Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dogpile Being Redirected When "Forum" Is Typed.


  • Please log in to reply

#46
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by Owner (09-01-2021 15:44:25) Run:4
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\MountPoints2: {24670f47-71b5-11e3-bcac-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\Run: [] => [X]
Task: {0E313519-F2CD-4E9F-9C27-8B8DF7B05A89} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {28128529-D51E-4E11-BA53-3B77456B5BA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - <no Path/update_url>
R2 !SASCORE; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-27] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-08] (AVG Technologies -> AVG Technologies)
R1 SASDIFSV; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
CMD: Type C:\Windows\wininit.ini
CMD: Type C:\Windows\win.ini
ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} =>  -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> {5C25E8A3-2225-4A57-9311-5CA0A679F82A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
CMD: SC query UPnPHost
Task: {8AB4A04B-04E3-4720-9D27-5977A245BB0A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-17] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BE669FC4-2E88-4F73-B670-0B1B11F76A3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


*****************

HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24670f47-71b5-11e3-bcac-806e6f6e6963} => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E313519-F2CD-4E9F-9C27-8B8DF7B05A89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E313519-F2CD-4E9F-9C27-8B8DF7B05A89}" => removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player NPAPI Notifier" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28128529-D51E-4E11-BA53-3B77456B5BA0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28128529-D51E-4E11-BA53-3B77456B5BA0}" => removed successfully
C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Officejet Pro 8600" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009 => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc." => not found
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh => removed successfully
!SASCORE => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\!SASCORE => removed successfully
!SASCORE => service removed successfully
C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE => moved successfully
HKLM\System\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc => removed successfully
AdobeFlashPlayerUpdateSvc => service removed successfully
avgtp => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\avgtp => removed successfully
avgtp => service removed successfully
SASDIFSV => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\SASDIFSV => removed successfully
SASDIFSV => service removed successfully
SASKUTIL => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\SASKUTIL => removed successfully
SASKUTIL => service removed successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully

========= Type C:\Windows\wininit.ini =========

[rename]
c:\tempjunk3582.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
nul=C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db
c:\tempjunk5723.tmp=C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll_old
c:\tempjunk4571.tmp=C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat
c:\tempjunk3566.tmp=C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat
c:\tempjunk9948.tmp=C:\Users\Owner\AppData\Local\SearchProtect\UI\rep\UIRepository.dat
c:\tempjunk6363.tmp=C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe_old
c:\tempjunk2466.tmp=C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe_old
c:\tempjunk6902.tmp=C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe_old
c:\tempjunk4878.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_old
c:\tempjunk6366.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_old
c:\tempjunk7679.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_old
c:\tempjunk2627.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_old
c:\tempjunk2593.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_old
c:\tempjunk6087.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_old
c:\tempjunk9898.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_old
c:\tempjunk2814.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_old
c:\tempjunk3117.tmp=C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe_old
c:\tempjunk8326.tmp=C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll_old
c:\tempjunk9261.tmp=C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll_old
c:\tempjunk3024.tmp=C:\END
c:\tempjunk552.tmp=C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat
c:\tempjunk8251.tmp=C:\Users\Owner\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat
c:\tempjunk7507.tmp=C:\Users\Owner\AppData\Local\SearchProtect\UI\rep\UIRepository.dat
c:\tempjunk464.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\tempjunk2808.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\tempjunk6181.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\tempjunk4396.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\tempjunk4729.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\tempjunk632.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\tempjunk8149.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\tempjunk6520.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\tempjunk4767.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\tempjunk321.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\tempjunk731.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\tempjunk8025.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\tempjunk2295.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\tempjunk6837.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\tempjunk9760.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\tempjunk8997.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\tempjunk6314.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\tempjunk6901.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\tempjunk5072.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\tempjunk7901.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\tempjunk5242.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\tempjunk5745.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\tempjunk351.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\tempjunk6704.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\tempjunk2274.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\tempjunk8962.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\tempjunk8252.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\tempjunk4219.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\tempjunk995.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\tempjunk5329.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\tempjunk7000.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\tempjunk7058.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\tempjunk5807.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\tempjunk4983.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\tempjunk5668.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\tempjunk1858.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\tempjunk1053.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\tempjunk18.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\tempjunk2144.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\tempjunk9641.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\tempjunk9990.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\tempjunk2282.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\tempjunk5981.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\tempjunk1276.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\tempjunk8467.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\tempjunk2256.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\tempjunk4964.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\tempjunk307.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\tempjunk7669.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\tempjunk7734.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\tempjunk5750.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\tempjunk3513.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\tempjunk1041.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css
c:\tempjunk123.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html
c:\tempjunk2574.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js
c:\tempjunk8094.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js
c:\tempjunk6715.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html
c:\tempjunk7642.tmp=C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css
c:\tempjunk4853.tmp=C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\tempjunk9874.tmp=C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe_old
c:\tempjunk275.tmp=C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe_old
c:\tempjunk4956.tmp=C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\tempjunk4528.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\tempjunk6664.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\tempjunk5896.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll
c:\tempjunk2344.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_old
c:\tempjunk6078.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_old
c:\tempjunk10.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\tempjunk3103.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\tempjunk5319.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\tempjunk9891.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\tempjunk5555.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\tempjunk8053.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\tempjunk7090.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_old
c:\tempjunk6561.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_old
c:\tempjunk3836.tmp=C:\Program Files (x86)\SearchProtect\EULA.txt
c:\tempjunk445.tmp=C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_old
c:\tempjunk3306.tmp=C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_old
c:\tempjunk4535.tmp=C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe_old


========= End of CMD: =========


========= Type C:\Windows\win.ini =========

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
3g2=MPEGVideo
3gp=MPEGVideo
3gp2=MPEGVideo
3gpp=MPEGVideo
aac=MPEGVideo
adt=MPEGVideo
adts=MPEGVideo
m2t=MPEGVideo
m2ts=MPEGVideo
m2v=MPEGVideo
m4a=MPEGVideo
m4v=MPEGVideo
mod=MPEGVideo
mov=MPEGVideo
mp4=MPEGVideo
mp4v=MPEGVideo
mts=MPEGVideo
ts=MPEGVideo
tts=MPEGVideo
[compatibility]
NOTIFIER=0x400000

========= End of CMD: =========

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\Genie-Soft Timeline Backup Context Menu Extension => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C25E8A3-2225-4A57-9311-5CA0A679F82A} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => removed successfully
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File => could not remove.: incorrect path.

========= SC query UPnPHost =========


SERVICE_NAME: UPnPHost
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

========= End of CMD: =========

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8AB4A04B-04E3-4720-9D27-5977A245BB0A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AB4A04B-04E3-4720-9D27-5977A245BB0A}" => removed successfully
C:\Windows\System32\Tasks\AVG\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE669FC4-2E88-4F73-B670-0B1B11F76A3F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE669FC4-2E88-4F73-B670-0B1B11F76A3F}" => removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removed successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 15:44:45 ====


  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,464 posts
  • MVP

Apparently you have a SearchProtect infection.  Might take two fixlists to remove it all.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   620bytes   16 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.


 


  • 0

#48
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by Owner (09-01-2021 20:14:50) Run:5
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner
Boot Mode: Normal
==============================================

fixlist content:
*****************
FilesInDirectory: c:\*.tmp
C:\Users\Owner\AppData\Local\Conduit
C:\Users\Owner\AppData\Local\SearchProtect
C:\Program Files (x86)\SearchProtect
CreateDummy: C:\Program Files (x86)\SearchProtect
C:\Windows\wininit.ini
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


*****************


========================= FilesInDirectory: c:\*.tmp ========================


====== End of Filesindirectory ======
"C:\Users\Owner\AppData\Local\Conduit" => not found
"C:\Users\Owner\AppData\Local\SearchProtect" => not found
"C:\Program Files (x86)\SearchProtect" => not found
C:\Program Files (x86)\SearchProtect => dummy created successfully.
C:\Windows\wininit.ini => moved successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 20:15:07 ====

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by Owner (09-01-2021 20:21:54)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-31 02:16:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2192775400-2880640462-1298197252-500 - Administrator - Disabled)
Guest (S-1-5-21-2192775400-2880640462-1298197252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2192775400-2880640462-1298197252-1002 - Limited - Enabled)
Owner (S-1-5-21-2192775400-2880640462-1298197252-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee VirusScan (Enabled - Up to date) {2624E002-54CC-27F9-FD39-B2DD14D41191}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore) Hidden
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore)
3D Home Architect Home Design Deluxe 6 (HKLM-x32\...\{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}) (Version: 6.00.0000 - Broderbund) Hidden
3D Home Architect Home Design Deluxe 6 (HKLM-x32\...\InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}) (Version: 6.00.0000 - Broderbund)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Advertising Center (HKLM-x32\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden
Any Video Converter 5.5.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG Driver Updater (HKLM-x32\...\{95294F1F-3F2F-48E6-A33B-B89632F8F1B7}) (Version: 2.2.2 - AVG Netherlands B.V) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Chessmaster 9000 (HKLM-x32\...\Chessmaster 9000) (Version:  - )
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dell System Detect (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
DolbyFiles (HKLM-x32\...\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}) (Version: 0.1 - Nero AG) Hidden
Eusing Cleaner (HKLM-x32\...\Eusing Cleaner) (Version:  - Eusing Freeware)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.5.0.0 - Telerik)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FLAC to MP3 Converter 6.1.9.0 (HKLM-x32\...\DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1) (Version:  - Accmeware Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
honestech VHS to DVD 3.0 SE (HKLM-x32\...\{0C69661F-BAE9-466A-8878-CA78026412DF}) (Version: 3.0 - Honest Technology) Hidden
honestech VHS to DVD 3.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
iMyFone Fixppo 7.7.0.4 (HKLM-x32\...\{FD27E638-0609-44D4-B4E0-8F238FACC75C}_is1) (Version: 7.7.0.4 - Shenzhen iMyFone Technology Co., Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Juniper_Setup_Client) (Version: 7.4.13.52059 - Juniper Networks, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee Multi Access (HKLM-x32\...\MSC) (Version: 16.0 R28 - McAfee, LLC)
Menu Templates - Starter Kit (HKLM-x32\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Movie Templates - Starter Kit (HKLM-x32\...\{E498385E-1C51-459A-B45F-1721E37AA1A0}) (Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 84.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.2 (x64 en-US)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Mozilla Thunderbird 85.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 85.0 (x86 en-US)) (Version: 85.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{2af62f37-8157-4b8e-b84b-a4eab6c1d27b}) (Version:  - Nero AG)
OGG to MP3 Converter (HKLM-x32\...\{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1) (Version:  - www.oggtomp3converter.com)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Registry Mechanic 8.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 8.0 - PC Tools)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Surfshark (HKLM-x32\...\{5795EF4B-5D61-4FEC-9CAB-39A0849C7238}) (Version: 2.7.7999 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 2.7.7999) (Version: 2.7.7999 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{FDCDF826-A508-41B3-93B0-C3EC5F3251E7}) (Version: 1.0 - Surfshark)
Surfshark TUN Driver Windows (HKLM\...\{0446BBB9-5BF7-4EE8-813C-2A630808D5A1}) (Version: 1.0 - Surfshark)
System Ninja version 2.4.4 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 2.4.4 - SingularLabs)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.10.3 - Tweaking.com)
ubi.com (HKLM-x32\...\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPS Thermal Printing (HKLM-x32\...\{5468B610-354E-4ED3-B274-535F8F0AE2C0}) (Version: 2.0.0.0 - United Parcel Service)
Video Poker for Winners (HKLM-x32\...\{5B73AF17-C52E-452D-B37F-C7B69E567DB8}) (Version: 1.11.0000 - Action Gaming, Inc)
Video Poker for Winners (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Video Poker for Winners) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.177 - McAfee, LLC)
Windows Driver Package - Surfshark Ltd (wintunshark) Net  (08/10/2020 0.8.0.0) (HKLM\...\C3138B3DBCE6F9FCB8C067FECE833A62860FFB4C) (Version: 08/10/2020 0.8.0.0 - Surfshark Ltd)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Disk Cleaner 10.31 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.31 - WiseCleaner.com, Inc.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 12.5.1.8) (HKLM\...\UniConverter_is1) (Version: 12.5.1.8 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-06-05] (Nero AG -> Nero AG)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1-x32: [FileOpreation] -> {64686A76-F095-4872-A41C-1B682E751D88} => C:\Windows\SysWow64\WS_ContextMenu.dll [2010-10-28] () [File not signed]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\Desktop\Backup\Users\Owner\Desktop\Geek Squad Backup\Users\Derrell\Flash Drive Back Up 2-12-2013\Removable Disk\Junk\Remote Workstation.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://ctxmf.valero.com

==================== Loaded Modules (Whitelisted) =============

2014-01-01 16:31 - 2011-11-29 20:00 - 000059392 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-08-07 12:48 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-08-07 12:48 - 2017-03-23 08:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2020-10-12 11:54 - 2020-10-12 11:54 - 000324096 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll
2020-11-20 01:06 - 2020-11-20 01:06 - 004035072 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkWg.dll
2018-12-18 15:09 - 2016-12-13 04:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2018-12-18 15:09 - 2016-12-13 04:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000163328 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2018-02-07 19:54 - 2018-02-07 19:54 - 000172032 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6673ce6dac4d89de35948e2f0390d97b\IsdiInterop.ni.dll
2018-12-18 15:09 - 2015-05-26 03:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.gtl
2014-01-01 16:23 - 2011-11-29 09:51 - 000439808 _____ (Atheros) [File not signed] C:\Windows\system32\athihvs.dll
2014-01-01 16:14 - 2012-01-09 17:40 - 000364544 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SA3\Languages\en-US\SmartAudio.resources.dll
2018-01-18 12:12 - 2018-01-18 12:12 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\439f4df27ed07e50e3dac6eacce3a0f8\IAStorCommon.ni.dll
2014-01-01 16:31 - 2011-11-29 20:00 - 000175616 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll
2014-01-01 16:31 - 2011-11-29 20:00 - 001319424 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
2014-01-01 16:31 - 2011-11-29 19:41 - 000278016 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
2014-01-01 16:20 - 2012-02-17 01:31 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2018-02-07 19:54 - 2018-02-07 19:54 - 000225280 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\a90db6c138e5a8e0c550be7c61e5d6b6\IAStorDataMgr.ni.dll
2018-03-14 20:42 - 2018-03-14 20:42 - 000487424 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4acddac9fd2b5660cc05ad1e6f67e796\IAStorUtil.ni.dll
2014-05-21 22:16 - 2014-05-21 22:16 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2018-01-18 17:07 - 2017-09-27 17:30 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\Newtonsoft.Json.dll
2018-01-18 17:07 - 2017-12-19 15:51 - 000088064 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppCollect.dll
2018-01-18 17:07 - 2017-12-19 15:51 - 000200192 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppCommon.dll
2014-02-03 19:42 - 2017-03-23 08:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [163]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] (Adobe Systems, Incorporated -> )
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2021-01-06 21:06 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x64;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F0B42C8B-18E4-4453-B7F4-AF07039DDA72}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6D287328-FB9C-489C-BE20-DCB66556B486}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CC0C7C3A-E243-4D6A-9FB8-60A9361AC21C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{380C03FA-DA4F-49B9-BCBB-4CA3F25E2311}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6AD5B1E4-7525-4294-9428-6FEAF9223E98}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4B43463E-6840-45A1-A76A-B877DB41F515}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CD115A5D-3C73-473D-ADFD-68B7A1CA8CA4}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D628E81A-408A-4A04-B129-BC5CD964B452}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B72B88C9-C96C-404E-B39C-86B53DB1AA44}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7AACFB67-81C2-42ED-A05A-1F7CC96BFDEB}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{3060B2D1-9B37-40A4-966F-442F0D7BD6F5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8F1A5A4E-558D-428D-89DA-05C6FE5B7E12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E962DE6-1EB5-4D53-B5BD-E44A50F795D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{63CDA6EB-C3DF-461A-94E4-5E5933482F67}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{F9EED568-720A-4DF8-8A15-8C6710DF39D7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BCE88674-3735-4121-A1B1-8F47C9D8317C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AAEC3056-0F88-4A1F-AA0F-0E744E16E0B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E419970E-0773-42BC-BB42-6CC2DFEA84B3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{284094B8-4491-44B4-85F0-15C20CB9D78A}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{16223476-6DCE-4512-B5E7-99C11567A815}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{66078EE9-0D2B-4F6C-BC98-8CE5103A86DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

06-01-2021 16:41:44 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508
06-01-2021 23:05:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2021 15:09:51 Removed Cisco EAP-FAST Module
08-01-2021 15:10:34 Removed Cisco LEAP Module
08-01-2021 15:10:57 Removed Cisco PEAP Module

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (01/09/2021 08:15:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


==================== Memory info ===========================

BIOS: Dell Inc. A05 07/26/2012
Motherboard: Dell Inc. 0XR1GT
Processor: Intel® Core™ i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 59%
Total physical RAM: 8066.04 MB
Available physical RAM: 3251.09 MB
Total Virtual: 16130.23 MB
Available Virtual: 11605.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:901.2 GB) NTFS

\\?\Volume{24670f43-71b5-11e3-bcac-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 236FA298)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,464 posts
  • MVP

Appears it was just a leftover piece of SearchProtect and not still active. 

 

The only error is

 

Error: (01/09/2021 08:15:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

 

This is a very common error that doesn't hurt anything.  If we hadn't already run MBAR then I might worry about a powerliks infection since it uses the same registry entry but we ran MBAR earlier and it would have detected it.

 

I assume Thunderbird is still not working?


  • 0

#50
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Yes.  I opened Task manager and watched to see what it does.  Thunderbird appears.  Then a few seconds later Werfault.exe appears.  Then a few seconds later they both disappear.   If I could some how back up the email addresses I have, and/or any of the messages, I guess I could delete and reinstall.  Thoughts?


  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,464 posts
  • MVP

https://support.mozi...tores-user-data


  • 0

#52
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Thanks for the help and the info!


  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP