Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis log - pop-ups and redirection. Please advise.


  • This topic is locked This topic is locked
6 replies to this topic

#1 cmpfixer22

cmpfixer22

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 24 November 2017 - 03:02 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:44:40 PM, on 11/24/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18838)
 
 
Boot mode: Normal
 
Running processes:
C:\Users\joel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\joel\AppData\Local\Akamai\netsession_win.exe
C:\Users\joel\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Shutterfly Uploader\ThisLife.Uploader.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\joel\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {ff762809-408e-4d51-8116-91fbb402a645} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Helper.dll (file missing)
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Hawaiian Airlines Rewards Bar - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll (file missing)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\joel\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\joel\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e017947940744bad9fd349308c6ccd31-4606d8b4232533d6972357977e88ceb75a221022 /CMPID=0214c
O4 - HKCU\..\Run: [PSamNoNeed.exe] C:\Users\joel\AppData\Local\Temp\dlmE55.tmp\PSAMNO~1.EXE /r
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1114av] C:\Users\joel\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=e017947940744bad9fd349308c6ccd31-4606d8b4232533d6972357977e88ceb75a221022 /CMPID=1114av
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_AE89E23AA53595B2699647E23441DB3C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28T15DGN05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Amazon Music] "C:\Users\joel\AppData\Local\Amazon Music\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-240763031-327419994-4012056955-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-240763031-327419994-4012056955-1005\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-240763031-327419994-4012056955-1005\..\Run: [Akamai NetSession Interface] "C:\Users\joel\AppData\Local\Akamai\netsession_win.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-240763031-327419994-4012056955-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Startup: Verizon Wireless Software Utility Application for Android – Samsung.lnk = joel\AppData\Roaming\VERIZON\UA_ar\UA.exe
O4 - Global Startup: Avast Cleanup Premium.lnk = C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
O4 - Global Startup: NETGEAR WNA3100 Genie.lnk = C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
O4 - Global Startup: Shutterfly Uploader.lnk = C:\Program Files (x86)\Shutterfly Uploader\ThisLife.Uploader.exe
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Avast Cleanup Premium (CleanupPSvc) - AVAST Software - C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DraftSight API Service - Unknown owner - C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HP Touchpoint Analytics (HPTouchpointAnalyticsService) - HP Inc. - C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
 
--
End of file - 17138 bytes
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 PM

Posted 25 November 2017 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar Recovery Scan Tool from now on to report problems.
===

:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Wait for further instructions.
==============================

#3 cmpfixer22

cmpfixer22
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 25 November 2017 - 11:47 AM

Good Morning - Please see the MalwareBytes scan and the AdwCleanw scans (2) below.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/25/17
Scan Time: 8:31 AM
Log File: ab00378a-d1f5-11e7-b8e5-f46d04073683.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3343
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: joel-PC\joel
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 475291
Threats Detected: 85
Threats Quarantined: 85
Time Elapsed: 6 min, 16 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 24
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\dkbnllicnpcjmganapjhglmgeheghhcb, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\_locales\en, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\html\popup, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\_metadata, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\js\popup, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\_locales, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\newtab, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\html, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\css, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\js, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\USERS\JOEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\DKBNLLICNPCJMGANAPJHGLMGEHEGHHCB, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\gpnnjiknbolheeghflnfaagldmajhojd, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\_metadata, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\icons, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\html, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\main, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\css, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\js_, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\lib, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\src, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\USERS\JOEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\GPNNJIKNBOLHEEGHFLNFAAGLDMAJHOJD, Quarantined, [16490], [456908],1.0.3343
 
File: 61
PUP.Optional.Spigot.Generic, C:\USERS\JOEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Replaced, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\USERS\JOEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Replaced, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\dkbnllicnpcjmganapjhglmgeheghhcb\000003.log, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\dkbnllicnpcjmganapjhglmgeheghhcb\CURRENT, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\dkbnllicnpcjmganapjhglmgeheghhcb\LOCK, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\dkbnllicnpcjmganapjhglmgeheghhcb\LOG, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\dkbnllicnpcjmganapjhglmgeheghhcb\LOG.old, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\dkbnllicnpcjmganapjhglmgeheghhcb\MANIFEST-000001, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\USERS\JOEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\DKBNLLICNPCJMGANAPJHGLMGEHEGHHCB\4.5_0\CHROMERESTORE.JS, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\css\description.css, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\css\popup.css, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\html\popup\description.html, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\html\popup\popup.html, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\js\popup\popup.js, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\js\userNewTab.js, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\newtab\slimnews__newtab.html, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\_locales\en\messages.json, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\_metadata\verified_contents.json, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\after.js, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\background.js, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\contentscript.js, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\icon.png, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Spigot.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb\4.5_0\manifest.json, Quarantined, [1969], [454579],1.0.3343
PUP.Optional.Cmptch.Generic, C:\USERS\JOEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Replaced, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\USERS\JOEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Replaced, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\gpnnjiknbolheeghflnfaagldmajhojd\000003.log, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\gpnnjiknbolheeghflnfaagldmajhojd\CURRENT, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\gpnnjiknbolheeghflnfaagldmajhojd\LOCK, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\gpnnjiknbolheeghflnfaagldmajhojd\LOG, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\gpnnjiknbolheeghflnfaagldmajhojd\LOG.old, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\gpnnjiknbolheeghflnfaagldmajhojd\MANIFEST-000001, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\USERS\JOEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\GPNNJIKNBOLHEEGHFLNFAAGLDMAJHOJD\171.2646.1056.23_0\MANIFEST.JSON, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\css\backcomp.css, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\css\style.css, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\html\background.html, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\icons\128.png, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\icons\16.png, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\icons\19.png, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\icons\32.png, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\icons\38.png, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\icons\48.png, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\icons\64.png, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\js\vast.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\js_\adaptive_path.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\js_\adaptive_theme.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\js_\add_theme.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\js_\modify_path.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\lib\require.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\main\abolish_alarm.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\main\abolish_alarmA.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\main\calculate_store.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\main\calculate_storeA.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\main\calculate_storeB.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\src\find_project.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\src\insert_signal.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\src\monitor_timetable.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\src\segment_queue.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\_metadata\computed_hashes.json, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\_metadata\verified_contents.json, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\build_path.js, Quarantined, [16490], [456908],1.0.3343
PUP.Optional.Cmptch.Generic, C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd\171.2646.1056.23_0\seek_architecture.js, Quarantined, [16490], [456908],1.0.3343
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner 7.0.4.0 - Logfile created on Sat Nov 25 15:51:13 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-23-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
 
***** [ Services ] *****
 
PUP.Optional.Legacy, AVG Security Toolbar Service
 
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Users\joel\AppData\Local\Mobogenie
PUP.Optional.Legacy, C:\Users\joel\Documents\Mobogenie
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Program Files (x86)\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\All Users\AVG Security Toolbar
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\FileTypeAssistant
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
PUP.Optional.Legacy, C:\Users\joel\AppData\Local\FileTypeAssistant
PUP.Optional.Legacy, C:\Users\joel\AppData\Local\genienext
PUP.Optional.ByteFence, C:\ProgramData\ByteFence
PUP.Optional.ByteFence, C:\ProgramData\Application Data\ByteFence
PUP.Optional.ByteFence, C:\Program Files\ByteFence
PUP.Optional.ByteFence, C:\Users\All Users\ByteFence
PUP.Optional.Spigot.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
PUP.Optional.Spigot.Generic, C:\Program Files (x86)\Coupons
PUP.Optional.Solvusoft, C:\Users\joel\AppData\Roaming\Solvusoft
Rogue.ForcedExtension, C:\ProgramData\apn
Rogue.ForcedExtension, C:\ProgramData\Application Data\apn
Rogue.ForcedExtension, C:\Users\All Users\apn
PUP.Optional.CompuClever, C:\ProgramData\CompuClever
PUP.Optional.CompuClever, C:\ProgramData\Application Data\CompuClever
PUP.Optional.CompuClever, C:\Users\All Users\CompuClever
PUP.Optional.CompuClever, C:\Users\joel\AppData\Roaming\CompuClever
 
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\user.js
PUP.Optional.Legacy, C:\Users\joel\daemonprocess.txt
PUP.Optional.Legacy, C:\Windows\Downloaded Program Files\popcaploader.inf
PUP.Optional.CompuClever, C:\Users\joel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC TuneUp Maestro.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
# AdwCleaner 7.0.4.0 - Logfile created on Sat Nov 25 16:08:08 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: AVG Security Toolbar Service
 
 
***** [ Folders ] *****
 
Deleted: C:\Users\joel\AppData\Local\Mobogenie
Deleted: C:\Users\joel\Documents\Mobogenie
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\Program Files (x86)\AVG SafeGuard toolbar
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\ProgramData\AVG Security Toolbar
Deleted: C:\ProgramData\Application Data\AVG Security Toolbar
Deleted: C:\Users\All Users\AVG Security Toolbar
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\FileTypeAssistant
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
Deleted: C:\Users\joel\AppData\Local\FileTypeAssistant
Deleted: C:\Users\joel\AppData\Local\genienext
Deleted: C:\ProgramData\ByteFence
Deleted: C:\ProgramData\Application Data\ByteFence
Deleted: C:\Program Files\ByteFence
Deleted: C:\Users\All Users\ByteFence
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Deleted: C:\Program Files (x86)\Coupons
Deleted: C:\Users\joel\AppData\Roaming\Solvusoft
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\ProgramData\CompuClever
Deleted: C:\ProgramData\Application Data\CompuClever
Deleted: C:\Users\All Users\CompuClever
Deleted: C:\Users\joel\AppData\Roaming\CompuClever
 
 
***** [ Files ] *****
 
Deleted: C:\\user.js
Deleted: C:\Users\joel\daemonprocess.txt
Deleted: C:\Windows\Downloaded Program Files\popcaploader.inf
Deleted: C:\Users\joel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC TuneUp Maestro.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: PC TuneUp Maestro Scan
Deleted: PC TuneUp Maestro Disk Defrag Analysis
Deleted: PC TuneUp Maestro Startups
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2017 01
Ran by joel (administrator) on JOEL-PC (25-11-2017 09:25:45)
Running from C:\Users\joel\Downloads
Loaded Profiles: joel (Available Profiles: joel & UpdatusUser & Mcx1-JOEL-PC)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Akamai Technologies, Inc.) C:\Users\joel\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\joel\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Amazon Services LLC) C:\Users\joel\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Shutterfly, Inc.) C:\Program Files (x86)\Shutterfly Uploader\ThisLife.Uploader.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\joel\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
"Path" (C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\DMIX;c:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\QuickTime\QTSystem\ -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\DMIX;c:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\QuickTime\QTSystem\) <==== Repaired successfully
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-16] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-15] (VIA)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1053144 2017-06-06] (DivX, LLC)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [Akamai NetSession Interface] => C:\Users\joel\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\joel\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e017947940744bad9fd349308c6ccd31-4606d8b4232533d6972357977e88ceb75a221022 /CMPID=0214c
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [PSamNoNeed.exe] => C:\Users\joel\AppData\Local\Temp\dlmE55.tmp\PSAMNO~1.EXE /r <==== ATTENTION
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\joel\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=e017947940744bad9fd349308c6ccd31-4606d8b4232533d6972357977e88ceb75a221022 /CMPID=1114av
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [GoogleChromeAutoLaunch_AE89E23AA53595B2699647E23441DB3C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [Amazon Music] => C:\Users\joel\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-03-02] (Amazon Services LLC)
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\MountPoints2: {058da0ce-db32-11e1-91be-f46d04073683} - D:\setup.exe -a
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\MountPoints2: {131bcaf5-a159-11e3-a46a-f46d04073683} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\MountPoints2: {25e50317-685a-11e5-8a9a-f46d04073683} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\MountPoints2: {8e6d3272-74dc-11e2-a43e-f46d04073683} - D:\setup.exe -a
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\MountPoints2: {b2886a98-22d5-11e4-9935-f46d04073683} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-240763031-327419994-4012056955-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-11-16]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2015-09-18]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shutterfly Uploader.lnk [2017-09-17]
ShortcutTarget: Shutterfly Uploader.lnk -> C:\Program Files (x86)\Shutterfly Uploader\ThisLife.Uploader.exe (Shutterfly, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012-03-26]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2017-06-15]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\joel\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{2B3472C9-E912-4169-86A7-582C95DB5964}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{2FD61D6C-894E-4542-9962-791C3DC4C79D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{549444AB-DB7F-4006-BEC4-CD93B9197A35}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
URLSearchHook: HKU\S-1-5-21-240763031-327419994-4012056955-1000 -> Default = {ff762809-408e-4d51-8116-91fbb402a645}
URLSearchHook: HKU\S-1-5-21-240763031-327419994-4012056955-1000 - FCToolbarURLSearchHook Class - {ff762809-408e-4d51-8116-91fbb402a645} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Helper.dll No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKU\S-1-5-21-240763031-327419994-4012056955-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-240763031-327419994-4012056955-1000 -> {53CE6D2D-7490-4588-8C5C-CCED069906D6} URL = hxxp://search.avg.com/route/?d=4c842497&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-240763031-327419994-4012056955-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-240763031-327419994-4012056955-1000 -> {FAD4C019-CEA3-418E-909C-113F411302E1} URL = hxxp://search.hawaiianairlines.com/?ourmark=4&qs={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-16] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files (x86)\google\googletoolbar1.dll [2017-06-15] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-17] (Oracle Corporation)
Toolbar: HKLM-x32 - Hawaiian Airlines Rewards Bar - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-16] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-03-27] [Lagacy] [not signed]
FF HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-06-06] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-12-10] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-240763031-327419994-4012056955-1000: @citrixonline.com/appdetectorplugin -> C:\Users\joel\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-240763031-327419994-4012056955-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\joel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-240763031-327419994-4012056955-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\joel\AppData\Local\Google\Chrome\User Data\Default [2017-11-25]
CHR Extension: (YouTube) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27]
CHR Extension: (Google Search) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-27]
CHR Extension: (Button Monitor) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepbmkkfmnodohgncjlfkgljaagklekp [2015-05-03]
CHR Extension: (AdBlock) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-27]
CHR Extension: (Gmail) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-25]
CHR Extension: (YouTube) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-11-16]
CHR Extension: (Google Search) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (My News Wire V2.1) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkbnllicnpcjmganapjhglmgeheghhcb [2017-11-25]
CHR Extension: (Avast Passwords) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-11-23]
CHR Extension: (Avast SafePrice) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-11-23]
CHR Extension: (GamerSuperstar Ads) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpnnjiknbolheeghflnfaagldmajhojd [2017-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (AdBlock) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onnhkgghliibdhhpndpgecemipjdaklo [2015-06-17]
CHR Extension: (Gmail) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-17]
CHR Profile: C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-06-12]
CHR Extension: (Google Translate) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-05-27]
CHR Extension: (Google Slides) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-27]
CHR Extension: (Sudoku) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2016-05-27]
CHR Extension: (Google Docs) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-27]
CHR Extension: (Google Drive) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-27]
CHR Extension: (YouTube) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27]
CHR Extension: (SmartKid Maths Free) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjjcdkkibjbepaploahomohcfnoobhnh [2016-05-27]
CHR Extension: (Tools for Google Maps™) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eljpanecjjlonmoiofelcmkkpojcalcb [2016-06-06]
CHR Extension: (Google Sheets) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-27]
CHR Extension: (Sudoku) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flmlndabchaefnniikpjgobkkkfepipb [2016-05-27]
CHR Extension: (Google Docs Offline) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (Chess!) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hhajejfkogjnnkenablkhgkdmmenbjgh [2016-05-27]
CHR Extension: (90`s Games) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2016-05-27]
CHR Extension: (Calculator) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2016-05-27]
CHR Extension: (Advanced start page) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lhlflcpjmbmnhfehipheboagibdjgmog [2016-05-27]
CHR Extension: (AVG Web TuneUp) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lkmdocpbnblchppecickbipihlkehdfg [2016-05-27]
CHR Extension: (Google Hangouts) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-05-27]
CHR Extension: (Wikipedia Instant) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nlnikhpimclelcopmneehjglfppbnojd [2016-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-27]
CHR Extension: (Gmail) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-27]
CHR Profile: C:\Users\joel\AppData\Local\Google\Chrome\User Data\System Profile [2016-06-12]
CHR Extension: (YouTube) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-21]
CHR Extension: (Google Search) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-21]
CHR Extension: (Gmail) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21]
CHR HKU\S-1-5-21-240763031-327419994-4012056955-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\joel\AppData\Local\Temp\CT3288691.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-16] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1494024 2017-03-14] ()
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [4709728 2017-11-01] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-04-16] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-03-19] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 GoogleDesktopManager; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2017-06-15] (Google) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-20] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [316120 2014-08-18] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
S2 DraftSight API Service; "C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe" C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-16] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-16] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-16] (AVAST Software)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-17] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-11-25] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-11-25] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S1 CompuCleverBootor; \??\C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\Bootor64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 netr7364; system32\DRIVERS\netr7364.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-25 09:25 - 2017-11-25 09:29 - 000034476 _____ C:\Users\joel\Downloads\FRST.txt
2017-11-25 09:25 - 2017-11-25 09:25 - 000000000 ____D C:\FRST
2017-11-25 09:24 - 2017-11-25 09:24 - 002393088 _____ (Farbar) C:\Users\joel\Downloads\FRST64.exe
2017-11-25 09:22 - 2017-11-25 09:22 - 000011327 _____ C:\Users\joel\Documents\AdwCleaner[C0].txt
2017-11-25 09:14 - 2017-11-25 09:14 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-25 09:04 - 2017-11-25 09:04 - 000012867 _____ C:\Users\joel\Desktop\AdwCleaner[S0].txt
2017-11-25 09:03 - 2017-11-25 09:03 - 000012867 _____ C:\AdwCleaner[S0].txt
2017-11-25 08:48 - 2017-11-25 09:08 - 000000000 ____D C:\AdwCleaner
2017-11-25 08:48 - 2017-11-25 08:48 - 008261584 _____ (Malwarebytes) C:\Users\joel\Downloads\adwcleaner_7.0.4.0.exe
2017-11-25 08:47 - 2017-11-25 08:47 - 000018170 _____ C:\Users\joel\Desktop\MyLOG.txt
2017-11-18 09:04 - 2017-11-25 09:16 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-17 20:01 - 2017-11-18 09:25 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-11-17 19:17 - 2017-11-25 09:16 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-17 19:17 - 2017-11-25 09:16 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-17 19:17 - 2017-11-17 19:17 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-17 19:17 - 2017-11-17 19:17 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-17 19:16 - 2017-11-25 08:27 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-17 19:16 - 2017-11-17 19:16 - 078346672 _____ (Malwarebytes ) C:\Users\joel\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-17 19:16 - 2017-11-17 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-17 19:16 - 2017-11-17 19:16 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-17 19:16 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-17 09:15 - 2017-11-17 09:15 - 000000000 ____D C:\Users\joel\AppData\Roaming\Avast Tuneup
2017-11-16 14:02 - 2017-11-17 07:08 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update
2017-11-16 14:02 - 2017-11-16 14:02 - 000001143 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
2017-11-16 14:02 - 2017-11-16 14:02 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2017-11-16 14:01 - 2017-11-16 13:59 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-16 14:00 - 2017-11-16 13:59 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-14 15:39 - 2017-10-14 01:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-14 15:38 - 2017-10-18 00:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-14 15:38 - 2017-10-17 23:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-14 15:38 - 2017-10-17 19:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-14 15:38 - 2017-10-17 19:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-14 15:38 - 2017-10-17 19:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-14 15:38 - 2017-10-17 19:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-14 15:38 - 2017-10-17 19:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-14 15:38 - 2017-10-17 19:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-14 15:38 - 2017-10-17 19:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-14 15:38 - 2017-10-17 19:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-14 15:38 - 2017-10-17 19:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-14 15:38 - 2017-10-16 16:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-14 15:38 - 2017-10-16 15:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-14 15:38 - 2017-10-16 14:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-14 15:38 - 2017-10-15 15:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-14 15:38 - 2017-10-14 01:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-14 15:38 - 2017-10-14 01:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-14 15:38 - 2017-10-14 01:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-14 15:38 - 2017-10-14 01:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-14 15:38 - 2017-10-14 01:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-14 15:38 - 2017-10-14 01:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-14 15:38 - 2017-10-14 01:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-14 15:38 - 2017-10-14 01:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-14 15:38 - 2017-10-14 01:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-14 15:38 - 2017-10-14 01:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-14 15:38 - 2017-10-14 01:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-14 15:38 - 2017-10-14 01:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-14 15:38 - 2017-10-14 01:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-14 15:38 - 2017-10-14 01:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-14 15:38 - 2017-10-14 01:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-14 15:38 - 2017-10-14 01:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-14 15:38 - 2017-10-14 00:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-14 15:38 - 2017-10-14 00:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-14 15:38 - 2017-10-14 00:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-14 15:38 - 2017-10-14 00:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-14 15:38 - 2017-10-14 00:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-14 15:38 - 2017-10-14 00:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-14 15:38 - 2017-10-14 00:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-14 15:38 - 2017-10-14 00:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-14 15:38 - 2017-10-14 00:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-14 15:38 - 2017-10-14 00:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-14 15:38 - 2017-10-14 00:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-14 15:38 - 2017-10-14 00:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-14 15:38 - 2017-10-14 00:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-14 15:38 - 2017-10-14 00:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-14 15:38 - 2017-10-14 00:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-14 15:38 - 2017-10-14 00:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-14 15:38 - 2017-10-14 00:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-14 15:38 - 2017-10-14 00:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-14 15:38 - 2017-10-14 00:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-14 15:38 - 2017-10-13 23:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-14 15:38 - 2017-10-13 23:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-14 15:38 - 2017-10-13 23:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-14 15:38 - 2017-10-13 23:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-14 15:38 - 2017-10-13 23:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-14 15:38 - 2017-10-13 23:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-14 15:38 - 2017-10-13 23:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-14 15:38 - 2017-10-13 23:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-14 15:38 - 2017-10-13 23:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-14 15:38 - 2017-10-13 23:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-14 15:38 - 2017-10-13 23:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-14 15:38 - 2017-10-13 23:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-14 15:38 - 2017-10-13 23:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-14 15:38 - 2017-10-13 23:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-14 15:38 - 2017-10-13 23:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-14 15:38 - 2017-10-13 23:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-14 15:38 - 2017-10-13 23:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-14 15:38 - 2017-10-13 23:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-14 15:38 - 2017-10-13 23:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-14 15:38 - 2017-10-13 23:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-14 15:38 - 2017-10-13 23:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-14 15:38 - 2017-10-13 23:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-14 15:38 - 2017-10-13 23:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-14 15:38 - 2017-10-13 23:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-14 15:38 - 2017-10-13 23:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-14 15:38 - 2017-10-13 23:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-14 15:38 - 2017-10-13 23:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-14 15:38 - 2017-10-13 23:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-14 15:38 - 2017-10-13 23:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-14 15:38 - 2017-10-13 23:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-14 15:38 - 2017-10-11 17:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-14 15:38 - 2017-10-11 17:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-14 15:38 - 2017-10-11 17:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-14 15:38 - 2017-10-11 17:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-14 15:38 - 2017-10-11 17:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-14 15:38 - 2017-10-11 17:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-14 15:38 - 2017-10-11 17:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-14 15:38 - 2017-10-11 17:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-14 15:38 - 2017-10-11 17:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-14 15:38 - 2017-10-11 17:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-14 15:38 - 2017-10-11 17:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-14 15:38 - 2017-10-11 17:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-14 15:38 - 2017-10-11 17:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-14 15:38 - 2017-10-11 17:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-14 15:38 - 2017-10-11 17:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-14 15:38 - 2017-10-11 17:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-14 15:38 - 2017-10-11 17:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-14 15:38 - 2017-10-11 17:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-14 15:38 - 2017-10-11 17:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-14 15:38 - 2017-10-11 17:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-14 15:38 - 2017-10-04 06:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-14 15:38 - 2017-10-04 06:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-14 15:38 - 2017-10-04 06:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-14 15:38 - 2017-10-04 06:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-14 15:38 - 2017-10-04 06:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-14 15:38 - 2017-10-04 06:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-14 15:38 - 2017-10-04 06:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-14 15:38 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-09 08:02 - 2017-11-10 05:12 - 000013529 _____ C:\Users\joel\Downloads\Beth_TimeKeeping_Data.xlsx
2017-11-09 08:02 - 2017-11-10 05:12 - 000000995 _____ C:\Users\joel\Documents\Beth_TimeKeeping_Data.lnk
2017-11-05 22:55 - 2017-11-05 22:55 - 000000055 _____ C:\Users\joel\Desktop\Family Search.url
2017-11-05 16:29 - 2017-11-05 16:29 - 002039302 _____ C:\Users\joel\Documents\Miranda King.pdf
2017-11-04 14:17 - 2017-11-04 14:17 - 003454795 _____ C:\Users\joel\Documents\punta-cana-brochure.pdf
2017-11-04 10:14 - 2017-11-04 10:14 - 000000000 ____D C:\Users\joel\Downloads\CHRISTMAS KORRA
2017-11-03 11:46 - 2017-11-03 11:46 - 000115804 _____ C:\Users\joel\Documents\Background+check+form+for+GDS.pdf
2017-11-03 11:45 - 2017-11-03 11:45 - 000107345 _____ C:\Users\joel\Downloads\Background+check+form+for+GDS.pdf
2017-11-02 12:33 - 2017-11-02 12:33 - 001345929 _____ C:\Users\joel\Downloads\Sunshine-in-D.R..pptx
2017-11-02 12:33 - 2017-11-02 12:33 - 001345929 _____ C:\Users\joel\Downloads\Sunshine-in-D.R. (1).pptx
2017-11-01 15:52 - 2017-11-02 12:31 - 001345929 _____ C:\Users\joel\Documents\Sunshine in D.R..pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-25 09:28 - 2009-07-13 21:45 - 000025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-25 09:28 - 2009-07-13 21:45 - 000025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-25 09:21 - 2013-03-24 19:47 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-25 09:20 - 2017-06-15 06:50 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-25 09:18 - 2017-02-28 08:43 - 000000000 ____D C:\Users\joel\AppData\Local\HTC MediaHub
2017-11-25 09:13 - 2012-03-26 13:06 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-11-25 09:11 - 2012-02-06 13:48 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-25 09:11 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-25 09:07 - 2010-03-01 18:24 - 000000000 ____D C:\Users\joel
2017-11-25 08:46 - 2014-03-29 14:04 - 000000316 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2017-11-25 08:42 - 2010-05-02 12:35 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-25 02:00 - 2010-03-19 23:16 - 000000000 ____D C:\Users\joel\AppData\Local\Adobe
2017-11-24 12:58 - 2017-08-20 11:31 - 000014379 _____ C:\Users\joel\Desktop\MY INFO.xlsb.xlsx
2017-11-22 14:23 - 2017-03-11 13:16 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForjoel
2017-11-22 14:23 - 2017-03-11 13:16 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForjoel.job
2017-11-19 04:33 - 2011-12-08 19:49 - 000000366 _____ C:\Windows\Tasks\Driver Robot.job
2017-11-19 04:08 - 2010-04-18 09:22 - 000000352 _____ C:\Windows\Tasks\Driver Fetch.job
2017-11-18 14:22 - 2011-09-18 13:32 - 000000000 ____D C:\Program Files\HP
2017-11-18 14:22 - 2011-09-18 13:31 - 000000000 ____D C:\ProgramData\HP
2017-11-17 19:16 - 2014-05-13 00:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-17 08:49 - 2009-07-13 22:13 - 000786622 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-17 08:49 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-11-17 08:05 - 2013-11-03 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-17 08:05 - 2013-08-11 09:29 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-11-17 08:05 - 2013-08-11 09:29 - 000000000 ____D C:\Program Files\Java
2017-11-17 07:59 - 2012-12-20 18:13 - 000000000 ____D C:\Users\joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-17 07:59 - 2012-12-20 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-17 07:59 - 2012-12-20 18:13 - 000000000 ____D C:\Program Files\WinRAR
2017-11-17 07:58 - 2014-02-11 17:30 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-11-17 07:58 - 2010-03-19 22:33 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-16 14:02 - 2017-06-15 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-11-16 14:02 - 2017-06-15 06:42 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-16 14:01 - 2017-06-15 06:50 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-16 14:00 - 2017-06-15 06:50 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-16 14:00 - 2017-06-15 06:50 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-16 13:59 - 2017-06-15 06:50 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151086610820804
2017-11-16 13:59 - 2017-06-15 06:50 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-16 13:59 - 2017-06-15 06:50 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-16 13:59 - 2017-06-15 06:50 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-16 13:59 - 2017-06-15 06:49 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-16 13:59 - 2017-06-15 06:49 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-11-16 13:59 - 2017-06-15 06:49 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-11-16 13:59 - 2017-06-15 06:49 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-11-16 13:59 - 2017-06-15 06:49 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-16 13:59 - 2017-06-15 06:49 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-11-16 03:29 - 2015-04-28 17:49 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 07:41 - 2015-12-21 11:36 - 000118412 _____ C:\Users\joel\Documents\King Family.pptx
2017-11-15 07:41 - 2015-12-21 11:35 - 000082021 _____ C:\Users\joel\Documents\Meyer Family.pptx
2017-11-15 04:38 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2017-11-15 03:47 - 2017-07-15 15:58 - 005107704 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 03:40 - 2009-07-13 22:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-11-15 03:39 - 2009-07-13 21:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-15 03:34 - 2017-09-22 07:13 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-11-15 03:33 - 2014-12-10 03:31 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 03:15 - 2011-08-31 13:03 - 000778744 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-15 03:10 - 2013-08-14 03:01 - 000000000 ____D C:\Windows\system32\MRT
2017-11-15 03:01 - 2017-10-11 03:10 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-15 03:01 - 2010-03-19 16:46 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-14 21:21 - 2010-05-15 13:11 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 21:21 - 2010-05-15 13:11 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 20:52 - 2014-02-23 19:38 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-11-14 20:51 - 2016-09-28 14:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-14 08:33 - 2017-09-09 09:41 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 08:33 - 2013-03-27 16:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-14 08:33 - 2013-03-27 16:59 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-14 08:33 - 2011-12-22 13:39 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-14 08:33 - 2011-08-31 09:48 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-03 13:43 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2017-11-03 13:42 - 2010-04-18 10:31 - 000000000 ____D C:\Users\joel\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2011-09-03 17:14 - 2011-09-03 20:39 - 000000132 _____ () C:\Users\joel\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2011-09-09 14:36 - 2013-02-11 18:21 - 000000132 _____ () C:\Users\joel\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-02-12 19:37 - 2015-12-20 16:42 - 000000132 _____ () C:\Users\joel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-21 17:49 - 2014-02-13 00:49 - 000000168 _____ () C:\Users\joel\AppData\Roaming\WB.CFG
2012-03-26 12:52 - 2012-03-26 12:52 - 000000600 _____ () C:\Users\joel\AppData\Roaming\winscp.rnd
2011-12-01 15:21 - 2011-12-01 15:21 - 000004608 _____ () C:\Users\joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-21 21:03 - 2014-10-21 21:03 - 000000017 _____ () C:\Users\joel\AppData\Local\resmon.resmoncfg
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\joel\AppData\Local\setup.txt
2015-04-28 17:17 - 2015-04-28 17:17 - 000000798 _____ () C:\Users\joel\AppData\Local\Temp-log.txt
 
Some files in TEMP:
====================
2017-09-22 07:42 - 2017-06-15 07:27 - 000115247 _____ () C:\Users\joel\AppData\Local\Temp\A~NSISu_.exe
2017-11-18 14:21 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\joel\AppData\Local\Temp\TAInstaller.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-19 00:32
 
==================== End of FRST.txt ===========================

 

Attached Files



#4 cmpfixer22

cmpfixer22
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 25 November 2017 - 11:48 AM

Here are the logs and the file you requested - standing by for further instructions.

Thank you so much for the assist!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 PM

Posted 25 November 2017 - 01:55 PM

Hi.
===

Remove these old version of the Java programs in bold via the Control Panel > Programs > Programs and Features.
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-240763031-327419994-4012056955-1000 - FCToolbarURLSearchHook Class - {ff762809-408e-4d51-8116-91fbb402a645} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Helper.dll No File
SearchScopes: HKU\S-1-5-21-240763031-327419994-4012056955-1000 -> {53CE6D2D-7490-4588-8C5C-CCED069906D6} URL = hxxp://search.avg.com/route/?d=4c842497&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
Toolbar: HKLM-x32 - Hawaiian Airlines Rewards Bar - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll No File
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-11-23]
CHR HKU\S-1-5-21-240763031-327419994-4012056955-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\joel\AppData\Local\Temp\CT3288691.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S1 CompuCleverBootor; \??\C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\Bootor64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 netr7364; system32\DRIVERS\netr7364.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]

ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
Task: {271153E7-7235-40D6-8F22-C56ABA227DDB} - \DriverDocRunAtStartup -> No File <==== ATTENTION
Task: {2EF64D8C-F3CE-409D-BB7B-D1EFFB4BB66B} - System32\Tasks\PC TuneUp Maestro Startup => C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe
Task: {CD4669DB-8E87-42F3-9818-C5971272CE4C} - System32\Tasks\RunAsStdUser Task => C:\Users\joel\AppData\Local\PlayVolcanoSA\bin\1.0.10.0\PlayVolcanoSA.exe
AlternateDataStreams: C:\ProgramData\Microsoft:wq48cyH8SKzhq2t6k2S7QA [2332]
AlternateDataStreams: C:\ProgramData\Microsoft:XDO4waOO7AA3iJyXXWZkM0nAFDB [1888]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619 [120]
C:\Windowss\System32\Tasks\PC TuneUp Maestro Startup
C:\Windows\System32\Tasks\RunAsStdUser Task
C:\Users\joel\AppData\Local\PlayVolcanoSA

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please post the log and let me know what problems persists.

#6 cmpfixer22

cmpfixer22
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 25 November 2017 - 06:22 PM

Completed all requests - Reset Chrome and here is the fixlog.txt file - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by joel (25-11-2017 15:56:21) Run:1
Running from C:\Users\joel\Downloads
Loaded Profiles: joel (Available Profiles: joel & UpdatusUser & Mcx1-JOEL-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-240763031-327419994-4012056955-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-240763031-327419994-4012056955-1000 - FCToolbarURLSearchHook Class - {ff762809-408e-4d51-8116-91fbb402a645} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Helper.dll No File
SearchScopes: HKU\S-1-5-21-240763031-327419994-4012056955-1000 -> {53CE6D2D-7490-4588-8C5C-CCED069906D6} URL = hxxp://search.avg.com/route/?d=4c842497&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
Toolbar: HKLM-x32 - Hawaiian Airlines Rewards Bar - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll No File
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-11-23]
CHR HKU\S-1-5-21-240763031-327419994-4012056955-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\joel\AppData\Local\Temp\CT3288691.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S1 CompuCleverBootor; \??\C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\Bootor64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 netr7364; system32\DRIVERS\netr7364.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
 
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
Task: {271153E7-7235-40D6-8F22-C56ABA227DDB} - \DriverDocRunAtStartup -> No File <==== ATTENTION
Task: {2EF64D8C-F3CE-409D-BB7B-D1EFFB4BB66B} - System32\Tasks\PC TuneUp Maestro Startup => C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe
Task: {CD4669DB-8E87-42F3-9818-C5971272CE4C} - System32\Tasks\RunAsStdUser Task => C:\Users\joel\AppData\Local\PlayVolcanoSA\bin\1.0.10.0\PlayVolcanoSA.exe
AlternateDataStreams: C:\ProgramData\Microsoft:wq48cyH8SKzhq2t6k2S7QA [2332]
AlternateDataStreams: C:\ProgramData\Microsoft:XDO4waOO7AA3iJyXXWZkM0nAFDB [1888]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619 [120]
C:\Windowss\System32\Tasks\PC TuneUp Maestro Startup
C:\Windows\System32\Tasks\RunAsStdUser Task
C:\Users\joel\AppData\Local\PlayVolcanoSA
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-240763031-327419994-4012056955-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-240763031-327419994-4012056955-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ff762809-408e-4d51-8116-91fbb402a645} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{ff762809-408e-4d51-8116-91fbb402a645} => key removed successfully
HKU\S-1-5-21-240763031-327419994-4012056955-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53CE6D2D-7490-4588-8C5C-CCED069906D6} => key removed successfully
HKLM\Software\Classes\CLSID\{53CE6D2D-7490-4588-8C5C-CCED069906D6} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{E9818C32-D774-4FBC-87C8-8D42450123DF} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E9818C32-D774-4FBC-87C8-8D42450123DF} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\avgsecuritytoolbar => key removed successfully
HKLM\Software\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
CHR Extension: (Avast SafePrice) - C:\Users\joel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-11-23] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-240763031-327419994-4012056955-1000\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk => key removed successfully
HKLM\System\CurrentControlSet\Services\BTCFilterService => key removed successfully
BTCFilterService => service removed successfully
HKLM\System\CurrentControlSet\Services\CompuCleverBootor => key removed successfully
CompuCleverBootor => service removed successfully
HKLM\System\CurrentControlSet\Services\Lavasoft Kernexplorer => key removed successfully
Lavasoft Kernexplorer => service removed successfully
HKLM\System\CurrentControlSet\Services\motandroidusb => key removed successfully
motandroidusb => service removed successfully
HKLM\System\CurrentControlSet\Services\motccgp => key removed successfully
motccgp => service removed successfully
HKLM\System\CurrentControlSet\Services\motccgpfl => key removed successfully
motccgpfl => service removed successfully
HKLM\System\CurrentControlSet\Services\motmodem => key removed successfully
motmodem => service removed successfully
HKLM\System\CurrentControlSet\Services\MotoSwitchService => key removed successfully
MotoSwitchService => service removed successfully
HKLM\System\CurrentControlSet\Services\Motousbnet => key removed successfully
Motousbnet => service removed successfully
HKLM\System\CurrentControlSet\Services\motusbdevice => key removed successfully
motusbdevice => service removed successfully
HKLM\System\CurrentControlSet\Services\netr7364 => key removed successfully
netr7364 => service removed successfully
HKLM\System\CurrentControlSet\Services\qknfd => key removed successfully
qknfd => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt => key removed successfully
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt => key removed successfully
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt => key removed successfully
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{271153E7-7235-40D6-8F22-C56ABA227DDB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{271153E7-7235-40D6-8F22-C56ABA227DDB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverDocRunAtStartup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2EF64D8C-F3CE-409D-BB7B-D1EFFB4BB66B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EF64D8C-F3CE-409D-BB7B-D1EFFB4BB66B} => key removed successfully
C:\Windows\System32\Tasks\PC TuneUp Maestro Startup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC TuneUp Maestro Startup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD4669DB-8E87-42F3-9818-C5971272CE4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4669DB-8E87-42F3-9818-C5971272CE4C} => key removed successfully
C:\Windows\System32\Tasks\RunAsStdUser Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => key removed successfully
C:\ProgramData\Microsoft => ":wq48cyH8SKzhq2t6k2S7QA" ADS removed successfully.
C:\ProgramData\Microsoft => ":XDO4waOO7AA3iJyXXWZkM0nAFDB" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
C:\ProgramData\TEMP => ":70B3C619" ADS removed successfully.
"C:\Windowss\System32\Tasks\PC TuneUp Maestro Startup" => not found.
"C:\Windows\System32\Tasks\RunAsStdUser Task" => not found.
"C:\Users\joel\AppData\Local\PlayVolcanoSA" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12851358 B
Java, Flash, Steam htmlcache => 75060102 B
Windows/system/drivers => 157612393 B
Edge => 0 B
Chrome => 1866384356 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66242 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128132 B
systemprofile32 => 1828792 B
LocalService => 132244 B
NetworkService => 66228 B
joel => 563205905 B
UpdatusUser => 66228 B
Mcx1-JOEL-PC.joel-PC => 749629 B
 
RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:57:20 ====
 
 
Looks like this may have fixed the issues - the only other thing I have going on (and this may be a fix that needs to be addressed in another area of the forum, is I cannot open any folders on my desktop - I get this message:
This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel.
 

Thank you so much for your help.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:02 PM

Posted 26 November 2017 - 07:56 AM

Hi,

I cannot open any folders on my desktop


Your Folder association is probably corrupted.

Refer to this page.
https://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html

Go to this entry.

folder - Folder protocol associations.


Click the Folder and a .reg file will be downloaded to your computer.
Place the file on your Desktop. Right click the reg file and run is as an administrator.
See if you now can open the folders.

===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users