-18 10:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-16 20:34 - 2017-10-12 15:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-09-16 20:33 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-09-16 18:11 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-09-16 18:11 - 2017-06-02 18:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-16 17:53 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-16 17:48 - 2017-10-12 15:17 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2019-09-16 17:48 - 2017-10-12 15:17 - 000001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2019-09-16 17:48 - 2017-10-12 15:17 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-09-16 17:48 - 2017-10-12 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2019-09-16 16:52 - 2018-05-18 10:20 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2019-09-16 16:20 - 2018-07-06 11:29 - 000000000 ____D C:\Users\suesarkis\AppData\Local\CrashDumps
2019-09-16 16:20 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-09-16 16:20 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2019-09-16 16:15 - 2017-06-07 09:33 - 000000000 ____D C:\Program Files\CCleaner
2019-09-16 13:42 - 2018-04-26 18:20 - 000000000 ____D C:\Users\suesarkis\AppData\Local\AOLDesktop
2019-09-16 13:41 - 2017-06-01 07:59 - 000000000 ____D C:\Users\suesarkis\AppData\Local\SquirrelTemp
2019-09-16 10:25 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-15 11:17 - 2013-05-15 11:30 - 000000000 ____D C:\Users\suesarkis\Documents\PASSWORDS
2019-09-13 21:26 - 2013-05-23 10:24 - 000000000 ____D C:\Users\suesarkis\Documents\RECIPES
2019-09-13 11:07 - 2018-05-18 10:06 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-13 09:20 - 2018-05-18 09:51 - 000002375 _____ C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-12 23:05 - 2017-09-14 23:52 - 000002193 _____ C:\Users\suesarkis\Desktop\shopping 9-15-2017.txt
2019-09-12 19:59 - 2017-06-02 16:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-12 11:58 - 2017-07-27 16:07 - 000004144 _____ C:\Users\suesarkis\Desktop\email addresses.txt
2019-09-12 10:01 - 2017-06-05 11:15 - 000000000 ____D C:\ProgramData\Protexis
2019-09-12 09:50 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-09-09 14:10 - 2013-05-23 10:25 - 000000000 ____D C:\Users\suesarkis\Documents\Unlicensed Conduct
2019-09-09 12:34 - 2017-10-12 13:20 - 000478144 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2019-09-09 12:30 - 2017-10-12 13:20 - 000387440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2019-09-09 12:29 - 2019-01-09 09:00 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2019-09-09 12:29 - 2018-10-24 08:12 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2019-09-09 12:29 - 2017-11-27 08:17 - 000209816 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2019-09-09 12:29 - 2017-10-12 13:20 - 001031048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2019-09-09 12:29 - 2017-10-12 13:20 - 000112576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2019-09-09 12:29 - 2017-10-12 13:20 - 000088200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2019-09-09 12:28 - 2019-01-14 08:49 - 000263784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2019-09-09 12:28 - 2019-01-09 09:00 - 000206624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2019-09-09 12:28 - 2019-01-09 09:00 - 000061736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2019-09-08 08:36 - 2017-07-13 21:14 - 000000000 ____D C:\ProgramData\Avg
2019-09-06 23:09 - 2017-07-14 18:34 - 000001835 _____ C:\Users\suesarkis\Desktop\for Jim.txt
2019-09-05 22:41 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-09-05 22:10 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Registration
2019-09-05 22:08 - 2018-05-18 10:18 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2019-09-05 22:08 - 2018-05-18 10:18 - 000017148 _____ C:\WINDOWS\diagerr.xml
2019-09-04 09:14 - 2013-05-23 10:05 - 000000000 ____D C:\Users\suesarkis\Documents\Zoran
2019-09-04 07:39 - 2019-04-25 14:42 - 000003826 _____ C:\WINDOWS\System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly)
2019-09-04 07:39 - 2019-04-25 14:42 - 000003242 _____ C:\WINDOWS\System32\Tasks\AVG Secure Browser Heartbeat Task (Logon)
2019-09-04 07:39 - 2018-07-11 07:52 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2019-09-04 07:39 - 2018-07-11 07:52 - 000002340 _____ C:\Users\Public\Desktop\AVG Secure Browser.lnk
2019-09-03 13:47 - 2013-05-23 10:15 - 000000000 ____D C:\Users\suesarkis\Documents\Complaints
2019-09-01 23:15 - 2013-04-23 16:57 - 000000000 ____D C:\Users\suesarkis\Documents\PERSONAL
2019-09-01 21:30 - 2013-05-23 10:17 - 000000000 ____D C:\Users\suesarkis\Documents\How to
2019-09-01 20:44 - 2018-11-16 09:39 - 000000000 ____D C:\Program Files\rempl
2019-08-30 14:33 - 2013-04-23 16:54 - 000000000 ____D C:\Users\suesarkis\Documents\ARTICLES
2019-08-28 20:13 - 2019-08-01 19:40 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-08-28 20:10 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-28 19:29 - 2017-07-08 10:03 - 000000000 ____D C:\Program Files\Intel
2019-08-27 18:14 - 2017-06-01 07:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-27 18:14 - 2017-06-01 07:49 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-25 09:21 - 2017-06-01 21:06 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-23 09:34 - 2013-04-24 08:40 - 000000000 ____D C:\Users\suesarkis\Documents\POLITICAL
2019-08-20 08:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-18 15:56 - 2013-05-23 10:22 - 000000000 ____D C:\Users\suesarkis\Documents\PHONE BOOK
 
==================== Files in the root of some directories ================
 
2015-02-11 19:02 - 2015-02-11 19:02 - 000880208 _____ (Google Inc.) C:\Users\suesarkis\ChromeSetup.exe
2017-11-17 09:38 - 2017-11-17 09:38 - 000000017 _____ () C:\Users\suesarkis\AppData\Local\resmon.resmoncfg
2017-10-15 07:43 - 2017-07-28 14:57 - 000105744 _____ (Bomgar) C:\Users\suesarkis\AppData\Local\[email protected]!-147561942927653119494-32.tmp
2017-10-15 07:43 - 2017-07-28 14:57 - 000123152 _____ (Bomgar) C:\Users\suesarkis\AppData\Local\[email protected]!-147561942927653119494-64.tmp
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019
Ran by suesarkis (17-09-2019 14:51:41)
Running from C:\Users\suesarkis\Desktop
Windows 10 Home Version 1803 17134.885 (X64) (2018-05-18 17:22:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2069550446-780284186-1707450264-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2069550446-780284186-1707450264-503 - Limited - Disabled)
Guest (S-1-5-21-2069550446-780284186-1707450264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2069550446-780284186-1707450264-1003 - Limited - Enabled)
suesarkis (S-1-5-21-2069550446-780284186-1707450264-1001 - Administrator - Enabled) => C:\Users\suesarkis
User (S-1-5-21-2069550446-780284186-1707450264-1004 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2069550446-780284186-1707450264-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
AOL Desktop Gold (HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\AOLDesktop) (Version: 11.0.2414 - Oath Inc.)
AOL Desktop Gold (HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\AOLDesktop) (Version: 11.0.1268 - Oath Inc.)
AOL OnePoint (HKLM-x32\...\ID Vault) (Version: 1.18.315.5 - AOL)
AVG (HKLM\...\{136B57DF-DA9E-4361-A165-09AB4422BCD1}) (Version: 1.231.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.7.3103 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{52B6D655-9038-4290-B710-0E568F806155}) (Version: 16.80.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.80.3.38236 - AVG Technologies)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 76.0.870.102 - AVG Technologies)
AVG Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.155.333 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copernic Desktop Search - Home (HKLM-x32\...\CopernicDesktopSearch2) (Version:  - Copernic Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
FMW 1 (HKLM\...\{4CC5FB14-3F4D-4FA8-B921-00A9B40145C4}) (Version: 1.227.45 - AVG Technologies) Hidden
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Free Countdown Timer (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HP LaserJet Pro M402-M403 n-dne (HKLM-x32\...\{e2164336-c5d8-4ac9-a53b-125779c4c21b}) (Version: 16.0.17174.675 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{2D0909B2-FA33-4C36-8845-BF930A5A945E}) (Version: 3.0.26.20 - HP) Hidden
HPLJPRoM402M403ndne (HKLM-x32\...\{58532038-B97D-4C9B-9B96-C70D5EA763F4}) (Version: 0.10.0000 - Hewlett-Packard) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{66afb482-3029-428f-8283-135d3c272132}) (Version: 19.00.0000.4496 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.0.3.1080 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C81FD018-F151-460F-B4F9-0D58039503E2}) (Version: 17.2.4.9002 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.812.1 - McAfee, Inc.)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.3.138.1 - McAfee, LLC)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MyCorkboard Screen Saver (HKLM-x32\...\Corkboard) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X7 - Common Files (HKLM-x32\...\{6CDCEC53-AB50-4C02-A4BA-D158B773775D}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Common Files English (HKLM-x32\...\{2CE76FE3-7450-4236-8BFC-F0C54776C278}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM Content HSE (HKLM-x32\...\{8E879C65-6BA7-4108-9A0D-C455A30ECAF6}) (Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM HSE (HKLM-x32\...\{D55537B5-123F-4CEE-A56C-557582FA285D}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files (HKLM-x32\...\{5592E1D8-4120-4382-A33B-851F9D8555F8}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files English (HKLM-x32\...\{A40DE737-F83F-420D-8538-67503B3D6FAF}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Oxford (HKLM-x32\...\{A05A9AA4-47FC-4129-A136-943392F9CF24}) (Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files (HKLM-x32\...\{25CD143B-C6D3-451A-9171-D10B79024DA3}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files English (HKLM-x32\...\{613E0552-0ED4-4C0C-A490-97874945B03B}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files (HKLM-x32\...\{DC9446F7-A459-48E0-A392-7CA1F6DDB445}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files English (HKLM-x32\...\{ABCFB24D-9DAE-4131-B7DC-F3CF98CA08EF}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Setup Files (HKLM-x32\...\{64A329FC-D1B2-4354-922D-21F7EC777E10}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - System Files (HKLM-x32\...\{03CF7E84-3BA1-4AF3-9C0A-91651042301D}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files (HKLM-x32\...\{6F671CD6-781C-4B81-92AA-62A723CDFCF8}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files English (HKLM-x32\...\{C6BD6E08-E687-4D63-BBF1-ADFD1B9A2CC8}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WPD format Props x64 (HKLM\...\{6E80CBF1-318E-4172-BC19-69AFAF613C5E}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WT (HKLM-x32\...\{56E50D72-9986-4AFF-80B2-6C3DAEB0A17D}) (Version: 17.0 -  Corel Corporation) Hidden
WordPerfect Office X7 (HKLM-x32\...\_{64A329FC-D1B2-4354-922D-21F7EC777E10}) (Version: 17.0.0.366 - Corel Corporation)
WordPerfect Office X7 (HKLM-x32\...\{9E5915F6-CD0E-464E-BD22-AF6A16150478}) (Version: 17.2 - Corel Corporation) Hidden
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-19] (HP Inc.)
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-07-30] (Keeper Security Inc)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-13] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-04-26] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-29] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.5.3272.0_x64__8wekyb3d8bbwe [2018-04-26] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-13] (Microsoft Corporation) [MS Ad]
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-10-29] (Adobe Systems Incorporated)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.4.0.1_x86__fxme7667cy4q4 [2019-05-14] (Ricoh Company, Ltd.)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35042.0.0_x64__807d65c4rvak2 [2019-07-20] (Synaptics Incorporated)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2069550446-780284186-1707450264-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {1e4c32d7-0931-45ee-8d68-a25dd0ce7dc5} => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\PFSE170.DLL [2015-04-21] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed]
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {1e4c32d7-0931-45ee-8d68-a25dd0ce7dc5} => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\PFSE170.DLL [2015-04-21] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyCorkboard Screen Saver\Special Offers.lnk -> hxxp://www.mycorkboard.com/SpecialOffers.as
Shortcut: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyCorkboard Screen Saver\Visit MyCorkboard.com.lnk -> hxxp://www.mycorkboard.com
 
ShortcutWithArgument: C:\Users\suesarkis\Desktop\letgo-web.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=hbkfhekkfmipomaepmpocikpjpgffkop
ShortcutWithArgument: C:\Users\suesarkis\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\suesarkis\Desktop\Sweetsuzee - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\letgo-web.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=hbkfhekkfmipomaepmpocikpjpgffkop
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-12 13:15 - 2017-10-12 13:15 - 048920064 _____ () [File not signed] C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2009-09-16 19:44 - 2009-09-16 19:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 12:44 - 2009-09-16 12:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2019-02-25 14:15 - 2019-02-25 14:15 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
1998-06-08 12:06 - 1998-06-08 12:06 - 000914432 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\LEAD51N.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
2002-10-10 21:47 - 2002-10-10 21:47 - 000081920 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\Animate.dll
2002-10-10 21:45 - 2017-10-15 21:50 - 000139264 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\cork.dll
2002-10-10 21:47 - 2002-10-10 21:47 - 000061440 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\CALENDAR.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000065536 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\CLOCKS.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000032768 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\DECOR.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000032768 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\DIALER.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000032768 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\GENGIZMO.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000057344 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\GIZMOS.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000036864 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\NAMEPLT.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000036864 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\PICTURES.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000049152 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\STKYNOTE.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000057344 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\TODOLIST.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000077824 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\public.dll
2017-06-06 11:51 - 2014-12-22 14:54 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeAlarmClock\bass.dll
2017-06-06 11:51 - 2014-11-28 15:54 - 000021772 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeAlarmClock\bassflac.dll
2017-06-06 11:51 - 2014-10-20 15:08 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeAlarmClock\basswma.dll
2017-06-07 14:39 - 2014-12-22 14:54 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\bass.dll
2017-06-07 14:39 - 2014-11-28 15:54 - 000021772 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\bassflac.dll
2017-06-07 14:39 - 2014-10-20 15:08 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\basswma.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-06-01 07:47 - 2019-09-16 18:02 - 000450623 ____R C:\WINDOWS\system32\drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 15460 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;c:\Program Files\Intel\WiFi\bin\;c:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2069550446-780284186-1707450264-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.18.47.63 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AOL OnePoint.lnk"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "Embedded Callback - remotesupport.aol.com"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\StartupApproved\Run: => "OneDriveSetup"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6E6992E5-5239-4390-84F6-5889A0D41FAA}] => (Allow) LPort=15600
FirewallRules: [{8661E53C-5655-4042-926A-F47996941A3E}] => (Allow) C:\Program Files (x86)\AOL OnePoint\IDVault.exe (Intersections Inc -> White Sky, Inc.)
FirewallRules: [{C2D047AF-BACD-43D3-A91C-6259D3D66F66}] => (Allow) C:\Program Files (x86)\AOL OnePoint\IDVault.exe (Intersections Inc -> White Sky, Inc.)
FirewallRules: [{542507F3-273B-4A4A-BB78-3D26E0F4CA06}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{9A8C8F3A-160A-49D3-82F5-1650011860A6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C91930D7-9565-4034-87B4-BDAA0DC36C6A}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{FAE3A5FE-D56B-4457-8096-C2A0FD944233}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A06C7827-41A9-4C24-90E8-01E75B4EF160}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C98FCABC-DC67-40D3-B256-268F4188A4C3}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, Inc. -> AVG Technologies)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
13-09-2019 11:12:31 Windows Update
17-09-2019 07:50:26 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/17/2019 02:47:32 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (09/17/2019 02:39:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 01:53:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 12:39:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 11:40:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 10:39:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 09:39:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 08:39:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (09/17/2019 01:54:07 PM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 12:39:57 PM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 11:59:25 AM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 11:41:32 AM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 09:39:20 AM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 08:55:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 08:46:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 08:39:04 AM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-10-16 00:24:17.777
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-10-16 00:24:17.777
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-10-16 00:24:17.776
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-10-16 00:24:17.441
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-08-29 17:40:23.121
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2019-09-16 18:12:02.762
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-07-18 23:21:17.073
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\Installer\MSI3065.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: Insyde F.04 11/10/2012
Motherboard: Hewlett-Packard 1886
Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 62%
Total physical RAM: 8088.28 MB
Available physical RAM: 3005.46 MB
Total Virtual: 9496.28 MB
Available Virtual: 3045.65 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:444.93 GB) (Free:365.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.19 GB) (Free:2.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (OD3.0 SSD) (Removable) (Total:117.53 GB) (Free:79.6 GB) FAT32
 
\\?\Volume{a4e7abf3-f886-47bb-96ff-bc698ba7c3ae}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFS
\\?\Volume{6f3b996f-1ccc-4000-95d7-0bd109594337}\ () (Fixed) (Total:0.87 GB) (Free:0.32 GB) NTFS
\\?\Volume{01376181-7b57-4385-8f74-5719a12592e7}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F893BEDB)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 65103047)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 117.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=117.6 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements







Similar Topics

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP