Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm infected with something I do believe


  • Please log in to reply

#1
sweetsuzee

sweetsuzee

    Member

  • Member
  • PipPip
  • 26 posts
I started having problems a few months ago in that sometimes it takes up to 20 minutes for a link or a site to open. Other times addresses entered into the URL are ignored and the computer heads to a site I opened maybe 4 or 5 sites earlier such as going to nbc.com when I'm trying to get to google.com. Sometimes I am directed to a site I've never visited but thank God that is infrequently. But, it does happen. I have also had a lot of "not responding" prompts whereby the computer lags for a long time or actually freezes and I have to shut down and relaunch.  And lst, but definitely not least, I have advertising pop-ups everywhere.  When reading an online paper or article they'll be popups at every single paragraph break and along the margins.  They are ALWAYS from a site I've visited or an item I've looked at recently.  Sometimes not so recently.  
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2019
Ran by suesarkis (administrator) on SUESBABY (Hewlett-Packard HP Spectre XT TouchSmart PC) (17-09-2019 14:47:21)
Running from C:\Users\suesarkis\Desktop
Loaded Profiles: suesarkis & User & Administrator (Available Profiles: suesarkis & User & Administrator)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(AOL, Inc -> AOL Inc.) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\AolDesktop.exe
(AOL, Inc -> AOL Inc.) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\AolDesktop.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(AOL, Inc -> The CefSharp Authors) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2414\CefSharp.BrowserSubprocess.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Netherlands B.V. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler.exe
(AVG Netherlands B.V. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler64.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe
(Comfort Software Group -> Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Comfort Software Group -> Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(Copernic Inc. -> Copernic Inc.) C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearch.exe
(Copernic Inc. -> Copernic Inc.) C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_972058dc64815bf9\RstMwService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\suesarkis\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19061.18920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\CORK.EXE
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Trend Micro Inc.) [File not signed] C:\Users\suesarkis\Downloads\HijackThis.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [316336 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE [166240 2015-04-21] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [Copernic Desktop Search - Home] => C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [1692200 2013-01-28] (Copernic Inc. -> Copernic Inc.)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [4126624 2016-01-22] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [AOLDesktop] => C:\Users\suesarkis\AppData\Local\AOLDesktop\AolDesktop.exe [563216 2019-09-16] (AOL, Inc -> AOL Inc.)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\Installer\chrmstp.exe [2019-09-04] (AVG Technologies USA, Inc. -> AVG Technologies)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
IFEO\aolonepoint.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\idvault.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\javacpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\javaw.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\jp2launcher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mcuicnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshopelementseditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ssscheduler.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AOL OnePoint.lnk [2018-08-01]
ShortcutTarget: AOL OnePoint.lnk -> C:\Program Files (x86)\AOL OnePoint\IDVault.exe (Intersections Inc -> White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-10-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop Launcher.lnk [2019-09-17]
ShortcutTarget: AOL Desktop Launcher.lnk -> C:\Users\suesarkis\AppData\Local\AOLDesktop\AolTrayApp.exe (AOL, Inc -> AOL Inc.)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyCorkboard.lnk [2017-10-15]
ShortcutTarget: MyCorkboard.lnk -> C:\Program Files (x86)\Corkboard\CORK.EXE (PC Dynamics, Inc.) [File not signed]
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop Launcher.lnk [2017-08-06]
ShortcutTarget: AOL Desktop Launcher.lnk -> C:\Users\suesarkis\AppData\Local\AOLDesktop\AolTrayApp.exe (AOL, Inc -> AOL Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01AEFE23-8B51-4189-9C7B-9F6A3EE580CB} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [39176 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {0405FE5E-2941-48AF-AE02-56CAE1594428} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [1452544 2019-02-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {08CC228D-2B16-4FFF-8325-5F9227F68CB9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {185D8A69-4E7C-488D-AE93-83A8460CF2F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1571464 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {2327FDBA-E77C-4DBD-8194-A7794FD85FE4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1905072 2019-09-17] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {30515428-0D06-4844-BAC0-7FADFE6C79C3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {314BB6F2-FA08-4DD6-A0A4-CB24F0BF7207} - System32\Tasks\AVG EUpdate Task => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe [4072504 2018-06-20] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
Task: {3DD28AD3-5F7A-4089-949B-F026666F2588} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {48F582DD-B519-49AB-AFF7-1E812641931A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {559C1EE8-B918-4FF8-B901-40131935A0E1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel® Trusted Connect Service -> Intel® Corporation)
Task: {57100AE3-B92D-4FC1-8D7F-8CFB19AA6707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-01] (Google Inc -> Google Inc.)
Task: {5C917868-F942-4B66-B771-5E38612C276E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {632E7769-C60E-4A67-88BD-0D154557E567} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
Task: {694E6B06-BF67-4D5D-8BF1-7E87C2899928} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3990448 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {75BF6DE9-4FCA-4BC3-827F-FE7528955A2E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A16F885-42CC-43BA-A14D-E4A493001610} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {8FA0207E-0F04-4B48-BD37-B2136C28A95A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-01] (Google Inc -> Google Inc.)
Task: {A2ACCDE7-0FC2-41A1-9CF0-B48A24B0659F} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1853184 2019-08-20] (AVG Technologies USA, Inc. -> AVG Technologies)
Task: {A330AAEB-37AA-4A78-86A0-81001483C172} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2670944 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
Task: {A9A555E0-9B0D-4230-B577-05A5E76B8619} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [1967880 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {AA23C637-1CA9-44E0-8F5F-77ACEC044170} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {AD7AAA14-F069-48A8-B7A0-1F89E1878C1C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {B2A8DC90-58FC-4E6F-A8CF-E058AED0BD75} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B98CB605-95F8-477F-9F99-7B71124107AC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BA66CF97-BF0D-4C4A-8E44-91B8D1F91147} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
Task: {BBF33665-2444-4F15-A3F4-F7AEC254031D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5F29938-7FA0-4DC3-86BE-B82B60864EB5} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1853184 2019-08-20] (AVG Technologies USA, Inc. -> AVG Technologies)
Task: {C9787608-A4F7-4303-BE7D-7A769FC90477} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {CFF502A0-0004-4156-BB88-0629DD3FCF54} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D3E7A5BA-8711-4C39-A740-CB97F17D91AB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE803938-3668-4207-9257-29A01FC30E98} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {DEC2E8AB-AF71-4069-837A-F83ADD0F36EC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0BAA7F2-E2D1-4495-901C-7A1B7D451F8F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2CB30AE-6AB6-453C-B8AD-A9BBF35B2DA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {ECA727E2-B229-46F7-8BE8-13B2B09AACF8} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{1b626343-04a6-45cd-b559-9a91b11fb27c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dace9ba1-7c81-4972-8e00-a728cdf2e3da}: [DhcpNameServer] 209.18.47.63 209.18.47.61
 
Internet Explorer:
==================
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311447&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3gnvVgOifspTi86wSYOlHlOG6%2BtVnCQTPpJaBYKyPXcXu1RcRS%2FJHmEQVwphjS2waGJpPH4lnNkBodHJLCgie4PDTUtxfp%2FNTFURtUMLVPH5K4mTGaQwTTZN3ERQbR8qX3zLccGPyG48AdczGa%2BbtJCvzD0JQMmEs84vUrZAfOanSScV9uHqHBwdLR8%2Bl6IT6abKVT8La4aPG7Wf78KPSR9XH1r0wi7dgDXVWr0CL02Q%3D%3D
SearchScopes: HKU\S-1-5-21-2069550446-780284186-1707450264-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311447&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3gnvVgOifspTi86wSYOlHlIXEd7dAGZxfhvOW1nnRTWLw6Y7G5F4CYbo3aePVc%2FBCkYwaWk9Da0A6WL2J8YbatpjZ37CAVIGERKfv%2BUPLZJNnZYKdm9SOOQK2Me%2BisD3%2BEZ%2B4UxMaBeFWE2YGAiOdgxkFBGVtgSYtv6AylZ1RaNkLsvhvhptirrHSvsm81HgmpCLyo1fpz9WybLWNQHt0b5iRB3tki3qpTehJs9wO6Yw%3D%3D&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-09-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: AOL OnePoint -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.18.315.5\NativeBHO.dll [2018-03-15] (Intersections Inc -> WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-09-10] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311457&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2KzKng6DqDwLXGzQuImnSkuMRjGBMJKVXU9IRCVZHYmv03SMviyUpr2foFPnoYkJaB3zfa5tmymI5biZxxjmVTIbN5ffDfL8kCtQrGoxi2kMRzHbkFAtg5EnpK5Hu5iMnnZUYerfkfO61IRimZ47UAtI3vkxx%2FSpXj3joplwZyWJfCIZm2pmJkfO%2F12o7jo58hmN5FO46RpWqsGGdB92u35v50dGIfe8QyECGyKPI9WTZlPjMpXto87EcWfoMMx88%3D"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default [2019-09-17]
CHR Extension: (Slides) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Entanglement Web App) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-10-08]
CHR Extension: (e-Player (Flash,Video,MP3..)) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\agilokibjakdcmghlogojfbjmhbkhgmc [2017-08-17]
CHR Extension: (Docs) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (YouTube) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (Adobe Acrobat) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-16]
CHR Extension: (Sheets) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (letgo-web) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkfhekkfmipomaepmpocikpjpgffkop [2018-12-01]
CHR Extension: (Poppit!) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Web) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\odfkmcgoekmeaefkeockmfgnghppockc [2018-09-19]
CHR Extension: (Gmail) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-17]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-09-17]
CHR Extension: (Slides) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-24]
CHR Extension: (Docs) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-24]
CHR Extension: (Google Drive) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-24]
CHR Extension: (YouTube) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-24]
CHR Extension: (Adobe Acrobat) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-02-24]
CHR Extension: (Sheets) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-24]
CHR Extension: (Gmail) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-24]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [405120 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6023528 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\elevation_service.exe [976664 2019-08-20] (AVG Technologies USA, Inc. -> AVG Technologies)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [110048 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_972058dc64815bf9\HfcDisableService.exe [1860784 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2833584 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
S4 IDVaultSvc; C:\Program Files (x86)\AOL OnePoint\IDVaultSvc.exe [40984 2018-03-15] (Intersections Inc -> White Sky, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [320472 2017-12-27] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Trusted Connect Service -> Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-05-09] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.812\McCHSvc.exe [405392 2018-09-27] (McAfee, Inc. -> McAfee, Inc.)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_972058dc64815bf9\RstMwService.exe [2113200 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [399400 2018-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
S2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
S2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [6598496 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
S2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37368 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [209816 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [263784 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [206624 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61736 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15280 2019-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [169672 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112576 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [88200 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1031048 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [478144 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [236288 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [387440 2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-08-27] (Malwarebytes Corporation -> Malwarebytes)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1018544 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [73904 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2013-04-29] (Intel® Software -> Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] (Intel® Smart Connect software -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-16] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [225944 2019-09-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-09-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-09-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-09-16] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1137928 2019-01-20] (Realtek Semiconductor Corp. -> Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [52392 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [48168 2018-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-07-26] (AVG Technologies CZ, s.r.o. -> AVG Netherlands B.V.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-09-17 14:48 - 2019-09-17 14:48 - 000000864 _____ C:\Users\suesarkis\Desktop\my problems.txt
2019-09-17 13:33 - 2019-09-17 13:54 - 000051646 _____ C:\Users\suesarkis\Desktop\Addition.txt
2019-09-17 13:19 - 2019-09-17 14:50 - 000045048 _____ C:\Users\suesarkis\Desktop\FRST.txt
2019-09-17 13:17 - 2019-09-17 13:17 - 001614848 _____ (Farbar) C:\Users\suesarkis\Desktop\FRST64 (1).exe
2019-09-17 09:11 - 2019-09-17 09:11 - 006396423 _____ C:\Users\suesarkis\Downloads\CNN Coverage.mp4
2019-09-17 07:14 - 2019-09-17 07:14 - 000000000 ___HD C:\OneDriveTemp
2019-09-16 20:35 - 2019-09-16 20:35 - 000225944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-09-16 20:35 - 2019-09-16 20:35 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-09-16 20:35 - 2019-09-16 20:35 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-09-16 20:34 - 2019-09-16 20:34 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-09-16 19:21 - 2019-09-16 19:21 - 007622344 _____ (Malwarebytes) C:\Users\suesarkis\Downloads\AdwCleaner (1).exe
2019-09-16 19:20 - 2019-09-16 19:20 - 007622344 _____ (Malwarebytes) C:\Users\suesarkis\Downloads\AdwCleaner.exe
2019-09-16 18:11 - 2019-09-16 18:11 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-09-16 18:11 - 2019-09-16 18:11 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-16 18:11 - 2019-09-16 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-16 18:11 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-09-16 18:11 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-09-16 18:10 - 2019-09-16 18:11 - 000000000 ___HD C:\$WINDOWS.~BT
2019-09-16 18:08 - 2019-09-16 18:08 - 066427128 _____ (Malwarebytes ) C:\Users\suesarkis\Downloads\mb3-setup-43841.43841-3.8.3.2965-1.0.625-1.0.12399.exe
2019-09-16 18:02 - 2018-12-03 08:52 - 000000869 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190916-180238.backup
2019-09-16 16:34 - 2019-09-16 16:35 - 000074144 _____ C:\Users\suesarkis\Documents\cc_20190916_163413.reg
2019-09-12 20:03 - 2019-09-12 20:03 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-09-12 20:03 - 2019-09-12 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-09-09 12:31 - 2019-09-09 12:29 - 000363952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2019-09-09 12:31 - 2019-09-09 12:29 - 000236288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2019-09-09 12:31 - 2019-09-09 12:29 - 000169672 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2019-09-06 20:22 - 2019-09-06 20:22 - 000008622 _____ C:\Users\suesarkis\Desktop\[bleep]ün Bull Story Has a Sad Ending.wpd
2019-08-28 19:26 - 2019-08-28 19:26 - 000000000 __SHD C:\IntelOptaneData
2019-08-28 19:25 - 2019-08-28 19:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2019-08-28 08:33 - 2019-08-28 08:34 - 005347549 _____ C:\Users\suesarkis\Downloads\Sculptures3.pdf
2019-08-26 15:00 - 2019-08-26 15:00 - 000000019 _____ C:\Users\suesarkis\Desktop\test.txt
2019-08-25 21:00 - 2019-08-25 21:00 - 000000307 _____ C:\Users\suesarkis\Desktop\Filipino.txt
2019-08-23 23:22 - 2019-08-23 23:22 - 000000093 _____ C:\Users\suesarkis\Desktop\Laura.txt
2019-08-22 21:12 - 2019-08-22 21:12 - 000000358 _____ C:\Users\suesarkis\Desktop\meal choices for Charlie.txt
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-09-17 14:47 - 2013-11-20 14:44 - 000000000 ____D C:\FRST
2019-09-17 14:45 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-17 14:19 - 2019-07-18 23:14 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-09-17 14:19 - 2018-08-30 08:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-09-17 14:19 - 2018-05-18 10:20 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-09-17 14:19 - 2018-05-18 10:20 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-09-17 14:19 - 2018-05-18 10:20 - 000003302 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2E84DCE-1944-445C-A875-3E8412E6C94E}
2019-09-17 14:19 - 2018-05-18 10:20 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-09-17 14:19 - 2018-05-18 10:20 - 000003056 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2019-09-17 14:19 - 2018-05-18 10:20 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-09-17 14:19 - 2018-05-18 10:20 - 000002896 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002858 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2069550446-780284186-1707450264-1001
2019-09-17 14:19 - 2018-05-18 10:20 - 000002444 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002392 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002388 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002374 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002370 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2019-09-17 14:19 - 2018-05-18 10:20 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-09-17 14:14 - 2017-06-01 07:29 - 000000000 ____D C:\Users\suesarkis\AppData\Local\VirtualStore
2019-09-17 12:39 - 2018-05-18 09:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-17 08:43 - 2017-12-11 17:44 - 000002339 _____ C:\Users\suesarkis\Desktop\AOL Desktop Gold.lnk
2019-09-17 08:43 - 2017-06-01 08:00 - 000000000 ____D C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aol Inc
2019-09-17 07:14 - 2014-12-28 20:34 - 000000000 ___RD C:\Users\suesarkis\OneDrive
2019-09-17 07:11 - 2014-11-23 14:39 - 000000000 __SHD C:\Users\suesarkis\IntelGraphicsProfiles
2019-09-16 21:21 - 2019-07-10 06:51 - 000000000 ____D C:\WINDOWS\Panther
2019-09-16 20:34 - 2018-05-18 10:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-16 20:34 - 2017-10-12 15:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-09-16 20:33 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-09-16 18:11 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-09-16 18:11 - 2017-06-02 18:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-16 17:53 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-16 17:48 - 2017-10-12 15:17 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2019-09-16 17:48 - 2017-10-12 15:17 - 000001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2019-09-16 17:48 - 2017-10-12 15:17 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-09-16 17:48 - 2017-10-12 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2019-09-16 16:52 - 2018-05-18 10:20 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2019-09-16 16:20 - 2018-07-06 11:29 - 000000000 ____D C:\Users\suesarkis\AppData\Local\CrashDumps
2019-09-16 16:20 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-09-16 16:20 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2019-09-16 16:15 - 2017-06-07 09:33 - 000000000 ____D C:\Program Files\CCleaner
2019-09-16 13:42 - 2018-04-26 18:20 - 000000000 ____D C:\Users\suesarkis\AppData\Local\AOLDesktop
2019-09-16 13:41 - 2017-06-01 07:59 - 000000000 ____D C:\Users\suesarkis\AppData\Local\SquirrelTemp
2019-09-16 10:25 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-15 11:17 - 2013-05-15 11:30 - 000000000 ____D C:\Users\suesarkis\Documents\PASSWORDS
2019-09-13 21:26 - 2013-05-23 10:24 - 000000000 ____D C:\Users\suesarkis\Documents\RECIPES
2019-09-13 11:07 - 2018-05-18 10:06 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-13 09:20 - 2018-05-18 09:51 - 000002375 _____ C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-12 23:05 - 2017-09-14 23:52 - 000002193 _____ C:\Users\suesarkis\Desktop\shopping 9-15-2017.txt
2019-09-12 19:59 - 2017-06-02 16:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-12 11:58 - 2017-07-27 16:07 - 000004144 _____ C:\Users\suesarkis\Desktop\email addresses.txt
2019-09-12 10:01 - 2017-06-05 11:15 - 000000000 ____D C:\ProgramData\Protexis
2019-09-12 09:50 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-09-09 14:10 - 2013-05-23 10:25 - 000000000 ____D C:\Users\suesarkis\Documents\Unlicensed Conduct
2019-09-09 12:34 - 2017-10-12 13:20 - 000478144 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2019-09-09 12:30 - 2017-10-12 13:20 - 000387440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2019-09-09 12:29 - 2019-01-09 09:00 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2019-09-09 12:29 - 2018-10-24 08:12 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2019-09-09 12:29 - 2017-11-27 08:17 - 000209816 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2019-09-09 12:29 - 2017-10-12 13:20 - 001031048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2019-09-09 12:29 - 2017-10-12 13:20 - 000112576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2019-09-09 12:29 - 2017-10-12 13:20 - 000088200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2019-09-09 12:28 - 2019-01-14 08:49 - 000263784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2019-09-09 12:28 - 2019-01-09 09:00 - 000206624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2019-09-09 12:28 - 2019-01-09 09:00 - 000061736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2019-09-08 08:36 - 2017-07-13 21:14 - 000000000 ____D C:\ProgramData\Avg
2019-09-06 23:09 - 2017-07-14 18:34 - 000001835 _____ C:\Users\suesarkis\Desktop\for Jim.txt
2019-09-05 22:41 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-09-05 22:10 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Registration
2019-09-05 22:08 - 2018-05-18 10:18 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2019-09-05 22:08 - 2018-05-18 10:18 - 000017148 _____ C:\WINDOWS\diagerr.xml
2019-09-04 09:14 - 2013-05-23 10:05 - 000000000 ____D C:\Users\suesarkis\Documents\Zoran
2019-09-04 07:39 - 2019-04-25 14:42 - 000003826 _____ C:\WINDOWS\System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly)
2019-09-04 07:39 - 2019-04-25 14:42 - 000003242 _____ C:\WINDOWS\System32\Tasks\AVG Secure Browser Heartbeat Task (Logon)
2019-09-04 07:39 - 2018-07-11 07:52 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2019-09-04 07:39 - 2018-07-11 07:52 - 000002340 _____ C:\Users\Public\Desktop\AVG Secure Browser.lnk
2019-09-03 13:47 - 2013-05-23 10:15 - 000000000 ____D C:\Users\suesarkis\Documents\Complaints
2019-09-01 23:15 - 2013-04-23 16:57 - 000000000 ____D C:\Users\suesarkis\Documents\PERSONAL
2019-09-01 21:30 - 2013-05-23 10:17 - 000000000 ____D C:\Users\suesarkis\Documents\How to
2019-09-01 20:44 - 2018-11-16 09:39 - 000000000 ____D C:\Program Files\rempl
2019-08-30 14:33 - 2013-04-23 16:54 - 000000000 ____D C:\Users\suesarkis\Documents\ARTICLES
2019-08-28 20:13 - 2019-08-01 19:40 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-08-28 20:10 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-28 19:29 - 2017-07-08 10:03 - 000000000 ____D C:\Program Files\Intel
2019-08-27 18:14 - 2017-06-01 07:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-27 18:14 - 2017-06-01 07:49 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-25 09:21 - 2017-06-01 21:06 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-23 09:34 - 2013-04-24 08:40 - 000000000 ____D C:\Users\suesarkis\Documents\POLITICAL
2019-08-20 08:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-18 15:56 - 2013-05-23 10:22 - 000000000 ____D C:\Users\suesarkis\Documents\PHONE BOOK
 
==================== Files in the root of some directories ================
 
2015-02-11 19:02 - 2015-02-11 19:02 - 000880208 _____ (Google Inc.) C:\Users\suesarkis\ChromeSetup.exe
2017-11-17 09:38 - 2017-11-17 09:38 - 000000017 _____ () C:\Users\suesarkis\AppData\Local\resmon.resmoncfg
2017-10-15 07:43 - 2017-07-28 14:57 - 000105744 _____ (Bomgar) C:\Users\suesarkis\AppData\Local\[email protected]!-147561942927653119494-32.tmp
2017-10-15 07:43 - 2017-07-28 14:57 - 000123152 _____ (Bomgar) C:\Users\suesarkis\AppData\Local\[email protected]!-147561942927653119494-64.tmp
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019
Ran by suesarkis (17-09-2019 14:51:41)
Running from C:\Users\suesarkis\Desktop
Windows 10 Home Version 1803 17134.885 (X64) (2018-05-18 17:22:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2069550446-780284186-1707450264-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2069550446-780284186-1707450264-503 - Limited - Disabled)
Guest (S-1-5-21-2069550446-780284186-1707450264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2069550446-780284186-1707450264-1003 - Limited - Enabled)
suesarkis (S-1-5-21-2069550446-780284186-1707450264-1001 - Administrator - Enabled) => C:\Users\suesarkis
User (S-1-5-21-2069550446-780284186-1707450264-1004 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2069550446-780284186-1707450264-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
AOL Desktop Gold (HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\AOLDesktop) (Version: 11.0.2414 - Oath Inc.)
AOL Desktop Gold (HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\AOLDesktop) (Version: 11.0.1268 - Oath Inc.)
AOL OnePoint (HKLM-x32\...\ID Vault) (Version: 1.18.315.5 - AOL)
AVG (HKLM\...\{136B57DF-DA9E-4361-A165-09AB4422BCD1}) (Version: 1.231.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.7.3103 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{52B6D655-9038-4290-B710-0E568F806155}) (Version: 16.80.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.80.3.38236 - AVG Technologies)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 76.0.870.102 - AVG Technologies)
AVG Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.155.333 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copernic Desktop Search - Home (HKLM-x32\...\CopernicDesktopSearch2) (Version:  - Copernic Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
FMW 1 (HKLM\...\{4CC5FB14-3F4D-4FA8-B921-00A9B40145C4}) (Version: 1.227.45 - AVG Technologies) Hidden
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Free Countdown Timer (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HP LaserJet Pro M402-M403 n-dne (HKLM-x32\...\{e2164336-c5d8-4ac9-a53b-125779c4c21b}) (Version: 16.0.17174.675 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{2D0909B2-FA33-4C36-8845-BF930A5A945E}) (Version: 3.0.26.20 - HP) Hidden
HPLJPRoM402M403ndne (HKLM-x32\...\{58532038-B97D-4C9B-9B96-C70D5EA763F4}) (Version: 0.10.0000 - Hewlett-Packard) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{66afb482-3029-428f-8283-135d3c272132}) (Version: 19.00.0000.4496 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.0.3.1080 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C81FD018-F151-460F-B4F9-0D58039503E2}) (Version: 17.2.4.9002 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.812.1 - McAfee, Inc.)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.3.138.1 - McAfee, LLC)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MyCorkboard Screen Saver (HKLM-x32\...\Corkboard) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X7 - Common Files (HKLM-x32\...\{6CDCEC53-AB50-4C02-A4BA-D158B773775D}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Common Files English (HKLM-x32\...\{2CE76FE3-7450-4236-8BFC-F0C54776C278}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM Content HSE (HKLM-x32\...\{8E879C65-6BA7-4108-9A0D-C455A30ECAF6}) (Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM HSE (HKLM-x32\...\{D55537B5-123F-4CEE-A56C-557582FA285D}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files (HKLM-x32\...\{5592E1D8-4120-4382-A33B-851F9D8555F8}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files English (HKLM-x32\...\{A40DE737-F83F-420D-8538-67503B3D6FAF}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Oxford (HKLM-x32\...\{A05A9AA4-47FC-4129-A136-943392F9CF24}) (Version: 17.1 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files (HKLM-x32\...\{25CD143B-C6D3-451A-9171-D10B79024DA3}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files English (HKLM-x32\...\{613E0552-0ED4-4C0C-A490-97874945B03B}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files (HKLM-x32\...\{DC9446F7-A459-48E0-A392-7CA1F6DDB445}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files English (HKLM-x32\...\{ABCFB24D-9DAE-4131-B7DC-F3CF98CA08EF}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - Setup Files (HKLM-x32\...\{64A329FC-D1B2-4354-922D-21F7EC777E10}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - System Files (HKLM-x32\...\{03CF7E84-3BA1-4AF3-9C0A-91651042301D}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files (HKLM-x32\...\{6F671CD6-781C-4B81-92AA-62A723CDFCF8}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files English (HKLM-x32\...\{C6BD6E08-E687-4D63-BBF1-ADFD1B9A2CC8}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WPD format Props x64 (HKLM\...\{6E80CBF1-318E-4172-BC19-69AFAF613C5E}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X7 - WT (HKLM-x32\...\{56E50D72-9986-4AFF-80B2-6C3DAEB0A17D}) (Version: 17.0 -  Corel Corporation) Hidden
WordPerfect Office X7 (HKLM-x32\...\_{64A329FC-D1B2-4354-922D-21F7EC777E10}) (Version: 17.0.0.366 - Corel Corporation)
WordPerfect Office X7 (HKLM-x32\...\{9E5915F6-CD0E-464E-BD22-AF6A16150478}) (Version: 17.2 - Corel Corporation) Hidden
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-19] (HP Inc.)
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-07-30] (Keeper Security Inc)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-13] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-04-26] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-29] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.5.3272.0_x64__8wekyb3d8bbwe [2018-04-26] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-13] (Microsoft Corporation) [MS Ad]
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-10-29] (Adobe Systems Incorporated)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.4.0.1_x86__fxme7667cy4q4 [2019-05-14] (Ricoh Company, Ltd.)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35042.0.0_x64__807d65c4rvak2 [2019-07-20] (Synaptics Incorporated)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2069550446-780284186-1707450264-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {1e4c32d7-0931-45ee-8d68-a25dd0ce7dc5} => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\PFSE170.DLL [2015-04-21] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed]
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {1e4c32d7-0931-45ee-8d68-a25dd0ce7dc5} => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\PFSE170.DLL [2015-04-21] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-09-09] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyCorkboard Screen Saver\Special Offers.lnk -> hxxp://www.mycorkboard.com/SpecialOffers.as
Shortcut: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyCorkboard Screen Saver\Visit MyCorkboard.com.lnk -> hxxp://www.mycorkboard.com
 
ShortcutWithArgument: C:\Users\suesarkis\Desktop\letgo-web.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=hbkfhekkfmipomaepmpocikpjpgffkop
ShortcutWithArgument: C:\Users\suesarkis\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\suesarkis\Desktop\Sweetsuzee - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\letgo-web.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=hbkfhekkfmipomaepmpocikpjpgffkop
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-12 13:15 - 2017-10-12 13:15 - 048920064 _____ () [File not signed] C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2009-09-16 19:44 - 2009-09-16 19:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 12:44 - 2009-09-16 12:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2019-02-25 14:15 - 2019-02-25 14:15 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
1998-06-08 12:06 - 1998-06-08 12:06 - 000914432 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\LEAD51N.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
2002-10-10 21:47 - 2002-10-10 21:47 - 000081920 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\Animate.dll
2002-10-10 21:45 - 2017-10-15 21:50 - 000139264 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\cork.dll
2002-10-10 21:47 - 2002-10-10 21:47 - 000061440 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\CALENDAR.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000065536 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\CLOCKS.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000032768 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\DECOR.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000032768 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\DIALER.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000032768 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\GENGIZMO.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000057344 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\GIZMOS.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000036864 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\NAMEPLT.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000036864 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\PICTURES.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000049152 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\STKYNOTE.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000057344 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\TODOLIST.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000077824 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\public.dll
2017-06-06 11:51 - 2014-12-22 14:54 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeAlarmClock\bass.dll
2017-06-06 11:51 - 2014-11-28 15:54 - 000021772 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeAlarmClock\bassflac.dll
2017-06-06 11:51 - 2014-10-20 15:08 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeAlarmClock\basswma.dll
2017-06-07 14:39 - 2014-12-22 14:54 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\bass.dll
2017-06-07 14:39 - 2014-11-28 15:54 - 000021772 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\bassflac.dll
2017-06-07 14:39 - 2014-10-20 15:08 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\basswma.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-06-01 07:47 - 2019-09-16 18:02 - 000450623 ____R C:\WINDOWS\system32\drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 15460 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;c:\Program Files\Intel\WiFi\bin\;c:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2069550446-780284186-1707450264-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.18.47.63 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AOL OnePoint.lnk"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "Embedded Callback - remotesupport.aol.com"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\StartupApproved\Run: => "OneDriveSetup"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6E6992E5-5239-4390-84F6-5889A0D41FAA}] => (Allow) LPort=15600
FirewallRules: [{8661E53C-5655-4042-926A-F47996941A3E}] => (Allow) C:\Program Files (x86)\AOL OnePoint\IDVault.exe (Intersections Inc -> White Sky, Inc.)
FirewallRules: [{C2D047AF-BACD-43D3-A91C-6259D3D66F66}] => (Allow) C:\Program Files (x86)\AOL OnePoint\IDVault.exe (Intersections Inc -> White Sky, Inc.)
FirewallRules: [{542507F3-273B-4A4A-BB78-3D26E0F4CA06}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{9A8C8F3A-160A-49D3-82F5-1650011860A6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C91930D7-9565-4034-87B4-BDAA0DC36C6A}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{FAE3A5FE-D56B-4457-8096-C2A0FD944233}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A06C7827-41A9-4C24-90E8-01E75B4EF160}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C98FCABC-DC67-40D3-B256-268F4188A4C3}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, Inc. -> AVG Technologies)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
13-09-2019 11:12:31 Windows Update
17-09-2019 07:50:26 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/17/2019 02:47:32 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (09/17/2019 02:39:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 01:53:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 12:39:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 11:40:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 10:39:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 09:39:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2019 08:39:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Browser\Application\76.0.870.102\aswEngineConnector.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.26706.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (09/17/2019 01:54:07 PM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 12:39:57 PM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 11:59:25 AM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 11:41:32 AM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 09:39:20 AM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 08:55:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 08:46:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/17/2019 08:39:04 AM) (Source: DCOM) (EventID: 10016) (User: SUESBABY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Suesbaby\suesarkis SID (S-1-5-21-2069550446-780284186-1707450264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-10-16 00:24:17.777
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-10-16 00:24:17.777
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-10-16 00:24:17.776
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-10-16 00:24:17.441
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-08-29 17:40:23.121
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.717.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2019-09-16 18:12:02.762
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-07-18 23:21:17.073
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\Installer\MSI3065.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: Insyde F.04 11/10/2012
Motherboard: Hewlett-Packard 1886
Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 62%
Total physical RAM: 8088.28 MB
Available physical RAM: 3005.46 MB
Total Virtual: 9496.28 MB
Available Virtual: 3045.65 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:444.93 GB) (Free:365.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.19 GB) (Free:2.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (OD3.0 SSD) (Removable) (Total:117.53 GB) (Free:79.6 GB) FAT32
 
\\?\Volume{a4e7abf3-f886-47bb-96ff-bc698ba7c3ae}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFS
\\?\Volume{6f3b996f-1ccc-4000-95d7-0bd109594337}\ () (Fixed) (Total:0.87 GB) (Free:0.32 GB) NTFS
\\?\Volume{01376181-7b57-4385-8f74-5719a12592e7}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F893BEDB)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 65103047)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 117.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=117.6 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 990 posts
Hi sweetsuzee, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me a Personal Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
---------------------------------------------------

Do you recognize the following Chrome extension?
 
letgo-web

---------------------------------------------------

I noticed you have a PC optimizer program (AVG PC TuneUp) installed on your computer. Personally, I don't recommend the use of PC optimizers/registry cleaners as they can cause more harm than good. See the following articles for more information:

Microsoft support policy for the use of registry cleaning utilities
Answers to common security questions - Best practices

If you decide to remove this program, you can do so via the following:
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:

    AVG PC TuneUp

  • Select the above program(s) and click Uninstall.
  • Restart the computer if prompted.
---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    IFEO\aolonepoint.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\idvault.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\javacpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\javaw.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\jp2launcher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\mcuicnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\photoshopelementseditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\ssscheduler.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    Task: {CFF502A0-0004-4156-BB88-0629DD3FCF54} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    HKU\S-1-5-21-2069550446-780284186-1707450264-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311447&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3gnvVgOifspTi86wSYOlHlOG6%2BtVnCQTPpJaBYKyPXcXu1RcRS%2FJHmEQVwphjS2waGJpPH4lnNkBodHJLCgie4PDTUtxfp%2FNTFURtUMLVPH5K4mTGaQwTTZN3ERQbR8qX3zLccGPyG48AdczGa%2BbtJCvzD0JQMmEs84vUrZAfOanSScV9uHqHBwdLR8%2Bl6IT6abKVT8La4aPG7Wf78KPSR9XH1r0wi7dgDXVWr0CL02Q%3D%3D
    SearchScopes: HKU\S-1-5-21-2069550446-780284186-1707450264-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311447&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3gnvVgOifspTi86wSYOlHlIXEd7dAGZxfhvOW1nnRTWLw6Y7G5F4CYbo3aePVc%2FBCkYwaWk9Da0A6WL2J8YbatpjZ37CAVIGERKfv%2BUPLZJNnZYKdm9SOOQK2Me%2BisD3%2BEZ%2B4UxMaBeFWE2YGAiOdgxkFBGVtgSYtv6AylZ1RaNkLsvhvhptirrHSvsm81HgmpCLyo1fpz9WybLWNQHt0b5iRB3tki3qpTehJs9wO6Yw%3D%3D&p={searchTerms}
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311457&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2KzKng6DqDwLXGzQuImnSkuMRjGBMJKVXU9IRCVZHYmv03SMviyUpr2foFPnoYkJaB3zfa5tmymI5biZxxjmVTIbN5ffDfL8kCtQrGoxi2kMRzHbkFAtg5EnpK5Hu5iMnnZUYerfkfO61IRimZ47UAtI3vkxx%2FSpXj3joplwZyWJfCIZm2pmJkfO%2F12o7jo58hmN5FO46RpWqsGGdB92u35v50dGIfe8QyECGyKPI9WTZlPjMpXto87EcWfoMMx88%3D"
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    VirusTotal: C:\Program Files (x86)\Corkboard\CORK.EXE
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • Let me know how the computer is doing.

  • 0

#3
sweetsuzee

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Dear iMacg3 - I started writing a reply but it seems to have disappeared.  I hate having to repeat myself but I am going to just in case the previous notes fell into the black hole of cyberspace since I surely didn't submit the previous post. Bottom line is that I'm a very disabled septuagenarian currently undergoing various medical issues including chemo.  Therefore, sometimes I am unavailable for 4 days although not often.  If you do not hear from me, please do not abandon me as I will not leave before you know about it as the case will be finished.  If I can remember how to do it I will set my computer to do an entire backup tonight before retiring since the last time I did it which was a few years ago, I vaguely recall when I woke up it was still going through the backup stage.  

 

Yes, I  am slightly familiar with LETGO as it is similar to eBay where you can buy and sell items. However, I never installed anything knowingly to the best of my recollection.  Oh, by the way, that's another thing.  My memory isn't the greatest. 

 

I believe the AVG PC Tuneup is a temp install which I do about every 3 yrs or so when I can get under their wires but I do not pay for the service when the temp is over.  I can remove it easily.  However, AVG is and has been my anti-virus software, the free version, for about 20 yrs or longer.  Both Norton and McAfee caused major problems by not catching viruses, etc.

 

Although I am not computer illiterate, I am also not too tech savvy and some things soar right over my head.  When you tell me to copy the items in the code box and then launch FRST.exe, does it matter that my version is quite old?  Does it update automatically?  By the way, in having just visited my desktop, I'll be darned.  There's an icon there for Let Go.  Do you want me to remove that program?  I haven't really used their services as I buy from eBay usually.

 

Please advise and thank you so very, very much.  Spending half of my life watching little blue circles encircling while I see "not responding" way too often and wasting lots of very valuable time in this woman who is in the "end stage" of her life, is quite depressing.    

 

  


  • 0

#4
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 990 posts
Hi sweetsuzee,

No need to uninstall Letgo. Just wanted to confirm you recognized the extension, as there isn't much information about the "letgo-web" browser extension available online. :)

FRST will automatically update when you open it, and you may receive a notice that the tool has found an update.
  • 0

#5
sweetsuzee

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I did delete Letgo although I had installed it long after the troubles started.  I uninstalled the AVG PC Tuneup as directed.  I ran FRST4 as requested with the log text inserted below.  You asked that I not run any "fix-it" programs while we're doing this.  CCleaner automatically cleans the cache and garbage when I turn on the computer.  I had forgotten about that so there was an auto cleanup this morning.  Also, I recently installed Malwarebytes, the Premium version, to see if it could help.  TFix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2019

Ran by suesarkis (26-09-2019 10:34:02) Run:1
Running from C:\Users\suesarkis\Desktop
Loaded Profiles: suesarkis & User & Administrator &  (Available Profiles: suesarkis & User & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
IFEO\aolonepoint.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\idvault.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\javacpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\javaw.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\jp2launcher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mcuicnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshopelementseditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ssscheduler.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {CFF502A0-0004-4156-BB88-0629DD3FCF54} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311447&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3gnvVgOifspTi86wSYOlHlOG6%2BtVnCQTPpJaBYKyPXcXu1RcRS%2FJHmEQVwphjS2waGJpPH4lnNkBodHJLCgie4PDTUtxfp%2FNTFURtUMLVPH5K4mTGaQwTTZN3ERQbR8qX3zLccGPyG48AdczGa%2BbtJCvzD0JQMmEs84vUrZAfOanSScV9uHqHBwdLR8%2Bl6IT6abKVT8La4aPG7Wf78KPSR9XH1r0wi7dgDXVWr0CL02Q%3D%3D
SearchScopes: HKU\S-1-5-21-2069550446-780284186-1707450264-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311447&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3gnvVgOifspTi86wSYOlHlIXEd7dAGZxfhvOW1nnRTWLw6Y7G5F4CYbo3aePVc%2FBCkYwaWk9Da0A6WL2J8YbatpjZ37CAVIGERKfv%2BUPLZJNnZYKdm9SOOQK2Me%2BisD3%2BEZ%2B4UxMaBeFWE2YGAiOdgxkFBGVtgSYtv6AylZ1RaNkLsvhvhptirrHSvsm81HgmpCLyo1fpz9WybLWNQHt0b5iRB3tki3qpTehJs9wO6Yw%3D%3D&p={searchTerms}
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311457&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2KzKng6DqDwLXGzQuImnSkuMRjGBMJKVXU9IRCVZHYmv03SMviyUpr2foFPnoYkJaB3zfa5tmymI5biZxxjmVTIbN5ffDfL8kCtQrGoxi2kMRzHbkFAtg5EnpK5Hu5iMnnZUYerfkfO61IRimZ47UAtI3vkxx%2FSpXj3joplwZyWJfCIZm2pmJkfO%2F12o7jo58hmN5FO46RpWqsGGdB92u35v50dGIfe8QyECGyKPI9WTZlPjMpXto87EcWfoMMx88%3D"
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
VirusTotal: C:\Program Files (x86)\Corkboard\CORK.EXE
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\aolonepoint.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\idvault.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\javacpl.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\javaw.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jp2launcher.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcuicnt.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photoshopelementseditor.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ssscheduler.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninstall.exe => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFF502A0-0004-4156-BB88-0629DD3FCF54}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFF502A0-0004-4156-BB88-0629DD3FCF54}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18} => removed successfully
HKLM\Software\Classes\CLSID\{1711FC25-F05A-40CE-B859-A0C1CF01FD18} => not found
"Chrome StartupUrls" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
VirusTotal: C:\Program Files (x86)\Corkboard\CORK.EXE => https://www.virustot...sis/1556525600/
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 13393920 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 103924616 B
Java, Flash, Steam htmlcache => 563 B
Windows/system/drivers => 19035133 B
Edge => 18920568 B
Chrome => 43970619 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18094 B
LocalService => 0 B
NetworkService => 154524900 B
NetworkService => 0 B
suesarkis => 321947793 B
User => 23538 B
Administrator => 6656 B
 
RecycleBin => 162057578 B
EmptyTemp: => 799 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 

==== End of Fixlog 10:44:03 ====he Premium trial expired in 4 days.  Am I correctly understanding that you do not support such programs  If so, please advise as I will let it lapse.  However, it was Geeks to Go who first introduced me to them quite a few years ago.  Should I let it lapse?  Anyway, here's the fixit log and I will anxiously await your reply.


  • 0

#6
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 990 posts
Hi sweetsuzee,

CCleaner is fine to use, but I wouldn't recommend the use of the Registry Cleaning feature - it can cause more harm than good.

Malwarebytes is a good anti-malware program - I use it alongside Windows Defender as an added layer of protection. Please run a scan with it using Rootkit Scanning enabled:

---------------------------------------------------
Malwarebytes Anti-Malware
  • Launch Malwarebytes.
  • When the tool opens, click Settings, then the Protection tab.
  • Under Scan options, ensure Scan for rootkits and Scan within archives are On.
  • Click the Scan button on the left.
  • Select Scan Now and wait for the scan to complete.
  • Malwarebytes will update its databases, then start scanning.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export in the bottom left corner, and click Text File. Save the file to your desktop.
  • Open the Malwarebytes log on your desktop and copy/paste its contents into your next reply.
---------------------------------------------------

In your next reply, please include:
  • Malwarebytes log
  • Let me know how the computer is doing.

  • 0

#7
sweetsuzee

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
You wanted a report.  I am providing the report for the one at the top but based on what is stated, Im not sure that’s the latest report.  As a matter of fact, I cannot figure out why the one in the middle seems to be the most recent and yet not today’s.  Weird, to say the least.  I’m sure this is all old hat to you, however.
 
5 are labeled “Website Blocked” followed by 11 “Scan Report”s
 
the top 5 are date/timed
9-21/6:28 pm
9-21/11:46 pm
9-23/12:09 pm
9-16/7:20 pm
9-21/11:47 pm
 
However, when I was looking around at the various reports after saving the one you wanted, I couldn’t help but notice that the advanced reports all said that the rootkits was off.  I specifically went over following your instructions and turned that on.  Did I do something wrong or does it default to OFF when finished?
 
How come none of them are from last night or this morning since the scan took forever?   The 5 reported dates and times each had a different malware listed including 2 PUPs.  I copied all 5 to the desktop but am only providing the one you asked for in this report.  
 
Here's the log which will be followed by the exported report requested -
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/27/19
Scan Time: 7:39 AM
Log File: 8d87bb7e-e134-11e9-95d0-c8f7331cce2d.json
 
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.625
Update Package Version: 1.0.12671
License: Trial
 
-System Information-
OS: Windows 10 (Build 17134.885)
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 324274
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 59 min, 47 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 9/21/19
Protection Event Time: 6:28 PM
Log File: 5960fb18-dcd8-11e9-ab0c-c8f7331cce2d.json
 
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.625
Update Package Version: 1.0.12591
License: Trial
 
-System Information-
OS: Windows 10 (Build 17134.885)
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Category: Adware
Domain: ezloginnow.com
IP Address: 54.86.218.140
Port: [52759]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
 
(end)

 

 

 


  • 0

#8
sweetsuzee

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Just had a bright light go off.  The other dates with the PUPs and listed malware, would they have been the various "detections" that I clicked to "quarantine" when the computer was turned on daily?  If so, guess I better pay that tab when it pops up again.  LOL  At some point should I also download ADW cleaner since it is for free?  I have an old version of JRT but haven't ran it since you said not to run anything until you tell me.  


  • 0

#9
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 990 posts
Hi sweetsuzee,

Sorry for the delay.

Thanks for the Malwarebytes log. Please run the following scans with AdwCleaner and ESET Online Scanner:

---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
---------------------------------------------------

In your next reply, please include:
  • AdwCleaner[S0*].txt
  • eset.txt

  • 0

#10
sweetsuzee

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Sorry to take so long but 1) the ESET took about 15 hrs, and, 2) the scan log was not saved to the desktop and I've been going crazy finding it.  Thank God I have a decent desktop search software.  LOL  I'm hopeful that my headaches have been taken care of as ESET did find problems.  However, I believe there were 2 problems it couldn't take care of but that is truly a quick guess as I saw the words as they flashed by quickly.  What I do know is that it takes forever for a page to open that I link to in an email because between MS Edge and adchoice there are dozens of popups that load one right after the other and then it repeats itself when I go to the next page.  All I can do now is sit here and pray that ESET stopped it.  Here are the two reports -

 

 
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-09-27.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-29-2019
# Duration: 00:03:27
# OS:       Windows 10 Home
# Scanned:  35645
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
AdwCleaner[S00].txt - [2114 octets] - [03/05/2019 09:36:18]
AdwCleaner[C00].txt - [2024 octets] - [03/05/2019 09:42:15]
AdwCleaner_Debug.log - [26946 octets] - [16/09/2019 20:13:44]
AdwCleaner[S01].txt - [3511 octets] - [16/09/2019 20:17:35]
AdwCleaner[C01].txt - [3390 octets] - [16/09/2019 20:31:53]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 
 
 
9/30/2019 7:27:29 AM
Files scanned: 511250
Infected files: 67
Cleaned threats: 65
Total scan time 12:04:39
Scan status: Finished
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ProtectorUpdater.exe.vir a variant of Win32/ReImageRepair.K potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiGuard.exe.vir a variant of Win32/ReImageRepair.O potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiScanner.exe.vir a variant of Win32/ReImageRepair.O potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\ReiSystem.exe.vir a variant of Win32/ReImageRepair.O potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Protector\uninst.exe.vir a variant of Win32/ReImageRepair.K potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\LanguageSelect.exe.vir a variant of Win32/ReImageRepair.B potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\LZMA.EXE.vir a variant of Win32/ReImageRepair.K potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir Win32/ReImageRepair.E potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageSafeMode.exe.vir a variant of Win32/ReImageRepair.K potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_AVIRA.exe.vir a variant of Win32/Adware.Imali.O application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_Engine.dll.vir a variant of Win32/ReImageRepair.O potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\REI_SupportInfoTool.exe.vir a variant of Win32/ReImageRepair.O potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\savapi3.dll.vir a variant of Win32/ReImageRepair.K potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\uninst.exe.vir a variant of Win32/ReImageRepair.K potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Users\suesarkis\AppData\Local\NativeMessaging\CT3288691\1_0_0_11\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Users\suesarkis\AppData\Local\NativeMessaging\CT3288691\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Users\suesarkis\AppData\Local\NativeMessaging\CT3306061\1_0_0_10\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Users\suesarkis\AppData\Local\NativeMessaging\CT3306061\1_0_0_9\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\C\Users\suesarkis\AppData\Local\NativeMessaging\CT3306061\1_0_1_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\files\kzjhaamftakwbcnmwhlethgwsgegijrt\uninstall.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
 
C:\AdwCleaner\Quarantine\v1\20190503.094145\8\Coupons\uninstall.exe#5A462DAA1FEC4A84 a variant of Win32/Adware.Coupons.AA application cleaned by deleting
 
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)
 
C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c1f.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)
 
C:\Program Files (x86)\AVG\Setup\avgOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted (after the next restart)
 
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting
 
C:\Users\suesarkis\AppData\Local\Comms\Unistore\data\7\c\a0002302000000073701.dat PDF/Phishing.A.Gen trojan cleaned by deleting
 
C:\Users\suesarkis\AppData\Local\Comms\Unistore\data\7\g\20001e06000000073701.dat PDF/Phishing.A.Gen trojan cleaned by deleting
 
C:\Users\suesarkis\AppData\Local\Comms\Unistore\data\7\n\d0001d0d000000073701.dat PDF/Phishing.A.Gen trojan cleaned by deleting
 
C:\Users\suesarkis\Desktop\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
C:\Users\suesarkis\Downloads\produkey-x64\ProduKey.exe a variant of Win64/PSWTool.ProductKey.A potentially unsafe application cleaned by deleting
 
C:\Users\suesarkis\Downloads\avgdriverupdater (1).exe a variant of Win32/Slimware.A potentially unwanted application cleaned by deleting
 
C:\Users\suesarkis\Downloads\avgdriverupdater.exe a variant of Win32/Slimware.A potentially unwanted application cleaned by deleting
 
C:\Users\suesarkis\Downloads\ccsetup5372.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
C:\Users\suesarkis\Downloads\ccsetup541 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
C:\Windows\CouponPrinter.ocx a variant of Win32/Adware.Coupons.AA application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\AskToolbarInstaller-12.3.0_ARS3-V7.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\AskToolbarInstaller-12.6.0_ARS3-V7.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\AskToolbarInstaller-12.7.0_ARS3-V7.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Passport.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Passport_x64.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.V potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Program Files (x86)\Coupons.com CouponBar\tbcore3.dll a variant of Win32/Toolbar.Softomate.A potentially unwanted application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Users\suesarkis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Users\suesarkis\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\Chrome\CT3289663\content\popup.js JS/Toolbar.Conduit.B potentially unwanted application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\Chrome\CT3289847\content\popup.js JS/Toolbar.Conduit.B potentially unwanted application cleaned by deleting
 
C:\_OTL\MovedFiles\11212013_143644\C_Users\suesarkis\AppData\Roaming\Mozilla\Firefox\Profiles\lkyzsjpu.default\extensions\{845cab51-d8d2-472f-8bd9-2b44642d97c2}\Chrome\CT3303002\content\popup.js JS/Toolbar.Conduit.B potentially unwanted application cleaned by deleting
 
Autostart locations Win32/Bundled.Toolbar.Google.D potentially unsafe application contained infected files
 

  • 0

Advertisements


#11
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 990 posts
Hi sweetsuzee,

Please take a screenshot of the popups and attach it to your reply.

To attach a file to your reply, click More reply options > Attach Files.
  • 0

#12
sweetsuzee

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Good morning.  I hope all is well with you.  I'm just pulling my hair out as it seems things are getting worse, not better.  However, that might just be my frustrated imagination.  The past couple of days my computer has been freezing whereby nothing can be done.  When I say nothing, I mean nothing including Task Manager whereby I have to actually shut down.  I hate logging back on when that happens because it is such a pain.  This morning all of a sudden McAfee activated and ran a Security Scan Plus. What's so weird about that is 1) I was unable to disable the software, and, 2) it showed that it is allegedly scheduled to perform every Wednesday at 8:11 am.  I did have a forced shutdown last night and had to go through the entire MS startup when improperly closed.  Anyway, the slowness is what is so troubling.  I am not getting things done as I should because everything is so slow.  Emails do not open timely.  Programs do not activate timely.  Many times I see a "Not Responding" notice as I watch the little blue circle encircling.  However, in due time whatever it is I'm doing happens.  I will attach the various "captures" that I screen shot as asked.  However it was very, very difficult to do because so many ads come and go so quickly.   By the time I got the "snipping tool" opened, in each of the various pages numerous ads came and went. I believe it is the last one where you can see that some of them hadn't exploded totally in that each picture opens one right after the other and it delays the article or whatever from opening.  I hope you understand my ramblings.  Thanks, Sue

Attached Thumbnails

  • Capture1.PNG
  • Capture2.PNG
  • Capture3.PNG
  • Capture4.PNG
  • Capture5.PNG
  • Capture6.PNG
  • Capture7.PNG
  • capture8.PNG
  • Capture9.PNG

  • 0

#13
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 990 posts
Hi sweetsuzee,

Do the advertisements appear in all browsers or one particular browser?
  • 0

#14
sweetsuzee

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Since I spend 99.9 of my time in AOL, I actually went over and played around in Chrome for a while to see.  The bottom line is both browsers were attacked.  However, in Chrome they opened much faster and didn't interfere with my progress as much.  I bounced back and forth comparing them and they were pretty much the same ads popping in and out. However, Chrome handled them more "in sync" without holding up my pages.  In AOL each one of the many loads one at a time and I'm precluded from any other work while waiting.  Hope I made sense.


  • 0

#15
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 990 posts
Hi sweetsuzee,

Open AOL and select Help > About AOL. Which version of AOL is listed as being installed?
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP