Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Why is my mouse doing that? Virus?

This is a discussion on Why is my mouse doing that? Virus? within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi My mouse cursor on the screen will act up once in a while. What it does, is that it


 
 
Thread Tools Search this Thread
Old 07-27-2019, 02:19 PM   #1
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



Hi

My mouse cursor on the screen will act up once in a while.
What it does, is that it just stops moving for 1 to 5 seconds then resumes and does that usually for only 1 minute twice a day.
I have a feeling something unwanted is working in the background and makes it do that.
The mouse is 2 months old, I have had no issues with it beside that. It has a fresh set of batteries in it.

Thanks for your help

Pat
vaindioux is offline  
Sponsored Links
Advertisement
 
Old 07-27-2019, 11:12 PM   #2
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello..!


Malware Removal Help Posting Instructions
__________________
Hristo Tonev (Ico)

icotonev is offline  
Old 07-28-2019, 07:39 AM   #3
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



Hi

I have removed utorrent as per your instructions. I don't know where I might have a boot disc or install disc for windows.

Thxs again

Pat


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Vaindioux (administrator) on VAINDIOUX-PC (HP-Pavilion NY549AA-ABA p6230y) (28-07-2019 10:20:39)
Running from C:\Users\Vaindioux\Downloads
Loaded Profiles: Vaindioux (Available Profiles: Vaindioux)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
() [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
() [File not signed] C:\Windows\SysWOW64\WinMsgBalloonClient.exe
() [File not signed] C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alcatel-Lucent) [File not signed] C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) [File not signed] C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Alcatel-Lucent) [File not signed] C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\MAHostService.exe
(Alcatel-Lucent) [File not signed] C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) [File not signed] C:\Program Files\Windstream Support Center\9.0.1.51\ma\bin\pcTrayApp.exe
(AMD) [File not signed] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Creative Home -> Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\Planner\PLNRnote.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> ) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Joyent, Inc) [File not signed] C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\node.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Radialpoint -> Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Radialpoint -> Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service AgentComHandler.exe
(Radialpoint -> Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(Radialpoint -> Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Radialpoint -> Windstream) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files\WD Desktop App\kdd
(Western Digital Technologies, Inc. -> ) C:\Program Files\WD Desktop App\wdsync.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WDDiscoveryMonitor.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files\WD Desktop App\kdd.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Users\Vaindioux\AppData\Roaming\WD Discovery\plugins\com.wdc.plugin.catalog\current\library\WD Device Agent.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] (Hewlett-Packard Company -> )
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Windstream_McciTrayApp] => C:\Program Files\Windstream Support Center\9.0.1.51\ma\bin\pcTrayApp.exe [2956288 2015-06-30] (Alcatel-Lucent) [File not signed]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-05-07] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] () [File not signed]
HKLM-x32\...\Run: [UpdatePRCShortCut] => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-05-03] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Radialpoint -> Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Radialpoint -> Windstream)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2306984 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81376496 2019-07-10] (Western Digital Technologies, Inc. -> Western Digital Corporation)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21912 2017-04-13] (Western Digital Techologies -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2019-05-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-193268592-317187610-2715994916-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-193268592-317187610-2715994916-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-193268592-317187610-2715994916-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-193268592-317187610-2715994916-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-193268592-317187610-2715994916-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-193268592-317187610-2715994916-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\VAINDI~1\Desktop\dds.scr
HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-15] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\Windows\SysWOW64\advpack.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2011-02-06]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2014-07-14]
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\Planner\PLNRnote.exe (Creative Home -> Creative Home)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-09-03]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) [File not signed]
Startup: C:\Users\Vaindioux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series (Copy 1).lnk [2019-07-05]
ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 1510 series (Copy 1).lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3C61DJ7C05YR;CONNECTION=USB;MONITOR=1;
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {144A4F03-5ECE-4C09-9553-6101F291C8EB} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {17D1D3DF-4DEE-47DE-9BDC-13C3A0395D55} - System32\Tasks\HP AR Program Upload - 76d628c8d57149aab15738f1e8a42f0f47358b176e3d461ca4bfd97d3a5480e8 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>)
Task: {186A0B1B-83AC-43D6-AF06-6A32A2E5B514} - System32\Tasks\HPCeeScheduleForVaindioux => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704 2009-10-07] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {1F1FE63E-87DC-41DF-A530-6DDE46DBC30C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {2AC68844-4C4E-4380-86A6-4289688DCAEE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {2F2DCFA6-464C-4B6F-9261-08A9AB17F5F2} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\VAINDI~1\AppData\Local\Temp\IHUB323.tmp.exe <==== ATTENTION
Task: {3A4BC003-8330-4F3F-94CE-F23CD911CE22} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\VAINDI~1\AppData\Local\Temp\IHUB1EA.tmp.exe <==== ATTENTION
Task: {45558FA9-B242-430F-B02E-3970D50F00D4} - System32\Tasks\HP AR Program Upload - ceaa59799147479cbbe28dc10847a0ab3c87c3380975445cb055911bd95948c7 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>)
Task: {74BD2F1C-8922-4DB7-BC50-91EAA305E8EA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {8651B1FE-CF35-49F3-9B13-6FD48E22E440} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe)
Task: {88CD247A-8B8A-4047-92DB-80D08C4B1B8C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2758096 2019-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {9274E16E-F9E0-49EE-A643-089CCB6D44CF} - System32\Tasks\HP AR Program Upload - 4540bd7a9aeb449a926aeb862f5126319d3142cb9d794a2f993e6e25ea8c3b97 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>)
Task: {9781E984-1150-4E63-8972-8FC64A9B7E13} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {9CD00A45-B7BF-4FDB-8951-0496097AFB83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [542008 2013-11-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {A3EC25F0-FEB0-4726-88CF-6D4C8119A7E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [542008 2013-11-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {AD102BED-B968-4833-9D3D-469161C34342} - System32\Tasks\WD Device Agent Task vaindioux => C:\Users\Vaindioux\AppData\Roaming\WD Discovery\plugins\com.wdc.plugin.catalog\current\library\WD Device Agent.exe [724008 2019-06-18] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {BA06AC0E-F432-467B-BB18-F9A4A15C9705} - System32\Tasks\HP AR Program Upload - d48f0c6ace1a4a04949c4a0b993415b2cd257593c54d4f49b186f9e9399d97a5 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>)
Task: {BA16EFC4-9BDE-4D04-9698-89AA6E68CD86} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [3127792 2009-07-02] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
Task: {BC29BFB3-165A-4DF0-BC1F-25934A0C886F} - System32\Tasks\WD Discovery Service Task vaindioux => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [71408 2019-07-10] (Western Digital Technologies, Inc. -> )
Task: {BCC77A7F-FEEB-4435-AD9F-77FC2E782102} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [206120 2009-08-05] (CyberLink -> CyberLink)
Task: {C1621D22-6982-4E47-A112-80DE7FDBEAE5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E3809985-CEFC-491E-9788-0997B74D59B8} - System32\Tasks\HP AR Program Upload - c89adad9d60640e8b685c7bb92f084e4dedcd558876c487da7300dfd290a6d40 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>)
Task: {E994B271-4AB5-48BA-9AA4-90A5EE37E659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {F1190215-A525-4F87-BE27-B8F7168AA453} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296 2009-07-23] (CyberLink -> CyberLink Corp.)
Task: {F2D60DE3-D3C0-49D6-9EC4-E4CB6D95CBE2} - System32\Tasks\winupd => C:\Users\VAINDI~1\AppData\Local\Temp:winupd.exe <==== ATTENTION
Task: {F8E8024E-19D3-4518-8EEB-C627FAC7E0E1} - System32\Tasks\HP AR Program Upload - e8f95e3b486a4458825f3b667defacb6a0f7c1a9f03e4beab3a1897fbdaa0ef3 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>)
Task: {F9628398-DBD7-4B22-B822-5C36228FACDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {FAAB4C4A-8FA8-4117-A121-21DB8895D87D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1584856 2013-10-15] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {FF5D0055-224E-44CC-B54F-E9F58B81B4C0} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [5745672 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForVaindioux.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.254.254
Tcpip\..\Interfaces\{077F3A70-7717-4D92-A7AF-35F3424AC6FF}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{5DC597E8-4203-4A2A-A62E-CE92D05099CA}: [DhcpNameServer] 192.168.1.1 192.168.254.254
Tcpip\..\Interfaces\{F389F118-AFF0-4ACC-ABBD-6009B97747A0}: [DhcpNameServer] 192.168.1.1 192.168.254.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-193268592-317187610-2715994916-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-193268592-317187610-2715994916-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1488B0D8-C8BA-4917-9369-A1E8D65796BB} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1488B0D8-C8BA-4917-9369-A1E8D65796BB} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> DefaultScope {1488B0D8-C8BA-4917-9369-A1E8D65796BB} URL =
SearchScopes: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D061718-A6AA2274B27&form=CONBDF&conlogo=CT3335819&q={searchTerms}
SearchScopes: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> {24C50A9D-DB07-4913-8589-4DB4AD06FED3} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> {4C104B06-3D41-449A-A6A1-A4A9B6A60EE1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> {A3FC5C0A-0BDE-46E4-8207-A1780F9121E9} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: No Name -> {A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc -> Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard Company -> Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: No Name -> {A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc -> Google Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] (Against Intuition Oy -> )
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard Company -> Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corporation -> Microsoft Corp.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] (Against Intuition Oy -> )
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: HKLM-x32 {315B0BFB-2BD4-481B-80A3-A9B80727C61B} hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] (Against Intuition Oy -> )

FireFox:
========
FF DefaultProfile: 0b5vo7lk.default-1539453740412
FF ProfilePath: C:\Users\Vaindioux\AppData\Roaming\Mozilla\Firefox\Profiles\0b5vo7lk.default-1539453740412 [2019-07-23]
FF Homepage: Mozilla\Firefox\Profiles\0b5vo7lk.default-1539453740412 -> Bing
FF Extension: (Windstream Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2015-07-08] [Legacy] [not signed]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Radialpoint -> Windstream)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin-x32: @Java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\npMotive.dll [No File]
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\npMotive.dll [2015-06-30] (Windstream Communications) [File not signed]
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-09-11] (Windstream) [File not signed]
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll [2011-10-13] (Radialpoint -> Windstream)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @Videolan.org/vlc,version=1.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) [File not signed]
FF Plugin-x32: @Videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-193268592-317187610-2715994916-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\VAINDI~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corp. -> Catalina Marketing Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\Default [2019-07-28]
CHR Extension: (Windstream Extension) - C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2015-05-20]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2019-07-28]
CHR Extension: (iCloud Bookmarks) - C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2019-06-10]
CHR Extension: (Skype) - C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2019-06-10]
CHR Extension: (Radialpoint SPD Extension) - C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj [2015-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-10]
CHR Extension: (Chrome Media Router) - C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-02]
CHR Extension: (Windstream Extension) - C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\plbchhheadikfkckdpjghciknmlfkfcj [2015-08-20]
CHR Profile: C:\Users\Vaindioux\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-14]
CHR HKLM\...\Chrome\Extension: [plbchhheadikfkckdpjghciknmlfkfcj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-193268592-317187610-2715994916-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-05-19]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2015-05-19]
CHR HKLM-x32\...\Chrome\Extension: [plbchhheadikfkckdpjghciknmlfkfcj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1208480 2019-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [484256 2019-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [484256 2019-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1765896 2019-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [455424 2019-05-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S4 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons, Inc. -> Coupons.com Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Radialpoint -> Windstream)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2014-10-20] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2014-10-21] (Alcatel-Lucent) [File not signed]
R2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint -> Radialpoint SafeCare Inc.)
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-06-17] (Lavasoft Software Canada -> )
R2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [7168 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [7168 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [7168 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [7168 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331144 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 Windstream MAHostService; C:\Program Files (x86)\Windstream Support Center\9.0.1.51\ma\bin\MAHostService.exe [321024 2015-06-30] (Alcatel-Lucent) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ahcix64s; C:\Windows\System32\DRIVERS\ahcix64s.sys [237936 2009-07-31] (ATI Technologies, Inc -> Advanced Micro Devices, Inc)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1478144 2009-06-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6031872 2009-06-28] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [213912 2019-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [176808 2019-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-02-22] (Lavasoft Limited -> Lavasoft AB)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Motive Inc -> Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Motive Inc -> Printing Communications Assoc., Inc. (PCAUSA))
S1 prodrv06; C:\Windows\SysWOW64\drivers\prodrv06.sys [51744 2003-09-06] (Protection Technology) [File not signed]
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [62656 2003-09-06] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [233472 2009-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek )
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-09-06] (Protection Technology) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R1 wdfsconnect2017; C:\Windows\system32\drivers\wdfsconnect2017.sys [468096 2017-11-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 wdvpnpbus; C:\Windows\System32\DRIVERS\wdvpnpbus.sys [20608 2017-11-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-28 10:20 - 2019-07-28 10:25 - 000047538 _____ C:\Users\Vaindioux\Downloads\FRST.txt
2019-07-28 10:19 - 2019-07-28 10:20 - 000000000 ____D C:\FRST
2019-07-28 10:18 - 2019-07-28 10:18 - 002095104 _____ (Farbar) C:\Users\Vaindioux\Downloads\FRST64.exe
2019-07-26 18:06 - 2019-07-26 18:11 - 000000107 _____ C:\Users\Vaindioux\Desktop\Gordon models.txt
2019-07-21 13:07 - 2019-07-21 13:09 - 000000000 ____D C:\Users\Vaindioux\Downloads\Navy
2019-07-21 12:21 - 2019-07-21 13:11 - 000001734 _____ C:\Users\Vaindioux\Desktop\Email.txt
2019-07-21 11:33 - 2019-07-21 12:04 - 000004847 _____ C:\Users\Vaindioux\Desktop\Vale.txt
2019-07-20 06:22 - 2019-07-20 06:22 - 000000000 ____D C:\Users\Vaindioux\Downloads\Boat
2019-07-17 18:33 - 2019-07-17 18:33 - 000000000 ____D C:\Users\Vaindioux\Desktop\QS
2019-07-16 19:36 - 2019-07-20 16:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-07-16 16:20 - 2019-07-16 16:21 - 000000000 ____D C:\Users\Vaindioux\Documents\QuickScale
2019-07-16 16:19 - 2019-07-16 16:20 - 002246821 _____ C:\Users\Vaindioux\Downloads\quickscale (1).CAB
2019-07-15 22:01 - 2019-07-15 22:01 - 000005624 _____ C:\Users\Vaindioux\Desktop\berry.txt
2019-07-15 08:16 - 2019-07-15 10:07 - 000000372 _____ C:\Users\Vaindioux\Desktop\Kris constipation list.txt
2019-07-15 07:16 - 2019-07-22 09:39 - 000001917 _____ C:\Users\Vaindioux\Desktop\Constipation.txt
2019-07-01 12:35 - 2019-07-01 12:35 - 000941977 _____ C:\Users\Vaindioux\Downloads\n-400.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-28 10:23 - 2015-05-19 17:40 - 000000000 ____D C:\ProgramData\Radialpoint
2019-07-28 10:22 - 2009-07-14 00:45 - 000015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-28 10:22 - 2009-07-14 00:45 - 000015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-07-28 10:15 - 2011-09-18 14:39 - 000000000 ____D C:\Users\Vaindioux\AppData\Roaming\uTorrent
2019-07-28 05:50 - 2015-05-19 17:40 - 000000000 ____D C:\Users\Vaindioux\AppData\Roaming\Radialpoint
2019-07-27 17:54 - 2017-09-04 14:08 - 000000000 ____D C:\Users\Vaindioux\Desktop\Ebay pics
2019-07-27 17:09 - 2010-12-05 15:30 - 000025625 _____ C:\Users\Vaindioux\Documents\ToDo.txt
2019-07-27 17:05 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-27 17:05 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-07-27 07:21 - 2018-03-08 08:59 - 000003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForVaindioux
2019-07-27 07:21 - 2018-03-08 08:59 - 000000348 _____ C:\Windows\Tasks\HPCeeScheduleForVaindioux.job
2019-07-27 06:04 - 2017-10-01 22:14 - 000003316 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2019-07-25 06:06 - 2013-01-06 10:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-07-25 06:04 - 2013-03-30 19:51 - 000213912 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2019-07-25 06:04 - 2013-03-30 19:51 - 000176808 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2019-07-23 17:31 - 2017-07-04 17:26 - 000000000 ____D C:\Users\Vaindioux\AppData\Roaming\WD Discovery
2019-07-23 11:54 - 2010-12-05 15:30 - 000023929 _____ C:\Users\Vaindioux\Documents\Ret3.txt
2019-07-23 10:54 - 2017-01-15 11:05 - 000000000 ____D C:\Users\Vaindioux\AppData\LocalLow\Mozilla
2019-07-20 16:42 - 2014-04-14 18:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-15 20:44 - 2014-04-28 13:05 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-15 18:14 - 2018-04-21 17:14 - 000909312 ___SH C:\Users\Vaindioux\Desktop\Thumbs.db
2019-07-15 18:14 - 2010-12-06 08:55 - 000000000 ____D C:\ProgramData\Adobe
2019-07-15 18:14 - 2010-12-05 09:26 - 000000000 ____D C:\Users\Vaindioux\AppData\Roaming\Adobe
2019-07-10 20:02 - 2019-02-21 20:54 - 000003160 _____ C:\Windows\System32\Tasks\WD Device Agent Task vaindioux
2019-07-10 20:02 - 2019-02-21 20:54 - 000003138 _____ C:\Windows\System32\Tasks\WD Discovery Service Task vaindioux
2019-07-10 20:02 - 2017-07-04 17:26 - 000000000 ____D C:\Users\Vaindioux\.wdc
2019-07-09 08:17 - 2018-03-14 03:17 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-09 08:17 - 2012-04-28 12:19 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-07-09 08:17 - 2012-04-28 12:19 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-07-09 08:17 - 2012-03-03 21:45 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-07-09 08:17 - 2011-12-25 10:14 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-09 08:17 - 2009-09-03 12:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-07 12:07 - 2010-12-05 15:30 - 000054678 _____ C:\Users\Vaindioux\Documents\Movies.PDB
2019-07-06 06:33 - 2019-03-23 17:54 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-05 19:55 - 2008-09-19 06:55 - 000014466 _____ C:\Windows\SysWOW64\NapaSet.txt
2019-07-05 19:54 - 2019-06-10 16:18 - 000000000 ___RD C:\Users\Vaindioux\iCloudDrive
2019-07-05 19:54 - 2015-05-19 17:38 - 000000000 ____D C:\Program Files (x86)\Windstream Support Center
2019-07-05 19:51 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-01 10:08 - 2010-12-05 15:27 - 000000000 ____D C:\Users\Vaindioux\Documents\Comics links docs
2019-06-30 10:00 - 2010-12-05 10:29 - 000000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2019-06-29 16:47 - 2010-12-05 15:30 - 000125181 _____ C:\Users\Vaindioux\Documents\Movies.txt

==================== Files in the root of some directories ================

2011-06-02 21:14 - 2011-08-25 21:45 - 000001854 _____ () C:\Users\Vaindioux\AppData\Roaming\GhostObjGAFix.xml
2013-08-19 17:48 - 2013-08-19 17:48 - 000000100 _____ () C:\Users\Vaindioux\AppData\Roaming\settings.xml
2011-07-11 21:08 - 2019-05-19 17:27 - 000001496 _____ () C:\Users\Vaindioux\AppData\Roaming\wklnhst.dat
2011-05-29 11:21 - 2011-05-29 12:12 - 000009486 ___SH () C:\Users\Vaindioux\AppData\Local\cuwo18pkojklj48c60y33130t1yq4
2011-05-29 11:20 - 2011-06-04 06:08 - 000000120 _____ () C:\Users\Vaindioux\AppData\Local\Dfajezo.dat
2015-03-08 17:49 - 2015-03-08 17:49 - 000000017 _____ () C:\Users\Vaindioux\AppData\Local\resmon.resmoncfg
2010-12-06 20:38 - 2010-12-06 20:38 - 000089272 _____ () C:\Users\Vaindioux\AppData\Local\tmpSTAR_TREK_ELITE_FORCE_2-[CDCOVERS_CC]-FRONT.JPG
2016-03-31 08:43 - 2016-03-31 08:43 - 000000000 _____ () C:\Users\Vaindioux\AppData\Local\{0AFC669E-1762-4F90-9458-044A0551147B}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-07-22 00:06
==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (61.7 KB, 3 views)
vaindioux is offline  
Sponsored Links
Advertisement
 
Old 07-28-2019, 08:37 AM   #4
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello..!


Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Quote:
Web Companion
ESET Online Scanner v3
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
  • Select each program and click Uninstall.
  • Restart the computer if prompted.


Farbar Recovery Scan Tool - Fix

  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST/FRST64.exe

    NOTE: Both FRST/FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.
Code:
Start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy\User: Restriction ? <==== ATTENTION
Task: {2F2DCFA6-464C-4B6F-9261-08A9AB17F5F2} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\VAINDI~1\AppData\Local\Temp\IHUB323.tmp.exe <==== ATTENTION
Task: {3A4BC003-8330-4F3F-94CE-F23CD911CE22} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\VAINDI~1\AppData\Local\Temp\IHUB1EA.tmp.exe <==== ATTENTION
Task: {F2D60DE3-D3C0-49D6-9EC4-E4CB6D95CBE2} - System32\Tasks\winupd => C:\Users\VAINDI~1\AppData\Local\Temp:winupd.exe <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> DefaultScope {1488B0D8-C8BA-4917-9369-A1E8D65796BB} URL =
BHO: No Name -> {A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' -> No File
BHO-x32: No Name -> {A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' -> No File
Toolbar: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\npMotive.dll [No File]
CHR HKLM\...\Chrome\Extension: [plbchhheadikfkckdpjghciknmlfkfcj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-193268592-317187610-2715994916-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-05-19]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2015-05-19]
CHR HKLM-x32\...\Chrome\Extension: [plbchhheadikfkckdpjghciknmlfkfcj] - hxxps://clients2.google.com/service/update2/crx
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-06-17] (Lavasoft Software Canada -> )
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-02-22] (Lavasoft Limited -> Lavasoft AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
AlternateDataStreams: C:\Users\Vaindioux\Documents\Maurer retaining wall.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Vaindioux\Documents\Maurer retaining wall.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vaindioux\Documents\Permanentresidentcard.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Vaindioux\Documents\Permanentresidentcard.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{AF277E94-ABFD-4BFE-99DB-7E543A5C1509}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{85BA8618-413A-4B4F-B723-60010E8FBADD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{3FCA617D-BB0C-461E-A030-639F347FDE60}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{DCAD5D66-0E5A-4A45-B167-22B65EB9D644}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{258627A7-E9AF-484B-BF16-C4E43C50DF08}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{AE06E783-8D71-496D-89E3-6EABAEBD1341}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe No File
FirewallRules: [{1AD0E12C-86CA-4E43-8F3A-7290292ACAF7}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe No File
FirewallRules: [TCP Query User{D6369F9F-D9AC-45AB-A775-5B6E9521EFAD}C:\users\vaindioux\downloads\utorrent.exe] => (Allow) C:\users\vaindioux\downloads\utorrent.exe No File
FirewallRules: [UDP Query User{C6F0EAE1-169C-41DB-824C-A5F6B593B4A3}C:\users\vaindioux\downloads\utorrent.exe] => (Allow) C:\users\vaindioux\downloads\utorrent.exe No File
FirewallRules: [{270D9C26-7B6D-44B8-A8D7-6357F7996633}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe No File
FirewallRules: [{FA589052-27BD-41C3-BFAD-BE3DABB86299}] => (Allow) C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F25610EA-056C-4AFC-9F9F-019873E4191F}] => (Allow) C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{39FA9859-48C5-446C-B2AE-69BE359D3947}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\HM.exe No File
FirewallRules: [{47A9B434-9EDD-400C-A835-DA9632EAFBE0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\HM.exe No File
FirewallRules: [{E49370D1-2EC3-4139-ACE2-37150A942857}] => (Allow) C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{37317527-6601-48C2-A204-523DE3D27865}] => (Allow) C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{E24DE057-1391-43E9-8F3B-B844A63B6BE3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{003BB92B-2EED-4007-AB66-D211CDAAAE76}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
Reboot:
End::
  • Double-click FRST/FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
Hristo Tonev (Ico)

icotonev is offline  
Old 07-28-2019, 11:25 AM   #5
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Vaindioux (28-07-2019 13:54:02) Run:1
Running from C:\Users\Vaindioux\Downloads\Fix
Loaded Profiles: Vaindioux (Available Profiles: Vaindioux)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy\User: Restriction ? <==== ATTENTION
Task: {2F2DCFA6-464C-4B6F-9261-08A9AB17F5F2} - System32\Tasks\IHSelfDeleteTASK => CMD /C DEL C:\Users\VAINDI~1\AppData\Local\Temp\IHUB323.tmp.exe <==== ATTENTION
Task: {3A4BC003-8330-4F3F-94CE-F23CD911CE22} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\VAINDI~1\AppData\Local\Temp\IHUB1EA.tmp.exe <==== ATTENTION
Task: {F2D60DE3-D3C0-49D6-9EC4-E4CB6D95CBE2} - System32\Tasks\winupd => C:\Users\VAINDI~1\AppData\Local\Temp:winupd.exe <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> DefaultScope {1488B0D8-C8BA-4917-9369-A1E8D65796BB} URL =
BHO: No Name -> {A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' -> No File
BHO-x32: No Name -> {A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' -> No File
Toolbar: HKU\S-1-5-21-193268592-317187610-2715994916-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\npMotive.dll [No File]
CHR HKLM\...\Chrome\Extension: [plbchhheadikfkckdpjghciknmlfkfcj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-193268592-317187610-2715994916-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-05-19]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2015-05-19]
CHR HKLM-x32\...\Chrome\Extension: [plbchhheadikfkckdpjghciknmlfkfcj] - hxxps://clients2.google.com/service/update2/crx
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-06-17] (Lavasoft Software Canada -> )
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-02-22] (Lavasoft Limited -> Lavasoft AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll -> No File
AlternateDataStreams: C:\Users\Vaindioux\Documents\Maurer retaining wall.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Vaindioux\Documents\Maurer retaining wall.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vaindioux\Documents\Permanentresidentcard.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Vaindioux\Documents\Permanentresidentcard.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{AF277E94-ABFD-4BFE-99DB-7E543A5C1509}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
FirewallRules: [{85BA8618-413A-4B4F-B723-60010E8FBADD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{3FCA617D-BB0C-461E-A030-639F347FDE60}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{DCAD5D66-0E5A-4A45-B167-22B65EB9D644}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{258627A7-E9AF-484B-BF16-C4E43C50DF08}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{AE06E783-8D71-496D-89E3-6EABAEBD1341}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe No File
FirewallRules: [{1AD0E12C-86CA-4E43-8F3A-7290292ACAF7}] => (Allow) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe No File
FirewallRules: [TCP Query User{D6369F9F-D9AC-45AB-A775-5B6E9521EFAD}C:\users\vaindioux\downloads\utorrent.exe] => (Allow) C:\users\vaindioux\downloads\utorrent.exe No File
FirewallRules: [UDP Query User{C6F0EAE1-169C-41DB-824C-A5F6B593B4A3}C:\users\vaindioux\downloads\utorrent.exe] => (Allow) C:\users\vaindioux\downloads\utorrent.exe No File
FirewallRules: [{270D9C26-7B6D-44B8-A8D7-6357F7996633}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe No File
FirewallRules: [{FA589052-27BD-41C3-BFAD-BE3DABB86299}] => (Allow) C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F25610EA-056C-4AFC-9F9F-019873E4191F}] => (Allow) C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{39FA9859-48C5-446C-B2AE-69BE359D3947}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\HM.exe No File
FirewallRules: [{47A9B434-9EDD-400C-A835-DA9632EAFBE0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\HM.exe No File
FirewallRules: [{E49370D1-2EC3-4139-ACE2-37150A942857}] => (Allow) C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{37317527-6601-48C2-A204-523DE3D27865}] => (Allow) C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{E24DE057-1391-43E9-8F3B-B844A63B6BE3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{003BB92B-2EED-4007-AB66-D211CDAAAE76}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F2DCFA6-464C-4B6F-9261-08A9AB17F5F2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F2DCFA6-464C-4B6F-9261-08A9AB17F5F2}" => removed successfully
C:\Windows\System32\Tasks\IHSelfDeleteTASK => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHSelfDeleteTASK" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A4BC003-8330-4F3F-94CE-F23CD911CE22}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4BC003-8330-4F3F-94CE-F23CD911CE22}" => removed successfully
C:\Windows\System32\Tasks\IHUninstallTrackingTASK => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2D60DE3-D3C0-49D6-9EC4-E4CB6D95CBE2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2D60DE3-D3C0-49D6-9EC4-E4CB6D95CBE2}" => removed successfully
C:\Windows\System32\Tasks\winupd => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\winupd" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-193268592-317187610-2715994916-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' => removed successfully
HKLM\Software\Classes\CLSID\{A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A18C085E-2CBA-414F-9C8E-F5ECA84A3F9D}' => not found
"HKU\S-1-5-21-193268592-317187610-2715994916-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}" => removed successfully
HKLM\Software\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => not found
HKLM\Software\Wow6432Node\MozillaPlugins @Motive.com/NpMotive,version=1.0 => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\plbchhheadikfkckdpjghciknmlfkfcj => removed successfully
HKU\S-1-5-21-193268592-317187610-2715994916-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edmgmpmklgfbohogafcfobonnkogchec => removed successfully
C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj => removed successfully
C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plbchhheadikfkckdpjghciknmlfkfcj => removed successfully
WCAssistantService => service not found.
Lbd => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\Lbd => removed successfully
Lbd => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\MREMPR5 => removed successfully
MREMPR5 => service removed successfully
HKLM\System\CurrentControlSet\Services\MRENDIS5 => removed successfully
MRENDIS5 => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt => removed successfully
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt => removed successfully
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt => removed successfully
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
C:\Users\Vaindioux\Documents\Maurer retaining wall.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Vaindioux\Documents\Maurer retaining wall.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Vaindioux\Documents\Permanentresidentcard.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Vaindioux\Documents\Permanentresidentcard.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF277E94-ABFD-4BFE-99DB-7E543A5C1509}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85BA8618-413A-4B4F-B723-60010E8FBADD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FCA617D-BB0C-461E-A030-639F347FDE60}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCAD5D66-0E5A-4A45-B167-22B65EB9D644}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{258627A7-E9AF-484B-BF16-C4E43C50DF08}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE06E783-8D71-496D-89E3-6EABAEBD1341}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1AD0E12C-86CA-4E43-8F3A-7290292ACAF7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D6369F9F-D9AC-45AB-A775-5B6E9521EFAD}C:\users\vaindioux\downloads\utorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C6F0EAE1-169C-41DB-824C-A5F6B593B4A3}C:\users\vaindioux\downloads\utorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{270D9C26-7B6D-44B8-A8D7-6357F7996633}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA589052-27BD-41C3-BFAD-BE3DABB86299}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F25610EA-056C-4AFC-9F9F-019873E4191F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39FA9859-48C5-446C-B2AE-69BE359D3947}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47A9B434-9EDD-400C-A835-DA9632EAFBE0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E49370D1-2EC3-4139-ACE2-37150A942857}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37317527-6601-48C2-A204-523DE3D27865}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E24DE057-1391-43E9-8F3B-B844A63B6BE3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{003BB92B-2EED-4007-AB66-D211CDAAAE76}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44225719 B
Java, Flash, Steam htmlcache => 17923381 B
Windows/system/drivers => 453979638 B
Edge => 0 B
Chrome => 510337340 B
Firefox => 100043300 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 110116 B
systemprofile32 => 495717 B
LocalService => 132244 B
NetworkService => 258114 B
Vaindioux => 3476061105 B

RecycleBin => 38971977013 B
EmptyTemp: => 40.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:03:02 ====
vaindioux is offline  
Old 07-30-2019, 07:49 AM   #6
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello again, vaindioux...! How is the machine behaving? Any improvement?

AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.


ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.




In your next reply, please include:
  • AdwCleaner[S0*].txt
  • eset.txt

Thanks..!
__________________
Hristo Tonev (Ico)

icotonev is offline  
Old 08-10-2019, 02:48 AM   #7
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Do you still require help ?
If I do not hear back from you within 24 hours, I will presume not, and will request for this topic to be closed.
__________________
Hristo Tonev (Ico)

icotonev is offline  
Old 08-10-2019, 06:53 AM   #8
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



Hi

Wow this is weird I thought I answered you and was waiting for your reply. I guess I thought about my answer but never posted it.
I would never do that on purpose, my apologies.
At any rate the problem is gone and I am so happy.

Thxs so much for helping me.

Pat
vaindioux is offline  
Old 08-10-2019, 07:24 AM   #9
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



I'm glad we solved your problem ..! But as you can see I do not see a posted reply to my latest instructions ..! Is it possible to see the logs and finish your topic ..! Thanks..!
__________________
Hristo Tonev (Ico)

icotonev is offline  
Old 08-10-2019, 10:19 AM   #10
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-10-2019
# Duration: 00:00:30
# OS: Windows 7 Home Premium
# Scanned: 35457
# Detected: 86


***** [ Services ] *****

PUP.Optional.Legacy CouponPrinterService

***** [ Folders ] *****

PUP.Optional.InstallCore C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
PUP.Optional.InstallCore C:\Windows\FLV Player
PUP.Optional.Legacy C:\Users\Vaindioux\Documents\337
PUP.Optional.Spigot.Generic C:\Program Files (x86)\Coupons
PUP.Optional.Spigot.Generic C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\services\CouponPrinterService
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-193268592-317187610-2715994916-1000\Components\3152E1F19977892449DC968802CE8964
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-193268592-317187610-2715994916-1000\Components\649A52D257CA5DB4EAAE8BA9EB23E467
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\ExpatSrv
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\ExpatWd
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkLabelPrint
Preinstalled.HPHealthCheck
Preinstalled.HPMediaSmart
Preinstalled.HPOdometer
Preinstalled.HPRemoteSolution
Preinstalled.HPSupportAssistant
Preinstalled.HPTouchSmart
Preinstalled.LenovoPower2Go
Preinstalled.LenovoThinkVantageToolbox
Preinstalled.ToshibaOnlineBackup
Preinstalled.WildTangentGamesBundle



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
vaindioux is offline  
Old 08-10-2019, 10:20 AM   #11
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



The ESET scan is taking FOREVER- I am at 90 minutes already. I will post log when done.

Thxs

Pat
vaindioux is offline  
Old 08-10-2019, 11:47 AM   #12
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



Hi

Do we really need to complete the ESET scan?
I am at 3 hours and it's only 30% done. It slows down my PC which I currently need for work.

Thxs

Pat
vaindioux is offline  
Old 08-11-2019, 11:54 AM   #13
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



8/11/2019 14:52:54 PM
Files scanned: 759318
Infected files: 16
Cleaned threats: 16
Total scan time 04:43:06
Scan status: Finished


C:\AdwCleaner\Quarantine\C\Users\Vaindioux\AppData\Roaming\Search Protection\SearchProtection.exe.vir a variant of Win32/Toolbar.Widgi.G potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.AB potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting (after the next restart)
C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting (after the next restart)
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting (after the next restart)
C:\Qoobox\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
C:\Qoobox\Quarantine\C\Users\Vaindioux\AppData\Roaming\Mozilla\Firefox\Profiles\gtb4q2yt.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\chrome\CT3289847\content\popup.js.vir JS/Toolbar.Conduit.B potentially unwanted application cleaned by deleting
C:\Qoobox\Quarantine\C\Users\Vaindioux\AppData\Roaming\Mozilla\Firefox\Profiles\gtb4q2yt.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
C:\Qoobox\Quarantine\C\Users\Vaindioux\AppData\Roaming\SearchProtect\bin\SPHook32.dll_20130326172419.329.vir Win32/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\Qoobox\CFScript_used_2013-03-27_18.11.45.txt JS/SecurityDisabler.B potentially unwanted application cleaned by deleting
C:\Qoobox\ComboFix5.txt JS/SecurityDisabler.B potentially unwanted application cleaned by deleting
C:\Users\Vaindioux\Downloads\This computer is BLOCKED.htm HTML/FakeAlert.PT trojan cleaned by deleting
C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll a variant of MSIL/Toolbar.Linkury.BM potentially unwanted application cleaned by deleting
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application cleaned by deleting
C:\Windows\CouponPrinter.ocx a variant of Win32/Adware.Coupons.AA application cleaned by deleting
Autostart locations a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting (after the next restart)
vaindioux is offline  
Old 08-18-2019, 07:44 PM   #14
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi vaindioux,

Sorry for the delay. Please do this...

---------------------------------------------------
AdwCleaner - Clean
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please ensure all boxes are checked and then click Quarantine
    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start ADWCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.
__________________
Proud member of UNITE
iMacg3 is offline  
Old 08-19-2019, 01:18 PM   #15
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



Hi

The mouse has been working fine now. Do we have to keep doing stuff?
I will do it if you say we need to.

Thxs

Pat
vaindioux is offline  
Old 08-19-2019, 02:06 PM   #16
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi vaindioux,

AdwCleaner in Scan mode detected threats. Running it in Clean mode as per my above instructions will remove all found threats.
__________________
Proud member of UNITE
iMacg3 is offline  
Old 08-20-2019, 03:18 AM   #17
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



OK, great.
I will do it Saturday as I am currently swamped at work.
Talk to you soon and thxs for the help.

Pat
vaindioux is offline  
Old 08-20-2019, 07:40 AM   #18
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



No problem, thanks for letting me know.
__________________
Proud member of UNITE
iMacg3 is offline  
Old 08-24-2019, 09:30 AM   #19
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-24-2019
# Duration: 00:00:31
# OS: Windows 7 Home Premium
# Scanned: 35493
# Detected: 88


***** [ Services ] *****

PUP.Optional.Legacy CouponPrinterService

***** [ Folders ] *****

PUP.Optional.InstallCore C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
PUP.Optional.InstallCore C:\Windows\FLV Player
PUP.Optional.Legacy C:\Users\Vaindioux\Documents\337
PUP.Optional.Spigot.Generic C:\Program Files (x86)\Coupons
PUP.Optional.Spigot.Generic C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\services\CouponPrinterService
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-193268592-317187610-2715994916-1000\Components\3152E1F19977892449DC968802CE8964
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-193268592-317187610-2715994916-1000\Components\649A52D257CA5DB4EAAE8BA9EB23E467
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\ExpatSrv
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\ExpatWd
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkLabelPrint
Preinstalled.HPMediaSmart
Preinstalled.HPOdometer
Preinstalled.HPRemoteSolution
Preinstalled.HPSupportAssistant
Preinstalled.HPTouchSmart
Preinstalled.LenovoPower2Go
Preinstalled.LenovoThinkVantageToolbox
Preinstalled.ToshibaOnlineBackup
Preinstalled.WildTangentGamesBundle


AdwCleaner[S00].txt - [4429 octets] - [10/08/2019 11:05:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
vaindioux is offline  
Old 08-24-2019, 10:48 AM   #20
Security Team Moderator
 
iMacg3's Avatar
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi vaindioux,

It looks like you ran AdwCleaner in "Scan" mode again. Please follow the instructions in my previous post to clean the threats found by AdwCleaner.

If you are not able to do so, let me know and we will try an alternate method of removal.
__________________
Proud member of UNITE
iMacg3 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:44 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts