Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Computer very, very slow

This is a discussion on Computer very, very slow within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi I have a reasonably new computer, which has become very slow. One posssible culprit is a script that keeps


Like Tree2Likes
  • 1 Post By iMacg3
  • 1 Post By iMacg3
 
 
Thread Tools Search this Thread
Old 09-13-2019, 06:31 AM   #1
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Hi

I have a reasonably new computer, which has become very slow. One posssible culprit is a script that keeps popping up on the Desktop (see attachment).

meanwhile, yesterday, I was looking for ways to see if my sent emails were being opened at the destination and introduced various extensions and downloads: ContactMonkey, GetNotify, DidTheyReadIt, HubsNot, and finally Streak which I am using.

After the ContactMonkey the system came to a near crawl.

I think I may have downloaded a virus!

Help!

Thank you

qim


PS - I do not have a Recovery Disk



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2019
Ran by open1 (administrator) on LAPTOP-43556QAO (LENOVO 80XH) (13-09-2019 13:45:48)
Running from C:\Users\open1\Desktop
Loaded Profiles: open1 (Available Profiles: open1)
Platform: Windows 10 Home Version 1803 17134.950 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Esumsoft -> Esumsoft) C:\Program Files (x86)\POP Peeper\POPPeeper.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153808 2018-12-19] (Panda Security S.L. -> Panda Security, S.L.)
HKU\S-1-5-21-172656454-667963083-1913216681-1001\...\Run: [POP Peeper] => C:\Program Files (x86)\POP Peeper\POPPeeper.exe [2777776 2018-09-07] (Esumsoft -> Esumsoft)
HKU\S-1-5-21-172656454-667963083-1913216681-1001\...\Run: [Spotify] => C:\Users\open1\AppData\Roaming\Spotify\Spotify.exe [25932192 2019-08-22] (Spotify AB -> Spotify Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-09-01] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10C51235-8CF9-4902-87DC-7251075F5192} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eb110bdd-369a-4b8a-900e-a1e6bf55528b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {1CA1BB33-8222-453D-9E65-9DE2E5974641} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117296 2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {21CCDA18-6A10-4C08-986C-3A98AC7EDEAE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {225971C3-CD5C-47CB-B6F3-84BDE8A70FA8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6a007258-ba79-4e36-a936-75b9289f5b53 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {2AD96E35-C5C6-4403-92F3-F54E34494DBF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {2BA21E21-FD45-4212-A264-47A4815C6536} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428624 2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DFDACA6-4722-4540-82CC-BE581CF195D3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\94882da9-0b36-456f-81d8-fa5a93546690 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {4FDEF30A-0C80-4ECD-BA54-137449323769} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {58CA9F0F-2E8F-4951-B0CB-3E8C8906E50B} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {5B28A094-F616-436B-A6EB-76A3D1737B98} - no filepath
Task: {61D65503-A156-495E-98A5-29EF3C216C9E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117296 2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {868DD885-D82A-455C-9D36-4EDC9C41D438} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {8AC6923A-F6DC-4DCE-BB4C-BC56C127EE1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-27] (Google Inc -> Google Inc.)
Task: {944EC709-03BD-4050-A94F-58DF838E90DA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {A7945981-9A31-49E1-A87E-7E0F375F105E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAB92219-9C77-4382-A36A-EFA725F00C6E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {D80D54E2-2776-4CC2-8B6E-9F3776845953} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428624 2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3C27ED0-EAD9-4BBA-9193-F3632BE2B3AE} - no filepath
Task: {E4B8B00B-5D62-43E4-A24F-1E5C97553A79} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {EF171CB0-26ED-40DD-82F6-2E210E97C620} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-27] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{07e3057c-ff7f-4347-b13d-b445e2d1de98}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{53b62739-23ed-4950-a4a3-f7568a373592}: [DhcpNameServer] 150.201.1.2

Internet Explorer:
==================
HKU\S-1-5-21-172656454-667963083-1913216681-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-172656454-667963083-1913216681-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-172656454-667963083-1913216681-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-172656454-667963083-1913216681-1001 -> DefaultScope {2A79ECB3-843A-466F-82EF-F7B99424F581} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\open1\Downloads

FireFox:
========
FF DefaultProfile: eix3qyzu.default
FF ProfilePath: C:\Users\open1\AppData\Roaming\ThunderbirdOld\Profiles\eix3qyzu.default [2019-07-25]
FF Extension: (Lightning) - C:\Users\open1\AppData\Roaming\ThunderbirdOld\Profiles\eix3qyzu.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}.xpi [2019-07-25] [Legacy] [not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-06-07] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-06-07] (Google Inc -> Google LLC)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default [2019-09-13]
CHR Extension: (Slides) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-27]
CHR Extension: (Docs) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-27]
CHR Extension: (Google Drive) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-27]
CHR Extension: (YouTube) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-27]
CHR Extension: (Panda Smart Shopping) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbhdhpamoencpdogjnmnbjddipfkpad [2019-03-27]
CHR Extension: (Sheets) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-27]
CHR Extension: (Gmail) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-12]
CHR Extension: (Streak CRM for Gmail) - C:\Users\open1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2019-09-12]
CHR HKLM\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcbhdhpamoencpdogjnmnbjddipfkpad] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568224 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2018-09-25] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144600 2017-10-22] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2414264 2017-09-22] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [532968 2018-06-13] (Intel Corporation -> Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109536 2018-12-18] (Panda Security S.L. -> Panda Security, S.L.)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-20] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-12-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268336 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-08-01] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-08-01] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R3 ETDHCF; C:\WINDOWS\System32\drivers\ETDHCF.sys [29256 2017-10-22] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98976 2017-09-04] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70664 2017-09-22] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136728 2018-06-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [111384 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSDNS; C:\WINDOWS\system32\DRIVERS\NNSDNS.sys [104728 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211736 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [124904 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [130536 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [95472 2018-07-16] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [143848 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [95208 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135656 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [344040 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [286184 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123368 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [285672 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [129512 2018-12-14] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [198424 2019-01-13] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [160536 2019-01-13] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [214104 2018-12-13] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [147224 2019-01-13] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [159512 2019-01-13] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [128600 2018-12-19] (Panda Security S.L. -> Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-12-13] (Realtek Semiconductor Corp. -> Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3236320 2017-11-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-13 13:45 - 2019-09-13 13:48 - 000026015 _____ C:\Users\open1\Desktop\FRST.txt
2019-09-13 13:45 - 2019-09-13 13:45 - 000000000 ____D C:\FRST
2019-09-13 13:43 - 2019-09-13 13:43 - 001614848 _____ (Farbar) C:\Users\open1\Desktop\FRST64.exe
2019-09-13 12:19 - 2019-09-13 12:23 - 001448772 _____ C:\WINDOWS\Minidump\091319-40625-01.dmp
2019-09-13 12:19 - 2019-09-13 12:19 - 3645135083 _____ C:\WINDOWS\MEMORY.DMP
2019-09-12 17:18 - 2019-09-12 17:18 - 000000000 ____D C:\Users\open1\AppData\Local\ESET
2019-09-12 14:56 - 2019-09-12 14:59 - 000000000 _____ C:\WINDOWS\dtritest.txt
2019-09-12 14:55 - 2019-09-13 12:19 - 000000000 ____D C:\Program Files (x86)\Auto-Tracker
2019-09-12 14:55 - 2019-09-12 15:03 - 000000000 ____D C:\ProgramData\Auto-Tracker
2019-09-10 14:16 - 2019-09-10 14:16 - 000001785 _____ C:\Users\open1\Desktop\publickey - [email protected] - 0x4E2F3CB4.asc
2019-09-05 13:08 - 2019-09-05 13:08 - 000562054 _____ C:\Users\open1\Desktop\Sin_JS.pdf
2019-09-05 13:08 - 2019-09-05 13:08 - 000088408 _____ C:\Users\open1\Desktop\pob.pdf
2019-09-05 13:06 - 2019-09-05 13:06 - 000024843 _____ C:\Users\open1\Desktop\ReRe Fwd 75-01-QP - Ap.10725024.eml
2019-09-05 13:05 - 2019-09-05 13:05 - 000088408 _____ C:\Users\open1\Desktop\pob2.pdf
2019-09-05 13:04 - 2019-09-05 13:04 - 000562054 _____ C:\Users\open1\Desktop\Sin_JS2.pdf
2019-09-04 09:21 - 2019-09-04 09:21 - 003055261 _____ C:\Users\open1\Desktop\130003654310.pdf
2019-09-01 15:56 - 2019-09-01 15:56 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-09-01 15:56 - 2019-09-01 15:56 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-09-01 15:56 - 2019-09-01 15:56 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-09-01 15:56 - 2019-09-01 15:56 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-09-01 15:56 - 2019-09-01 15:56 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-09-01 15:56 - 2019-09-01 15:56 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-09-01 15:56 - 2019-09-01 15:56 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-09-01 15:56 - 2019-09-01 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-08-29 10:19 - 2019-08-29 10:19 - 000008957 _____ C:\Users\open1\Desktop\Faturação.eml
2019-08-27 11:36 - 2019-08-27 11:36 - 000149900 _____ C:\Users\open1\Desktop\Queixa apresentada à Provedora de Justiça.eml
2019-08-22 09:19 - 2019-08-22 09:20 - 000000000 ___RD C:\Users\open1\Documents\Scanned Documents
2019-08-22 09:19 - 2019-08-22 09:19 - 000000000 ____D C:\Users\open1\Documents\Fax
2019-08-21 10:13 - 2019-08-25 15:12 - 000000000 ____D C:\Users\open1\Desktop\Lawyer BCN
2019-08-16 15:50 - 2019-08-16 15:50 - 000002001 _____ C:\Users\open1\Documents\Where are my files.lnk
2019-08-16 15:50 - 2019-08-16 15:50 - 000001658 _____ C:\Users\open1\Desktop\Where are my files.lnk
2019-08-14 10:56 - 2019-08-07 14:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 10:56 - 2019-08-07 09:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 10:56 - 2019-08-07 08:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 10:56 - 2019-08-07 08:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 10:56 - 2019-08-07 08:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 10:55 - 2019-08-07 14:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 10:55 - 2019-08-07 14:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 10:55 - 2019-08-07 14:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 10:55 - 2019-08-07 13:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 10:55 - 2019-08-07 13:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 10:55 - 2019-08-07 13:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 10:55 - 2019-08-07 13:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 10:55 - 2019-08-07 13:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 10:55 - 2019-08-07 13:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 10:55 - 2019-08-07 13:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 10:55 - 2019-08-07 13:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 10:55 - 2019-08-07 13:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 10:55 - 2019-08-07 13:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 10:55 - 2019-08-07 13:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 10:55 - 2019-08-07 13:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 10:55 - 2019-08-07 13:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 10:55 - 2019-08-07 13:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 10:55 - 2019-08-07 13:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 10:55 - 2019-08-07 13:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 10:55 - 2019-08-07 13:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 10:55 - 2019-08-07 13:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 10:55 - 2019-08-07 13:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 10:55 - 2019-08-07 13:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 10:55 - 2019-08-07 13:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 10:55 - 2019-08-07 13:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 10:55 - 2019-08-07 13:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 10:55 - 2019-08-07 13:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 10:55 - 2019-08-07 10:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-14 10:55 - 2019-08-07 09:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 10:55 - 2019-08-07 09:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 10:55 - 2019-08-07 09:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-14 10:55 - 2019-08-07 09:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 10:55 - 2019-08-07 09:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 10:55 - 2019-08-07 09:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 10:55 - 2019-08-07 09:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 10:55 - 2019-08-07 09:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-14 10:55 - 2019-08-07 09:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 10:55 - 2019-08-07 09:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 10:55 - 2019-08-07 09:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 10:55 - 2019-08-07 09:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 10:55 - 2019-08-07 09:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 10:55 - 2019-08-07 09:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 10:55 - 2019-08-07 09:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 10:55 - 2019-08-07 09:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 10:55 - 2019-08-07 09:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 10:55 - 2019-08-07 09:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 10:55 - 2019-08-07 09:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-14 10:55 - 2019-08-07 09:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 10:55 - 2019-08-07 09:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 10:55 - 2019-08-07 09:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 10:55 - 2019-08-07 09:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 10:55 - 2019-08-07 09:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 10:55 - 2019-08-07 09:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 10:55 - 2019-08-07 09:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 10:55 - 2019-08-07 09:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 10:55 - 2019-08-07 09:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 10:55 - 2019-08-07 09:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 10:55 - 2019-08-07 08:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 10:55 - 2019-08-07 08:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 10:55 - 2019-08-07 08:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 10:55 - 2019-08-07 08:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 10:55 - 2019-08-07 08:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 10:55 - 2019-08-07 08:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 10:55 - 2019-08-07 08:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 10:55 - 2019-08-07 08:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 10:55 - 2019-08-07 08:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 10:55 - 2019-08-07 08:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 10:55 - 2019-08-07 08:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 10:55 - 2019-08-07 08:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 10:55 - 2019-08-07 08:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 10:55 - 2019-08-07 08:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 10:55 - 2019-08-07 08:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 10:55 - 2019-08-07 08:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 10:55 - 2019-08-07 08:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 10:55 - 2019-08-07 08:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 10:55 - 2019-08-07 08:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 10:55 - 2019-08-07 08:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 10:55 - 2019-08-07 08:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-14 10:55 - 2019-08-07 08:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-14 10:55 - 2019-08-07 08:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 10:55 - 2019-08-07 08:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 10:55 - 2019-08-07 08:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 10:55 - 2019-08-07 08:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-14 10:55 - 2019-08-07 08:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 10:55 - 2019-08-07 08:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 10:55 - 2019-08-07 08:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 10:55 - 2019-08-07 08:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 10:55 - 2019-08-07 08:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 10:55 - 2019-08-07 08:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 10:55 - 2019-08-07 08:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 10:55 - 2019-08-07 08:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-14 10:55 - 2019-08-07 08:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 10:55 - 2019-08-07 08:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 10:55 - 2019-08-07 08:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 10:55 - 2019-08-07 08:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 10:55 - 2019-08-07 08:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 10:55 - 2019-08-07 08:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 10:55 - 2019-08-07 08:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 10:55 - 2019-08-07 08:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 10:55 - 2019-08-07 08:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 10:55 - 2019-08-07 08:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 10:55 - 2019-08-07 08:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 10:55 - 2019-08-07 08:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 10:55 - 2019-08-07 08:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 10:55 - 2019-08-07 08:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 10:55 - 2019-08-07 08:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 10:55 - 2019-08-07 08:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 10:55 - 2019-08-07 08:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 10:55 - 2019-08-07 08:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-14 10:55 - 2019-08-07 08:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 10:55 - 2019-08-07 08:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 10:55 - 2019-08-07 08:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 10:55 - 2019-08-07 08:31 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-14 10:55 - 2019-08-07 08:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 10:55 - 2019-08-07 08:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 10:55 - 2019-08-07 08:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 10:55 - 2019-08-07 08:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 10:55 - 2019-08-07 08:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 10:55 - 2019-08-07 08:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 10:55 - 2019-08-07 08:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 10:55 - 2019-08-07 08:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 10:55 - 2019-08-07 07:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-14 10:55 - 2019-07-11 07:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-14 10:55 - 2019-07-11 02:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 10:55 - 2019-07-11 02:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 10:55 - 2019-07-11 02:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 10:46 - 2019-08-14 10:46 - 000000000 ____D C:\Users\open1\AppData\LocalLow\Adobe
2019-08-14 10:41 - 2019-08-14 11:03 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-08-14 10:39 - 2019-08-14 10:47 - 000000000 ____D C:\ProgramData\Adobe
2019-08-14 10:38 - 2019-08-14 10:46 - 000000000 ____D C:\Users\open1\AppData\Local\Adobe
2019-08-14 10:33 - 2019-02-13 06:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-13 13:42 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-13 13:36 - 2019-07-31 16:41 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-13 13:36 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-09-13 13:33 - 2019-03-27 13:50 - 000000000 __SHD C:\Users\open1\IntelGraphicsProfiles
2019-09-13 13:32 - 2019-07-31 16:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-13 13:32 - 2019-07-31 16:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-13 13:29 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-09-13 13:24 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-13 13:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-13 12:23 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-09-13 12:19 - 2019-08-07 19:11 - 000000000 ____D C:\WINDOWS\Minidump
2019-09-13 12:06 - 2019-07-26 10:09 - 000000000 ____D C:\Users\open1\AppData\Roaming\Spotify
2019-09-13 08:28 - 2019-07-09 10:14 - 000000000 ___DC C:\WINDOWS\Panther
2019-09-13 07:53 - 2019-03-27 13:47 - 000000000 ____D C:\Users\open1\AppData\Local\Host App Service
2019-09-12 23:59 - 2019-07-31 16:57 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1D8EF7B6-7A23-4404-AFDA-B967323FC71A}
2019-09-12 22:42 - 2019-07-31 16:57 - 000024768 _____ C:\WINDOWS\diagwrn.xml
2019-09-12 22:42 - 2019-07-31 16:57 - 000024768 _____ C:\WINDOWS\diagerr.xml
2019-09-12 16:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Registration
2019-09-12 16:30 - 2019-03-19 08:02 - 000000000 ___HD C:\$WINDOWS.~BT
2019-09-12 10:01 - 2019-03-27 15:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-09-12 10:01 - 2019-03-27 15:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-11 18:13 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-09-11 15:27 - 2019-03-27 18:41 - 000000000 ____D C:\Users\open1\AppData\Roaming\POP Peeper
2019-09-08 15:17 - 2019-03-27 15:20 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-09-05 18:54 - 2019-07-31 16:31 - 000002370 _____ C:\Users\open1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-05 18:54 - 2019-03-27 13:56 - 000000000 ___RD C:\Users\open1\OneDrive
2019-09-01 15:56 - 2019-03-27 14:17 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-01 15:55 - 2018-03-25 16:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-01 15:03 - 2019-03-27 15:00 - 000000000 ____D C:\Program Files\rempl
2019-09-01 04:57 - 2018-04-12 00:41 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-09-01 04:57 - 2018-04-12 00:41 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-27 08:54 - 2019-07-31 16:31 - 000000000 ____D C:\Users\open1
2019-08-27 08:53 - 2019-08-01 18:02 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-08-22 13:03 - 2019-07-26 10:11 - 000000000 ____D C:\Users\open1\AppData\Local\Spotify
2019-08-21 09:51 - 2019-03-27 13:50 - 000000000 ____D C:\Users\open1\AppData\Local\Packages
2019-08-18 08:51 - 2019-03-27 13:50 - 000000000 ___RD C:\Users\open1\3D Objects
2019-08-18 08:51 - 2017-10-03 17:48 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-18 00:17 - 2019-07-31 16:24 - 000457920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-18 00:16 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-08-18 00:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-18 00:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-18 00:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-16 15:36 - 2019-03-27 16:51 - 000000000 ____D C:\ProgramData\Packages
2019-08-14 10:54 - 2019-03-27 14:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 10:50 - 2019-03-27 14:56 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-14 10:46 - 2019-03-27 13:50 - 000000000 ____D C:\Users\open1\AppData\Roaming\Adobe

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Attached Thumbnails
Click image for larger version

Name:	script.PNG
Views:	22
Size:	30.3 KB
ID:	324386  
Attached Files
File Type: txt Addition.txt (24.2 KB, 14 views)
qimqim is offline  
Sponsored Links
Advertisement
 
Old 09-13-2019, 08:46 AM   #2
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi qimqim, welcome to the TSF malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 3 days, it will be closed.
    • If your topic is closed and you still need assistance, please start a new topic with a link to this one.
  • If you have questions at any time during the cleanup, feel free to ask.
Please give me some time to go over your logs and I will get back to you as soon as possible.
trog69 likes this.
__________________
Proud member of UNITE
iMacg3 is offline  
Old 09-13-2019, 09:08 AM   #3
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi qimqim,

Has your computer been infected by ransomware recently?

---------------------------------------------------
Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:
    Quote:
    Lenovo App Explorer
  • Select the above program(s) and click Uninstall.
  • Restart the computer if prompted.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    Task: {5B28A094-F616-436B-A6EB-76A3D1737B98} - no filepath
    Task: {E3C27ED0-EAD9-4BBA-9193-F3632BE2B3AE} - no filepath
    SearchScopes: HKU\S-1-5-21-172656454-667963083-1913216681-1001 -> DefaultScope {2A79ECB3-843A-466F-82EF-F7B99424F581} URL =
    2019-09-13 07:53 - 2019-03-27 13:47 - 000000000 ____D C:\Users\open1\AppData\Local\Host App Service
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run32: => "PSUAMain"
    HKU\S-1-5-21-172656454-667963083-1913216681-1001\...\StartupApproved\Run: => "Spotify"
    Folder: C:\Program Files (x86)\Auto-Tracker
    CMD: Bitsadmin /Reset /Allusers
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • AdwCleaner[S0*].txt
  • Let me know how the computer is doing.
__________________
Proud member of UNITE
iMacg3 is offline  
Sponsored Links
Advertisement
 
Old 09-13-2019, 11:08 AM   #4
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Hi

I don't understand what I have to do with the script once I copy it. Don-t I have to paste soemwhere_
qimqim is offline  
Old 09-13-2019, 11:45 AM   #5
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



I went ahead assuming that FRST looks into the what is held in the copy...

As I opened FRST that script message came up again (attached). What is it?


Fix result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019
Ran by open1 (13-09-2019 19:28:09) Run:1
Running from C:\Users\open1\Desktop
Loaded Profiles: open1 (Available Profiles: open1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Task: {5B28A094-F616-436B-A6EB-76A3D1737B98} - no filepath
Task: {E3C27ED0-EAD9-4BBA-9193-F3632BE2B3AE} - no filepath
SearchScopes: HKU\S-1-5-21-172656454-667963083-1913216681-1001 -> DefaultScope {2A79ECB3-843A-466F-82EF-F7B99424F581} URL =
2019-09-13 07:53 - 2019-03-27 13:47 - 000000000 ____D C:\Users\open1\AppData\Local\Host App Service
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKU\S-1-5-21-172656454-667963083-1913216681-1001\...\StartupApproved\Run: => "Spotify"
Folder: C:\Program Files (x86)\Auto-Tracker
CMD: Bitsadmin /Reset /Allusers

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B28A094-F616-436B-A6EB-76A3D1737B98}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B28A094-F616-436B-A6EB-76A3D1737B98}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3C27ED0-EAD9-4BBA-9193-F3632BE2B3AE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3C27ED0-EAD9-4BBA-9193-F3632BE2B3AE}" => removed successfully
"HKU\S-1-5-21-172656454-667963083-1913216681-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"C:\Users\open1\AppData\Local\Host App Service" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SecurityHealth" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SecurityHealth" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\PSUAMain" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PSUAMain" => removed successfully
"HKU\S-1-5-21-172656454-667963083-1913216681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Spotify" => removed successfully
"HKU\S-1-5-21-172656454-667963083-1913216681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Spotify" => removed successfully

========================= Folder: C:\Program Files (x86)\Auto-Tracker ========================

2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker
2019-09-12 14:55 - 2018-12-17 16:09 - 003533176 ____A [F619E5FB96618F560C1A2A833C0DDFA8] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\dtri.exe
2019-09-12 14:55 - 2016-09-06 10:47 - 000950320 ____A [01DEF3746D24EFFF5017994248639487] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\dtrihelper.exe
2019-09-12 14:55 - 2016-09-06 10:47 - 000085976 ____A [E113AC4AAA00E8250D7C560AFE010EBE] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\supd.exe
2019-09-12 14:55 - 2012-01-18 16:34 - 000015742 ____A [7A66866C961D7D1C2B9A65034DC7B4E2] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\tray_bw_slashed.ico
2019-09-12 14:55 - 2012-01-18 16:34 - 000015742 ____A [C4AF8C405D261F5CCDDC02B6D91094F6] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\tray_original.ico
2019-09-12 14:55 - 2012-01-18 16:34 - 000015742 ____A [BD2D3A9315250D940749308946BF6BDB] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\tray_teal_points.ico
2019-09-12 14:58 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins
2019-09-12 14:59 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\chrome
2019-09-12 14:59 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\chrome\wegch
2019-09-12 14:55 - 2018-12-17 16:12 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\chrome\wegch\wegch.crx
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo
2019-09-12 14:58 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]
2019-09-12 14:55 - 2015-01-13 11:10 - 000012775 ____A [EDEEB3F4B254CCF86A7E0C9F85133384] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\bootstrap.js
2019-09-12 14:55 - 2015-01-20 13:49 - 000001398 ____A [3456212D9EA761BEA3E3D1B27404E08D] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\harness-options.json
2019-09-12 14:55 - 2012-04-10 06:32 - 000001562 ____A [38BCF5817DC08F1B2E7234F298BBE10A] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\icon.png
2019-09-12 14:55 - 2016-01-07 11:42 - 000001189 ____A [802230CAA5DA766942D0BB8BD7DFCE24] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\install.rdf
2019-09-12 14:55 - 1980-01-01 01:00 - 000000016 ____A [A77421EB4FFAC031FF52E9D3B935998D] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\locales.json
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\defaults
2019-09-12 14:58 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\defaults\preferences
2019-09-12 14:55 - 2015-01-20 13:49 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\defaults\preferences\prefs.js
2019-09-12 14:58 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\locale
2019-09-12 14:55 - 2015-01-20 13:44 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\locale\empty
2019-09-12 14:58 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\META-INF
2019-09-12 14:55 - 2016-01-07 01:59 - 000002766 ____A [C109AB8E9DD8C8443AC0523C75D6F1F2] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\META-INF\manifest.mf
2019-09-12 14:55 - 2016-01-07 01:59 - 000004180 ____A [961E2EF582D86DE4CAA18A844021772F] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\META-INF\mozilla.rsa
2019-09-12 14:55 - 2016-01-07 01:59 - 000000121 ____A [5891E1BFDACFE73E9ACCB60B9C799B6C] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\META-INF\mozilla.sf
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\addon-sdk
2019-09-12 14:58 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\addon-sdk\lib
2019-09-12 14:55 - 2015-01-20 13:44 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\addon-sdk\lib\empty
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit
2019-09-12 14:58 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data
2019-09-12 14:55 - 2015-01-19 17:36 - 000007659 ____A [735CF2BFC99BBD6661673F0D837E7A1E] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data\gmail.js
2019-09-12 14:55 - 2015-01-19 18:02 - 000010263 ____A [0B100ADA76B76C0EED419F31308F0225] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data\gmail_web2.js
2019-09-12 14:55 - 2012-04-10 06:32 - 000000914 ____A [440B20AFF3AF07EECC42348E84ED9E36] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data\green.png
2019-09-12 14:55 - 2012-04-10 06:32 - 000001562 ____A [38BCF5817DC08F1B2E7234F298BBE10A] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data\green24.png
2019-09-12 14:55 - 2015-01-19 17:36 - 000008813 ____A [EA9974495EA3330894B955558219D3E6] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data\hotmail.js
2019-09-12 14:55 - 2016-01-07 13:09 - 000084320 ____A [32015DD42E9582A80A84736F5D9A44D7] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data\jquery.js
2019-09-12 14:55 - 2012-04-10 06:32 - 000000922 ____A [314458204E4EB92E0F5742877E57F61F] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data\red.png
2019-09-12 14:55 - 2015-01-19 17:36 - 000007609 ____A [254A64447371574EDF2FC912CF292E79] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data\yahoo_classic.js
2019-09-12 14:55 - 2015-02-12 18:08 - 000009819 ____A [127B3D495A772CC383F723A32DC5C851] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\data\yahooneo.js
2019-09-12 14:58 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\lib
2019-09-12 14:55 - 2015-01-19 17:29 - 000003452 ____A [A167F7D14DD557005E8FD64613820A96] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\lib\main.js
2019-09-12 14:58 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\tests
2019-09-12 14:55 - 2015-01-20 13:44 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\firefox\wegmo\[email protected]\resources\didtheyreadit\tests\empty
2019-09-12 14:59 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\internetexplorer
2019-09-12 14:59 - 2019-09-12 14:59 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\internetexplorer\wegie
2019-09-12 14:55 - 2014-11-20 14:46 - 000049930 ____A [6E5B34811CDBD6BD30914CFD1B68905B] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\internetexplorer\wegie\wegie.cfg
2019-09-12 14:55 - 2016-09-06 10:47 - 000180696 ____A [3163BA0A4D910FAF4CFB7AB06A2AE661] (DidtheyReadIt.com) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\internetexplorer\wegie\wegie.dll
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo
2019-09-12 14:55 - 2016-01-04 13:52 - 003981016 ____A [2DAEB0C65287086B24BDCA5F56561C7F] (Add-in Express Ltd) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\AddinExpress.MSO.2005.dll
2019-09-12 14:55 - 2015-10-09 18:13 - 000607744 ____A [132BD961AAC7F79FDB82FFE26EB39990] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\adxloader.dll
2019-09-12 14:55 - 2016-01-04 08:05 - 000000262 ____A [F50B515ACA5B1661303120AE253E7C39] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\adxloader.dll.manifest
2019-09-12 14:55 - 2015-10-09 18:15 - 000715776 ____A [73928D10460B8BB9B2BC81B37564D586] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\adxloader64.dll
2019-09-12 14:55 - 2015-10-09 18:16 - 000156888 ____A [63EF7B111D075F98C9C557EB4235512D] (Add-in Express Ltd.) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\adxregistrator.exe
2019-09-12 14:55 - 2016-01-04 08:04 - 000002198 ____A [FEFDF317537F45E79B4ADBF6787D76A1] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\app.config
2019-09-12 14:55 - 2016-01-04 08:05 - 000006656 ____A [9D0D54913FB36B94B0122FF00F7D6341] (VRADD.com Multiplatform Application Framework) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\CloseHostApplication.exe
2019-09-12 14:55 - 2011-02-19 22:39 - 000010584 ____A [9F139656892153F233D53A2F578D8594] (Microsoft Corporation) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\Extensibility.dll
2019-09-12 14:55 - 2010-05-17 13:59 - 000408176 ____A [F1EFFA95F76061407C6A337C9EA994E8] (Microsoft Corporation) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\Microsoft.Office.Interop.Outlook.dll
2019-09-12 14:55 - 2010-05-13 12:01 - 000664968 ____A [B17F7931D031C5711628EA8C6D15409C] (Microsoft Corporation) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\Microsoft.Office.Interop.Word.dll
2019-09-12 14:55 - 2010-05-13 12:00 - 000066936 ____A [056AD274C2AC6C794C75FDB5B2664C88] (Microsoft Corporation) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\Microsoft.Vbe.Interop.dll
2019-09-12 14:55 - 2010-05-13 12:00 - 000226656 ____A [C73E12F0E652CCFF2E23DFC726EB7F44] (Microsoft Corporation) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\office.dll
2019-09-12 14:55 - 2016-09-06 10:47 - 000059864 ____A [342BEF1B92D00E10C1007EC8AAA64260] (VRADD.com Multiplatform Application Framework) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\pmoo.dll
2019-09-12 14:55 - 2011-02-19 22:39 - 000022344 ____A [9AE97F76DFD807290784292CF4B5CFD4] (Microsoft Corporation) C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\outlook\pmoo\stdole.dll
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth
2019-09-12 14:55 - 2018-12-17 17:31 - 000000562 ____A [AFD0BCBF26E86BA55D42BB584A776B58] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome.manifest
2019-09-12 14:55 - 2011-12-15 18:26 - 000001562 ____A [38BCF5817DC08F1B2E7234F298BBE10A] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\icon.png
2019-09-12 14:55 - 2018-12-17 17:31 - 000000844 ____A [FB51FFC61441EE5058B412453C810330] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\install.rdf
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\content
2019-09-12 14:55 - 2013-11-05 14:37 - 000011634 ____A [B85C5AF07E0D903F3E8523A20463435C] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\content\dtri.js
2019-09-12 14:55 - 2012-03-05 15:42 - 000000815 ____A [44BEAFC6BC3328822C004698BAF3882F] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\content\dtri.xul
2019-09-12 14:55 - 2018-12-17 17:31 - 000004888 ____A [5D1E4EDBBE075437AE38371CD1E72C34] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\content\dtriCompose.js
2019-09-12 14:55 - 2013-11-05 14:37 - 000005408 ____A [634761F6EF09C7F82459235E1D7DBBE5] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\content\dtriUtils.js
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\locale
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\locale\en-US
2019-09-12 14:55 - 2012-02-24 13:27 - 000000117 ____A [B1D78F941873A3B2CBC5CB0AAFB65C67] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\locale\en-US\dtri.dtd
2019-09-12 14:55 - 2018-12-17 17:31 - 000000106 ____A [8DEB5B91E1F20BD97AC62B18F325B34A] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\locale\en-US\dtri.properties
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\skin
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\skin\classic
2019-09-12 14:55 - 2018-12-17 17:32 - 000000382 ____A [8E16935E71C328BDB553DECE7B453617] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\skin\classic\dtri.css
2019-09-12 14:55 - 2011-12-15 18:26 - 000000914 ____A [440B20AFF3AF07EECC42348E84ED9E36] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\skin\classic\green16.png
2019-09-12 14:55 - 2011-12-15 18:26 - 000001562 ____A [38BCF5817DC08F1B2E7234F298BBE10A] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\skin\classic\green24.png
2019-09-12 14:55 - 2012-01-25 13:54 - 000000922 ____A [314458204E4EB92E0F5742877E57F61F] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\skin\classic\red16.png
2019-09-12 14:55 - 2012-02-01 12:34 - 000001612 ____A [02DBE8CBAF4D573E4B1440CCB7306437] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\chrome\skin\classic\red24.png
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\defaults
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\defaults\preferences
2019-09-12 14:55 - 2013-04-29 12:17 - 000000179 ____A [6DB9D9331F73AA71E77E92BC1A75A1FA] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\plugins\thunderbird\pmth\defaults\preferences\prefs.js
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources
2019-09-12 14:55 - 2017-10-19 12:36 - 000012178 ____A [67CADE3C3E5F7FD5B214F55BD8968912] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\action.js
2019-09-12 14:55 - 2012-04-09 10:52 - 000090205 ____A [28348C0ECEDF6EDE813CC2372E5010E6] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\bootstrap.min.css
2019-09-12 14:55 - 2012-03-16 15:36 - 000021252 ____A [FD05443113803E29E5715FD37FD878AA] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\bootstrap.min.js
2019-09-12 14:55 - 2012-03-20 16:32 - 000004724 ____A [276527E129DF6C21FC9EB7E6C7AFF8A8] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\dtri_banner.png
2019-09-12 14:55 - 2012-03-16 15:36 - 000004352 ____A [531D4B607365AC65B09A181216F0664D] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\glyphicons-halflings.png
2019-09-12 14:55 - 2012-03-16 15:36 - 000004352 ____A [11118AE8DB796D41DD11482067C89D01] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\glyphicons-halflings-white.png
2019-09-12 14:55 - 2012-03-29 19:19 - 000094840 ____A [B8D64D0BC142B3F670CC0611B0AEBCAE] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\jquery.min.js
2019-09-12 14:55 - 2012-03-12 12:52 - 000008581 ____A [03F0AD9DEBB31C839F4420EF5974DBFC] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\loading.gif
2019-09-12 14:55 - 2012-04-13 09:36 - 000003388 ____A [3B527E40CB02DD5D8C7E596A621C5754] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\pap-bridge.js
2019-09-12 14:55 - 2012-03-13 19:38 - 000000841 ____A [9BCC4D3CF0619C82F0988BBA9E79F83D] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\shortcut.ico
2019-09-12 14:55 - 2012-04-13 08:59 - 000001748 ____A [C6AF0C93A3494A28FB97D788EBDDBB2F] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\styles.css
2019-09-12 14:55 - 2011-10-28 15:32 - 000004383 ____A [1166D4A4CAAFDA5C5570566D7C564B89] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\tray_bw_slashed.png
2019-09-12 14:55 - 2011-10-28 10:56 - 000004044 ____A [552B6E67CDABFD65082AAC1DC5F8198F] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\tray_original.png
2019-09-12 14:55 - 2012-03-13 19:38 - 000000841 ____A [9BCC4D3CF0619C82F0988BBA9E79F83D] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\tray_original_feathered.ico
2019-09-12 14:55 - 2012-03-13 19:22 - 000004328 ____A [A978B85B2123FFA920D32377FD501C35] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\tray_original_feathered.png
2019-09-12 14:55 - 2011-10-28 15:28 - 000003747 ____A [4411361F5438654D03CD2351FA992961] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\Program Files (x86)\Auto-Tracker\resources\tray_teal_points.png
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\ProgramData
2019-09-12 14:58 - 2019-09-12 14:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\ProgramData\Auto-Tracker
2019-09-12 14:55 - 2012-02-06 14:01 - 000000170 ____A [3B4DD2DB28F46DE6D4C22FACC243D6C6] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\ProgramData\Auto-Tracker\affcode
2019-09-12 14:55 - 2012-03-05 11:10 - 000000055 ____A [578A2D5C2F200125F4026BFD573BA42B] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\ProgramData\Auto-Tracker\dtri.ini
2019-09-12 14:55 - 2017-10-19 12:45 - 000000330 ____A [F6AFB381EA27C3402F61A5EFEA873E5B] () C:\Program Files (x86)\Auto-Tracker\rollbackBackupDirectory\C\ProgramData\Auto-Tracker\settings

====== End of Folder: ======


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{C16A7FD5-CAFB-4C68-83B5-1EA5760B0CB8} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 146873081 B
Java, Flash, Steam htmlcache => 735 B
Windows/system/drivers => 1557902 B
Edge => 1267537 B
Chrome => 83722109 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 10874 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
open1 => 80507039 B

RecycleBin => 268527744 B
EmptyTemp: => 563 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:31:46 ====




# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-09-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-13-2019
# Duration: 00:00:26
# OS: Windows 10 Home
# Scanned: 35602
# Detected: 9


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\Program Files (x86)\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Program Files\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\open1\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\drivers\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1


AdwCleaner_Debug.log - [5417 octets] - [13/09/2019 19:42:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Attached Thumbnails
Click image for larger version

Name:	scrpt2.PNG
Views:	9
Size:	36.1 KB
ID:	324392  
qimqim is offline  
Old 09-13-2019, 01:27 PM   #6
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi qimqim,

---------------------------------------------------
AdwCleaner - Clean
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please check the following boxes and then click Quarantine
Quote:
Adware.pokki
    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start ADWCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

---------------------------------------------------

Let's try resetting Google Chrome.

Reset Google Chrome

Note: this step will remove installed Chrome extensions. If you wish to keep your currently installed Chrome extensions, please note them down so they can be reinstalled later.
For a complete list of what is removed during a Chrome reset, see here for more information.
  • Open Google Chrome.
  • Click the Menu icon in the upper right corner of the Chrome window (three dots) and select Settings.
  • Under Reset and Cleanup, select Reset Settings.
  • Select Reset Settings to confirm the reset.
Let me know if the issue with Chrome persists.

---------------------------------------------------

In your next reply, please include:
  • AdwCleaner[C0*].txt
  • Description of any remaining issues.
__________________
Proud member of UNITE
iMacg3 is offline  
Old 09-13-2019, 02:33 PM   #7
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Computer running smoothly. What a difference. Thank you!

What was the script in the screen shots that I attached all about<' <is that cleared too?




# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-09-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-13-2019
# Duration: 00:00:21
# OS: Windows 10 Home
# Scanned: 35602
# Detected: 9


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\Program Files (x86)\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Program Files\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\open1\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\drivers\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1


AdwCleaner_Debug.log - [12811 octets] - [13/09/2019 19:42:03]
AdwCleaner[S00].txt - [2166 octets] - [13/09/2019 19:42:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
qimqim is offline  
Old 09-13-2019, 02:36 PM   #8
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Computer running smoothly now, thank you|!

Do you know what the script was all about and is that cleared now?


# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-09-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-13-2019
# Duration: 00:00:21
# OS: Windows 10 Home
# Scanned: 35602
# Detected: 9


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\Program Files (x86)\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Program Files\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\open1\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\drivers\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1


AdwCleaner_Debug.log - [12811 octets] - [13/09/2019 19:42:03]
AdwCleaner[S00].txt - [2166 octets] - [13/09/2019 19:42:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
qimqim is offline  
Old 09-13-2019, 05:14 PM   #9
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi qimqim,

Glad to hear the issue is resolved.

Chrome was attempting to run a script (looks like it was related to Calendar) and it caused the 'not responding' error.

It looks like AdwCleaner was run in "Scan" mode again. Please run the following FRST fix which will remove the items detected by AdwCleaner:


---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    C:\Windows\System32\Tasks_Migrated\App Explorer
    DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
__________________
Proud member of UNITE
iMacg3 is offline  
Old 09-13-2019, 05:28 PM   #10
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



Thank you!


Fix result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019
Ran by open1 (14-09-2019 01:26:35) Run:2
Running from C:\Users\open1\Desktop
Loaded Profiles: open1 (Available Profiles: open1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Windows\System32\Tasks_Migrated\App Explorer
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer

*****************

Restore point was successfully created.
C:\Windows\System32\Tasks_Migrated\App Explorer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => removed successfully

==== End of Fixlog 01:27:33 ====
qimqim is offline  
Old 09-13-2019, 07:16 PM   #11
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



If all is well:

The following will remove the tools we used as well as reset system restore points:

---------------------------------------------------
KpRm

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
Here are some articles about how to keep your computer safe on the internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing
__________________
Proud member of UNITE
iMacg3 is offline  
Old 09-14-2019, 12:07 AM   #12
Registered Member
 
Join Date: Dec 2006
Posts: 259
OS: Windows 10



iMacg3

Thank you for your help. Computer runs now as it should. May I ask if I could check my other computer, the one from where I transferred all the data (and viruses?...) to this one? I also get that strange script that you say is due to Chrome, and I get all sorts of problems, which prompted me to buy another laptop before it crashes.

Should I start a new thread?





# Run at 14/09/2019 07:54:32
# KpRm (Kernel-panik) version 1.9
# Website https://kernel-panik.me/tool/kprm/
# Run by open1 from C:\Users\open1\Desktop
# Computer Name: LAPTOP-43556QAO
# OS: Windows 10 X64 (17134)

- Create Registry Backup -

[OK] Registry Backup: C:\KPRM\backup\2019-09-14-07-54

- Search Tools -


## AdwCleaner
[OK] C:\Users\open1\Desktop\AdwCleaner.exe deleted (1)
[OK] C:\AdwCleaner deleted (1)

## FRST
[OK] C:\Users\open1\Desktop\Addition.txt deleted (1)
[OK] C:\Users\open1\Desktop\Fixlog.txt deleted (1)
[OK] C:\Users\open1\Desktop\FRST.txt deleted (1)
[OK] C:\Users\open1\Desktop\FRST64.exe deleted (1)
[OK] C:\FRST deleted (1)

- Restore Default System Settings -

[OK] Flush DNS
[OK] Reset WinSock
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC Default Value -

[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableLUA with default (1) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear All System Restore Points -

~ [OK] RP named Scheduled Checkpoint created at 08/25/2019 21:22:30 deleted
~ [OK] RP named Windows Update created at 09/01/2019 14:01:51 deleted
~ [OK] RP named Scheduled Checkpoint created at 09/08/2019 21:25:07 deleted
~ [OK] RP named Windows Update created at 09/12/2019 09:05:02 deleted

[OK] All system restore points have been successfully deleted

- Create New System Restore Point -

[OK] Enable System Restore
[OK] System Restore Point created

- Display All System Restore Point -

~ [I] RP named KpRm created at 09/14/2019 07:02:19 found
qimqim is offline  
Old 09-14-2019, 07:06 AM   #13
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



I see you've started a new thread for your other computer.


As your problems appear to be resolved, this topic is closed.

Glad we could help.
If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:
https://www.techsupportforum.com/f50...lp-305963.html
trog69 likes this.
__________________
Proud member of UNITE
iMacg3 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:40 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts