Task: {029DEE92-B63C-4671-83D6-DB6402D7F115} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {02FA788B-9419-4A21-9BF4-2F1529352D9F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {816791A3-4811-4BF3-AC62-290C308EFD86} - System32\Tasks\Outlook Express => C:\Program Files (x86)\Outlook Express\tray.exe (No File)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: C:\WINDOWS\Tasks\EPSON DS-410 Update.job => C:\Program Files (x86)\epson\Epson Scan 2\Update\e_dtsksd.exe/EXE_S:EPSON DS-410,ES0159.DAT /F:UpdateJOE\JoeĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupload.exe
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qfill.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
Handler: intu-help-qb13 - {75EC4BB0-9AC5-4AF7-A9CE-38A34557E27C} -  No File
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} -  No File
FirewallRules: [{C0FBF500-0685-4BAF-A8F5-D7736F375DE9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe => No File
FirewallRules: [{16D5E111-6413-4D4D-9625-81D1F6E0077D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe => No File
FirewallRules: [{9E9DB471-C4F7-4B1B-9E33-D10CEE9D30BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{22E4CEA1-8D68-46AB-BFFC-9F88270567F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{5F7D9FF8-012D-48CE-87DC-3DEF8094DE16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{576D3DFF-216F-4D49-B67E-42FF2AB5143D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{0BCFAA23-1A5D-4CE9-8CF0-2C6137A16313}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe] => (Allow) C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe => No File
FirewallRules: [UDP Query User{40BE9436-207C-4E44-8914-F19AA2E6D967}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe] => (Allow) C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe => No File
FirewallRules: [{71C7F2AA-6180-4445-9D1E-4B607E5BC6ED}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{8402EBE1-A551-432B-9C60-1F4DA8914E59}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
Unlock: C:\WINDOWS\system32\sysmain.dll
File: C:\WINDOWS\system32\sysmain.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Newsflash.lnk [2015-11-23]
ShortcutTarget: Newsflash.lnk -> C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe (Avanquest USA LLC) [File not signed]
HKLM\...\StartupApproved\StartupFolder: => "Newsflash.lnk"
Task: {02FA788B-9419-4A21-9BF4-2F1529352D9F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {64995C7B-7DA0-41EB-BC6C-0CBD7661882E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Hosts:
CMD: ipconfig /flushdns
CMD: nslookup geekstogo.com
CMD: nslookup mail.google.com
CMD: tracert -d mail.google.com
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: