Tech Support banner

Status
Not open for further replies.
21 - 40 of 57 Posts

·
Moderator , Security Team
Joined
·
1,049 Posts
You are using an outdated version of Java ...

Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
... old Java versions are seriously insecure. Java is one of the most exploited programs there is (which is why it is updated so frequently), so it is critical that you always use the latest version.

Please uninstall ... Java 8 Update 91 ... reboot your computer to complete the uninstall.

Unless you have a specific need for Java, I recommend you do not use it at all. Java is not Javascript, which most websites use, it is entirely separate, and very few sites use it.

If you do need to have it, download and install the latest version ... https://java.com/en/download/

Next ...

With your computer booted as normal ...

  • Start FRST in a similar manner to when you ran the scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
VirusTotal: C:\Users\Perry\AppData\Local\Programs\Opera\assistant\browser_assistant.exe;C:\Windows\system32\scrnsave.scr;C:\Users\Perry\Desktop\stopandshop_flyer_0515_05222020.pdf;C:\Users\Perry\Desktop\stopandshop_flyer_0521_05282020.pdf
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {38E3C46F-AA59-491C-A8C6-B63EB2282FC0} URL = 
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {B6150270-6ECB-42FA-BC45-4C6131964B6C} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {F94DBE5E-5FA7-4397-A1F6-8598A3210271} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> No Name - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} -  No File
Toolbar: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
OPR Notifications: hxxps://togo.carrabbasonlineordering.com
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Dell Customer Connect => 2
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: DellProdRegManager => 3
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: IntelUSBoverIP => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: KSDE1.0.0 => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NitroReaderDriverReadSpool3 => 2
MSCONFIG\Services: NitroReaderDriverReadSpool5 => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: TrueColorALS => 2
MSCONFIG\Services: WavesSysSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "APC UPS Status.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "TrueColor UI"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SolidWorks_CheckForUpdates"
HKLM\...\StartupApproved\Run32: => "Display"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
FirewallRules: [TCP Query User{D6128130-0166-43ED-A302-2C3D82DBB4BD}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [UDP Query User{25A8383A-6844-4CA9-9754-F7270A9EDEA9}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [TCP Query User{1B8AE6FC-E82A-40BE-8DBF-D3AD761BE7E1}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [UDP Query User{719A1FE3-1692-41CB-9F74-9DEAEE8D0FF4}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [TCP Query User{177B8F47-546D-4976-A11C-17FDD34801F5}C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe => No File
FirewallRules: [UDP Query User{6B88847B-FE25-4614-AA14-1DDD0C253D73}C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe => No File
FirewallRules: [TCP Query User{644CE154-8622-400A-AE33-A786378E424E}C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe => No File
FirewallRules: [UDP Query User{28BA8541-E530-4656-8FB7-5422DAFDB661}C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe => No File
FirewallRules: [TCP Query User{D52A6DEC-B307-4B55-82A3-9BDC378B506E}C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe => No File
FirewallRules: [UDP Query User{9A797914-2F08-422A-B91A-30867781BF19}C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe => No File
FirewallRules: [TCP Query User{26971CB7-D74D-4ED6-9196-4CD951E32B1C}C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe => No File
FirewallRules: [UDP Query User{A6195251-C89A-4CE9-B8C4-2977AE96E030}C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe => No File
FirewallRules: [TCP Query User{EDF0A680-FAE9-4947-838D-8DB1F1C8D5C5}C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe => No File
FirewallRules: [UDP Query User{8B099F78-6AEE-4FC5-A875-FBC2F8517F0B}C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe => No File
FirewallRules: [TCP Query User{30F004F0-F6F3-4156-880C-A57493CEC785}C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe => No File
FirewallRules: [UDP Query User{D318FF28-1366-4F65-A1D5-7123AD773E70}C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe => No File
FirewallRules: [TCP Query User{CEFBDAB2-21A3-4F35-91EB-AAD8D4C131DC}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [UDP Query User{5DD32CD3-B1FF-437E-86BA-FBA6C39248C1}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [TCP Query User{5ED39571-8E69-4C1A-90ED-2FB2C769D0E7}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [UDP Query User{C30BC556-0CEA-4866-9BCC-F4E0E84C6512}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [TCP Query User{5EAB188D-C903-4495-A291-723E2EFCA6C3}C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe => No File
FirewallRules: [UDP Query User{03FD3AFC-F656-4B44-B46E-533E7AF5BE42}C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe => No File
FirewallRules: [TCP Query User{A5B3D830-1B72-4817-A536-6D5837989108}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [UDP Query User{69559080-63F6-4FC6-9340-66D6ED8D0173}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [TCP Query User{271390FD-885E-48D7-BDD9-959E8C607053}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [UDP Query User{A3E86EDD-B458-457A-975C-CCA9FA674F47}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [TCP Query User{374B0C3C-1447-478C-893D-E6A7A8565C85}C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe => No File
FirewallRules: [UDP Query User{005CB3A9-EBFD-4C3A-9F23-DB1ADB0A6D93}C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe => No File
FirewallRules: [TCP Query User{7DA8C419-B362-4075-B772-80EB3FD7ECCE}C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe => No File
FirewallRules: [UDP Query User{7D6A0B82-E44B-4560-9011-79602A33874C}C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe => No File
FirewallRules: [TCP Query User{EFF3852E-CE5D-4025-8B8F-0A90D2568E28}C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{D0BB52AD-A263-4596-BE08-305C5BFCCB7E}C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe (Opera Software AS -> Opera Software)
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 

·
Registered
Joined
·
147 Posts
Discussion Starter #22
OK, I deleted Java. During the scan I got an 2 notifications from Avira AV that Host file was blocked




Fix result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Perry (16-06-2020 15:05:54) Run:2
Running from C:\Users\Perry\Desktop
Loaded Profiles: Perry
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal: C:\Users\Perry\AppData\Local\Programs\Opera\assistant\browser_assistant.exe;C:\Windows\system32\scrnsave.scr;C:\Users\Perry\Desktop\stopandshop_flyer_0515_05222020.pdf;C:\Users\Perry\Desktop\stopandshop_flyer_0521_05282020.pdf
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {38E3C46F-AA59-491C-A8C6-B63EB2282FC0} URL =
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {B6150270-6ECB-42FA-BC45-4C6131964B6C} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {F94DBE5E-5FA7-4397-A1F6-8598A3210271} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> No Name - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - No File
Toolbar: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
OPR Notifications: hxxps://togo.carrabbasonlineordering.com
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Dell Customer Connect => 2
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: DellProdRegManager => 3
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: IntelUSBoverIP => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: KSDE1.0.0 => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NitroReaderDriverReadSpool3 => 2
MSCONFIG\Services: NitroReaderDriverReadSpool5 => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: TrueColorALS => 2
MSCONFIG\Services: WavesSysSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "APC UPS Status.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "TrueColor UI"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SolidWorks_CheckForUpdates"
HKLM\...\StartupApproved\Run32: => "Display"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
FirewallRules: [TCP Query User{D6128130-0166-43ED-A302-2C3D82DBB4BD}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [UDP Query User{25A8383A-6844-4CA9-9754-F7270A9EDEA9}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [TCP Query User{1B8AE6FC-E82A-40BE-8DBF-D3AD761BE7E1}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [UDP Query User{719A1FE3-1692-41CB-9F74-9DEAEE8D0FF4}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [TCP Query User{177B8F47-546D-4976-A11C-17FDD34801F5}C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe => No File
FirewallRules: [UDP Query User{6B88847B-FE25-4614-AA14-1DDD0C253D73}C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe => No File
FirewallRules: [TCP Query User{644CE154-8622-400A-AE33-A786378E424E}C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe => No File
FirewallRules: [UDP Query User{28BA8541-E530-4656-8FB7-5422DAFDB661}C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe => No File
FirewallRules: [TCP Query User{D52A6DEC-B307-4B55-82A3-9BDC378B506E}C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe => No File
FirewallRules: [UDP Query User{9A797914-2F08-422A-B91A-30867781BF19}C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe => No File
FirewallRules: [TCP Query User{26971CB7-D74D-4ED6-9196-4CD951E32B1C}C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe => No File
FirewallRules: [UDP Query User{A6195251-C89A-4CE9-B8C4-2977AE96E030}C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe => No File
FirewallRules: [TCP Query User{EDF0A680-FAE9-4947-838D-8DB1F1C8D5C5}C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe => No File
FirewallRules: [UDP Query User{8B099F78-6AEE-4FC5-A875-FBC2F8517F0B}C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe => No File
FirewallRules: [TCP Query User{30F004F0-F6F3-4156-880C-A57493CEC785}C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe => No File
FirewallRules: [UDP Query User{D318FF28-1366-4F65-A1D5-7123AD773E70}C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe => No File
FirewallRules: [TCP Query User{CEFBDAB2-21A3-4F35-91EB-AAD8D4C131DC}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [UDP Query User{5DD32CD3-B1FF-437E-86BA-FBA6C39248C1}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [TCP Query User{5ED39571-8E69-4C1A-90ED-2FB2C769D0E7}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [UDP Query User{C30BC556-0CEA-4866-9BCC-F4E0E84C6512}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [TCP Query User{5EAB188D-C903-4495-A291-723E2EFCA6C3}C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe => No File
FirewallRules: [UDP Query User{03FD3AFC-F656-4B44-B46E-533E7AF5BE42}C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe => No File
FirewallRules: [TCP Query User{A5B3D830-1B72-4817-A536-6D5837989108}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [UDP Query User{69559080-63F6-4FC6-9340-66D6ED8D0173}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [TCP Query User{271390FD-885E-48D7-BDD9-959E8C607053}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [UDP Query User{A3E86EDD-B458-457A-975C-CCA9FA674F47}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Block) C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [TCP Query User{374B0C3C-1447-478C-893D-E6A7A8565C85}C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe => No File
FirewallRules: [UDP Query User{005CB3A9-EBFD-4C3A-9F23-DB1ADB0A6D93}C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe => No File
FirewallRules: [TCP Query User{7DA8C419-B362-4075-B772-80EB3FD7ECCE}C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe => No File
FirewallRules: [UDP Query User{7D6A0B82-E44B-4560-9011-79602A33874C}C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe => No File
FirewallRules: [TCP Query User{EFF3852E-CE5D-4025-8B8F-0A90D2568E28}C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{D0BB52AD-A263-4596-BE08-305C5BFCCB7E}C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe (Opera Software AS -> Opera Software)
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns
*****************

VirusTotal: C:\Users\Perry\AppData\Local\Programs\Opera\assistant\browser_assistant.exe => https://www.virustotal.com/gui/file...0456216ad2fc03486ea598114e59493030-1592223970
VirusTotal: C:\Windows\system32\scrnsave.scr => https://www.virustotal.com/gui/file...6a2178b7acee0a49325c1197ad6d3e41b3-1592136444
VirusTotal: C:\Users\Perry\Desktop\stopandshop_flyer_0515_05222020.pdf => (3) Error
VirusTotal: C:\Users\Perry\Desktop\stopandshop_flyer_0521_05282020.pdf => (3) Error
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38E3C46F-AA59-491C-A8C6-B63EB2282FC0} => removed successfully
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B6150270-6ECB-42FA-BC45-4C6131964B6C} => removed successfully
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F94DBE5E-5FA7-4397-A1F6-8598A3210271} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
"HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3507FA00-ADA2-4A02-99B9-51AD26CA9120}" => removed successfully
"HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68}" => removed successfully
"OPR Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\mfesapsn => removed successfully
mfesapsn => service removed successfully
"C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc => removed successfully
HKLM\System\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AERTFilters => removed successfully
HKLM\System\CurrentControlSet\Services\AERTFilters => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs => removed successfully
HKLM\System\CurrentControlSet\Services\cphs => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Dell Customer Connect => removed successfully
HKLM\System\CurrentControlSet\Services\Dell Customer Connect => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Dell Foundation Services => removed successfully
HKLM\System\CurrentControlSet\Services\Dell Foundation Services => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DellDataVault => removed successfully
HKLM\System\CurrentControlSet\Services\DellDataVault => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DellDataVaultWiz => removed successfully
HKLM\System\CurrentControlSet\Services\DellDataVaultWiz => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DellDigitalDelivery => removed successfully
HKLM\System\CurrentControlSet\Services\DellDigitalDelivery => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DellProdRegManager => removed successfully
HKLM\System\CurrentControlSet\Services\DellProdRegManager => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DraftSight API Service => removed successfully
HKLM\System\CurrentControlSet\Services\DraftSight API Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc => removed successfully
HKLM\System\CurrentControlSet\Services\IAStorDataMgrSvc => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ibtsiva => removed successfully
HKLM\System\CurrentControlSet\Services\ibtsiva => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ICCS => removed successfully
HKLM\System\CurrentControlSet\Services\ICCS => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\igfxCUIService1.0.0.0 => removed successfully
HKLM\System\CurrentControlSet\Services\igfxCUIService1.0.0.0 => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\igfxCUIService2.0.0.0 => removed successfully
HKLM\System\CurrentControlSet\Services\igfxCUIService2.0.0.0 => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) Capability Licensing Service TCP IP Interface => removed successfully
HKLM\System\CurrentControlSet\Services\Intel(R) Capability Licensing Service TCP IP Interface => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IntelUSBoverIP => removed successfully
HKLM\System\CurrentControlSet\Services\IntelUSBoverIP => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IntuitUpdateServiceV4 => removed successfully
HKLM\System\CurrentControlSet\Services\IntuitUpdateServiceV4 => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iumsvc => removed successfully
HKLM\System\CurrentControlSet\Services\iumsvc => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jhi_service => removed successfully
HKLM\System\CurrentControlSet\Services\jhi_service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\klvssbrigde64 => removed successfully
HKLM\System\CurrentControlSet\Services\klvssbrigde64 => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\KSDE1.0.0 => removed successfully
HKLM\System\CurrentControlSet\Services\KSDE1.0.0 => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS => removed successfully
HKLM\System\CurrentControlSet\Services\LMS => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NitroReaderDriverReadSpool3 => removed successfully
HKLM\System\CurrentControlSet\Services\NitroReaderDriverReadSpool3 => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NitroReaderDriverReadSpool5 => removed successfully
HKLM\System\CurrentControlSet\Services\NitroReaderDriverReadSpool5 => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RichVideo => removed successfully
HKLM\System\CurrentControlSet\Services\RichVideo => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RtkAudioService => removed successfully
HKLM\System\CurrentControlSet\Services\RtkAudioService => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SftService => removed successfully
HKLM\System\CurrentControlSet\Services\SftService => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SupportAssistAgent => removed successfully
HKLM\System\CurrentControlSet\Services\SupportAssistAgent => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TrueColorALS => removed successfully
HKLM\System\CurrentControlSet\Services\TrueColorALS => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WavesSysSvc => removed successfully
HKLM\System\CurrentControlSet\Services\WavesSysSvc => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\APC UPS Status.lnk" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RTHDVCPL" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RTHDVCPL" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RtHDVBg_MAXX6" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RtHDVBg_MAXX6" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\WavesSvc" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WavesSvc" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BTMTrayAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BTMTrayAgent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\TrueColor UI" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TrueColor UI" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\IAStorIcon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IAStorIcon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Classic Start Menu" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Classic Start Menu" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\DropboxOEM" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DropboxOEM" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SolidWorks_CheckForUpdates" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SolidWorks_CheckForUpdates" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Display" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Display" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Adobe ARM" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Avira System Speedup User Starter" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Avira System Speedup User Starter" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D6128130-0166-43ED-A302-2C3D82DBB4BD}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{25A8383A-6844-4CA9-9754-F7270A9EDEA9}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1B8AE6FC-E82A-40BE-8DBF-D3AD761BE7E1}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{719A1FE3-1692-41CB-9F74-9DEAEE8D0FF4}C:\users\perry\appdata\local\programs\opera\65.0.3467.78\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{177B8F47-546D-4976-A11C-17FDD34801F5}C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6B88847B-FE25-4614-AA14-1DDD0C253D73}C:\users\perry\appdata\local\programs\opera\66.0.3515.44\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{644CE154-8622-400A-AE33-A786378E424E}C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{28BA8541-E530-4656-8FB7-5422DAFDB661}C:\users\perry\appdata\local\programs\opera\66.0.3515.72\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D52A6DEC-B307-4B55-82A3-9BDC378B506E}C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9A797914-2F08-422A-B91A-30867781BF19}C:\users\perry\appdata\local\programs\opera\66.0.3515.103\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{26971CB7-D74D-4ED6-9196-4CD951E32B1C}C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A6195251-C89A-4CE9-B8C4-2977AE96E030}C:\users\perry\appdata\local\programs\opera\66.0.3515.115\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EDF0A680-FAE9-4947-838D-8DB1F1C8D5C5}C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8B099F78-6AEE-4FC5-A875-FBC2F8517F0B}C:\users\perry\appdata\local\programs\opera\67.0.3575.53\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{30F004F0-F6F3-4156-880C-A57493CEC785}C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D318FF28-1366-4F65-A1D5-7123AD773E70}C:\users\perry\appdata\local\programs\opera\67.0.3575.79\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CEFBDAB2-21A3-4F35-91EB-AAD8D4C131DC}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5DD32CD3-B1FF-437E-86BA-FBA6C39248C1}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5ED39571-8E69-4C1A-90ED-2FB2C769D0E7}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C30BC556-0CEA-4866-9BCC-F4E0E84C6512}C:\users\perry\appdata\local\programs\opera\67.0.3575.97\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5EAB188D-C903-4495-A291-723E2EFCA6C3}C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{03FD3AFC-F656-4B44-B46E-533E7AF5BE42}C:\users\perry\appdata\local\programs\opera\67.0.3575.115\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A5B3D830-1B72-4817-A536-6D5837989108}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{69559080-63F6-4FC6-9340-66D6ED8D0173}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{271390FD-885E-48D7-BDD9-959E8C607053}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A3E86EDD-B458-457A-975C-CCA9FA674F47}C:\users\perry\appdata\local\programs\opera\67.0.3575.137\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{374B0C3C-1447-478C-893D-E6A7A8565C85}C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{005CB3A9-EBFD-4C3A-9F23-DB1ADB0A6D93}C:\users\perry\appdata\local\programs\opera\68.0.3618.63\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7DA8C419-B362-4075-B772-80EB3FD7ECCE}C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7D6A0B82-E44B-4560-9011-79602A33874C}C:\users\perry\appdata\local\programs\opera\68.0.3618.104\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EFF3852E-CE5D-4025-8B8F-0A90D2568E28}C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D0BB52AD-A263-4596-BE08-305C5BFCCB7E}C:\users\perry\appdata\local\programs\opera\68.0.3618.125\opera.exe" => removed successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 149668347 B
Java, Flash, Steam htmlcache => 9683 B
Windows/system/drivers => 203341642 B
Edge => 0 B
Chrome => 0 B
Firefox => 800628109 B
Opera => 466419750 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 935717 B
systemprofile32 => 935717 B
LocalService => 35282267 B
NetworkService => 36264567 B
Perry => 326719577 B
stealth => 328342168 B

RecycleBin => 3743845318 B
EmptyTemp: => 5.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-06-2020 15:22:06)

C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 15:22:07 ====
 

·
Moderator , Security Team
Joined
·
1,049 Posts
No need to worry about the Hosts file failing to clear, that was being protected by Avira, in any case I was only clearing it as a precaution, not because I saw anything malicious in your earlier FRST scans. I cleared your DNS Cache for a similar reason.

Other than that everything seems to have gone OK, with the exception of the two files ...

VirusTotal: C:\Users\Perry\Desktop\stopandshop_flyer_0515_05222020.pdf => (3) Error
VirusTotal: C:\Users\Perry\Desktop\stopandshop_flyer_0521_05282020.pdf => (3) Error
... failing to scan at VirusTotal.

Do you know what these 2 files are, and/or how they got on your Desktop ?

Next ....

I'd like you to run an online scan for me. The scan will look in areas that FRST does not, and so may detect things I'm not yet aware of.

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

Please Note ... the instructions above were correct at the time of writing, however E-Set have a habit of changing their interface, and it's a while since these were written, so if you're not able to run a scan using them, then please let me know, and I'll write a new set.
 

·
Registered
Joined
·
147 Posts
Discussion Starter #24
How does the system look at this point?

Any idea how the Windows defender scam web site may have crashed my system ? My history shows the opening many sessions of Firefox, so maybe that did it.

The pdf files flagged by virustotal I downloaded from the grocery store and are a circular (flyer) Is there anything more we should do ?

I noticed there we some Dell updater type file deleted. Are they considered risk,?

I'll run Eset and post back.
 

·
Moderator , Security Team
Joined
·
1,049 Posts
Sorry, I didn't get any notification that you'd replied, and I've been busy with work for the last few days, so haven't checked my topics manually as I usually do, so I missed your last reply.

As far as I can see so far, your machine does not look to have any active malware present, though I'll know better whether that is the case when I see your E-Set scan results.

The dell items I removed were services that had been altered using MSConfig, which is not a way for these services to have been disabled. MSConfig is a tool used to temporarily modify things for fault finding purposes only, it should not be used to make permanent changes.

FRST just set all the disabled MSConfig items I listed back to their default state. If you wish to permanently disable any of them, then we can do so using more appropriate methods.

I have no particular reason to suspect the two PDF files, other than that I did not know what they were, and the fact that the VirusTotal scan of them seemed to have problems. If you put them there yourself, then they're probably OK. We can always delete them later if necessary, but at this point I don't think it is.
 

·
Registered
Joined
·
147 Posts
Discussion Starter #26
Eset scan below:

6/20/2020 8:26:23 AM
Files scanned: 466593
Detected files: 0
Cleaned files: 0
Total scan time: 02:13:57
Scan status: Finished
 

·
Moderator , Security Team
Joined
·
1,049 Posts
OK, looks like your machine is clear of any signs of an infection.

How is it running now ?

If you're still having any problems with it please let me know, if not, let me know and I'll give instructions for removing FRST.

If you need to permanently disable the items that were being temporarily disabled by MSConfig, I'll be happy to help you do that also.
 

·
Registered
Joined
·
147 Posts
Discussion Starter #28
I really appreciate your help on my system.

No infection is good news. Is there anything I should change to prevent this from happening again and improve security ? The current AV and browser had browser safety. It usually has given a warning on malicious sites. As mentioned above, I believe the Windows Defender malicious site opened many sessions of the browser to crash my system in an effort for me to call their bogus "support number". I have had no instance of multiple browser sessions occurring since the first shut I was able to do .

PC seems to be running ok. Boot time seems to be taking a little longer from signin to Windows screen. No other issue that I found yet.

Some of the Dell programs were disabled in msconfig because they were slowing down the system to almost being unusable. But, this has not happened so far. It has been a while since I did this, is there a way to review the programs in the scan logs that were disabled previously in msconfig?
 

·
Moderator , Security Team
Joined
·
1,049 Posts
If you run a new scan with FRST (with your computer booted as normal) and attach the new logs to your next post, I'll compare your startup items to your earlier FRST list, and with the list of msconfig items I marked for fixing, and I should then be able to see which ones can be safely and permanently disabled.

I'll then post a possible "fixlist" and we can discuss which ones you want to "fix".
 

·
Registered
Joined
·
147 Posts
Discussion Starter #30
I mistakenly ran frst in recovery mode. I then rebooted an ran frst again normal boot, it updated, and ran the scan. Below is the scan result from the normal boot ,Version: 22-06-2020



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-06-2020
Ran by Perry (administrator) on TRAVELER (Dell Inc. Inspiron 5558) (23-06-2020 12:28:52)
Running from C:\Users\name\Desktop
Loaded Profiles: name
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(American Power Conversion -> Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(American Power Conversion -> Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc. -> ) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [238568 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\...\Run: [Opera Browser Assistant] => C:\Users\Perry\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3004440 2020-06-18] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD8U.DLL [27648 2007-04-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP470 series: C:\Windows\system32\CNMLM8U.DLL [259584 2008-02-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon10.dll [31904 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D7339CA-B502-42E7-9E86-B740B80469C3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {1D123A09-8308-4D35-8B4A-EA16D1AB46FC} - System32\Tasks\Opera scheduled Autoupdate 1578167430 => C:\Users\Perry\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {25F49B7D-C839-444B-AB28-915A05FEB345} - System32\Tasks\Reg Backup Tweaking.com => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [325376 2015-08-06] (Tweaking LLC -> Tweaking.com)
Task: {2C26BC2B-1C53-40B7-A7AB-5565DEA7E0F5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
Task: {39952320-36B5-420E-90AA-EAEEE64BC34E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
Task: {6916CB4A-A4C1-467D-B565-F26D6FD34DD5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248 2014-04-01] (Leader Technologies Inc -> Aviata Inc)
Task: {709BDAD3-FED5-4F14-B7C3-9EAA17591004} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_pepper.exe [1454648 2020-06-15] (Adobe Inc. -> Adobe)
Task: {77039CAF-FC0B-4A07-9E5B-6F8E74B5920A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
Task: {8FB46D0D-FAB7-4C8C-BFB5-58585EEBAE9D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [30904 2016-04-22] (Dell Inc. -> Dell Inc.)
Task: {932D8596-AAC4-408F-8CE5-F56106CD86DE} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [28678840 2020-06-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {A5C4072D-DEDB-45BA-AEF4-EE4A95545789} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {A9A6E7CD-4B8A-429C-87AB-D9183C2425FC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-15] (Adobe Inc. -> Adobe)
Task: {ACF229D7-7638-448F-A366-78430F9E80B9} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248 2014-04-01] (Leader Technologies Inc -> Aviata Inc)
Task: {AF5A3E67-BD3C-460F-91AA-EE50687A9D53} - System32\Tasks\Opera scheduled assistant Autoupdate 1580934218 => C:\Users\Perry\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {B1F84C72-FC26-4C4D-82E2-8A1386746998} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [325376 2015-08-06] (Tweaking LLC -> Tweaking.com)
Task: {B7DCA8D6-3C6B-4DFD-BBA1-5C8E4287A991} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {C726661B-E9AF-45B1-B720-7A5F3B8ADA39} - System32\Tasks\{FB6F14F3-7CF6-43A3-8FE7-03F3531E9EEC} => C:\Windows\system32\pcalua.exe -a C:\Users\Perry\Downloads\dell_update\update_new\AirplaneModex64_ZPE.exe -d C:\Users\Perry\Downloads\dell_update\update_new
Task: {F420592F-981F-47DB-8A5D-FD79A30CC51E} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [228040 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {FCC66A3A-18F6-465A-BE85-A6A3C88CA539} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759632 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50117D21-2CC1-4E1A-8962-144E8A4A03E7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EA106053-A368-40FB-9D12-76007CF71C96}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]

FireFox:
========
FF DefaultProfile: q2dk1i87.default
FF ProfilePath: C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default [2020-06-23]
FF NetworkProxy: Mozilla\Firefox\Profiles\q2dk1i87.default -> type", 0
FF Notifications: Mozilla\Firefox\Profiles\q2dk1i87.default -> hxxps://mg.mail.yahoo.com; hxxps://www.aol.com
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\@testpilot-containers.xpi [2018-09-12]
FF Extension: (Avira Browser Safety) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2020-06-15]
FF Extension: (FlashStopper) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2017-11-08] [Legacy]
FF Extension: (Page To PDF) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2018-04-24]
FF Extension: (RSS Icon in url bar) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2016-07-16] [Legacy]
FF Extension: (Price Rocket) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2016-10-14] [Legacy]
FF Extension: (View in Office Online Viewer) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\[email protected] [2016-04-27] [Legacy]
FF Extension: (NoScript) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-09-05]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-06-15]
FF Extension: (BetterPrivacy) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-07-25] [Legacy]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-15] (Adobe Inc. -> )
FF Plugin: @Videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @Videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-15] (Adobe Inc. -> )
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro Software, Inc. -> Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1021941897-2095083384-3793157674-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Perry\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-24] (Citrix Online -> Citrix Online)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

Opera:
=======
OPR Notifications: hxxps://togo.carrabbasonlineordering.com
OPR Extension: (Popup Blocker (strict)) - C:\Users\Perry\AppData\Roaming\Opera Software\Opera Stable\Extensions\jabcemjkhjfpkhakphioakkhcnbgeomm [2020-01-04]
OPR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Perry\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbjmgmedeliohhbaefhlplndokcbmjio [2020-01-27]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208664 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537144 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483832 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483832 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573256 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (American Power Conversion -> Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (American Power Conversion -> Schneider Electric)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636264 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [383240 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [243856 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159856 2020-06-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-08-24] (Dell Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-01-04] (Intel Corporation-Wireless Connectivity Solutions -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2016-01-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208016 2020-05-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-05-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2020-06-23] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2014-12-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 phantomtap; C:\Windows\system32\DRIVERS\phantomtap.sys [35664 2017-07-13] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35784 2017-02-03] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Intel(R) Wireless Display -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-23 12:28 - 2020-06-23 12:28 - 000000000 ____D C:\Users\Perry\Desktop\FRST-OlderVersion
2020-06-23 12:27 - 2020-06-23 12:27 - 000020372 _____ C:\Users\Perry\Desktop\shoprite_list.odt
2020-06-20 08:27 - 2020-06-20 08:27 - 000000264 _____ C:\Users\Perry\Desktop\eset_0619.txt
2020-06-19 17:26 - 2020-06-20 08:30 - 000000521 _____ C:\Users\Perry\Desktop\ESET Online Scanner.lnk
2020-06-19 11:21 - 2020-06-19 11:21 - 000000000 ____D C:\Users\Perry\AppData\Local\ESET
2020-06-17 11:07 - 2020-06-17 11:09 - 014665312 _____ (ESET spol. s r.o.) C:\Users\Perry\Desktop\esetonlinescanner.exe
2020-06-16 15:05 - 2020-06-16 15:22 - 000031332 _____ C:\Users\Perry\Desktop\Fixlog.txt
2020-06-16 14:25 - 2020-06-16 14:25 - 000012632 _____ C:\Users\Perry\Desktop\first_20200616_1232pm.txt
2020-06-16 11:52 - 2020-06-16 11:56 - 000053846 _____ C:\Users\Perry\Desktop\Addition.txt
2020-06-16 11:47 - 2020-06-23 12:31 - 000023586 _____ C:\Users\Perry\Desktop\FRST.txt
2020-06-15 07:53 - 2020-06-15 07:53 - 000004432 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-06-07 21:51 - 2020-06-23 12:31 - 000000000 ____D C:\FRST
2020-06-07 21:41 - 2020-06-23 12:28 - 002290176 _____ (Farbar) C:\Users\Perry\Desktop\FRST64.exe
2020-05-25 10:27 - 2020-06-16 15:26 - 000000000 ____D C:\Users\Perry\opera autoupdate

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-23 12:28 - 2017-02-20 14:17 - 000000000 ____D C:\Users\Perry\AppData\LocalLow\Mozilla
2020-06-23 12:26 - 2016-07-06 17:47 - 000000000 ____D C:\Users\Perry\AppData\Local\ClassicShell
2020-06-23 11:02 - 2015-07-25 22:43 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1021941897-2095083384-3793157674-1001
2020-06-23 10:42 - 2020-02-08 18:48 - 000000000 ____D C:\Users\Perry\Downloads\opera autoupdate
2020-06-23 10:38 - 2019-11-13 10:35 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-06-23 10:36 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-23 09:33 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2020-06-23 08:39 - 2017-01-25 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2020-06-22 09:35 - 2020-01-04 15:50 - 000004054 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1578167430
2020-06-22 09:35 - 2020-01-04 15:50 - 000001340 _____ C:\Users\Perry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2020-06-19 16:24 - 2015-08-04 14:32 - 000000000 ____D C:\Users\Perry\Documents\1_Laptop
2020-06-18 17:33 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2020-06-18 15:43 - 2020-02-05 16:23 - 000004288 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1580934218
2020-06-18 14:45 - 2016-01-04 13:08 - 000000000 ____D C:\Users\Perry\Documents\Family and Friends
2020-06-17 11:53 - 2015-12-15 18:25 - 000000000 ____D C:\Users\Perry\Documents\Health Me
2020-06-16 15:58 - 2015-09-02 17:58 - 000000000 ____D C:\Users\Perry\Documents\Purchase_Receipt_Coupon_Rebate_web
2020-06-16 15:51 - 2015-09-13 23:37 - 000000000 ____D C:\Users\Perry\AppData\Roaming\Nitro
2020-06-16 15:15 - 2015-07-27 15:25 - 000000000 ____D C:\Users\Perry\AppData\LocalLow\Temp
2020-06-16 11:35 - 2014-11-21 00:42 - 000866884 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-15 11:37 - 2015-07-25 22:35 - 000000000 ____D C:\Users\Perry
2020-06-15 10:19 - 2018-09-14 17:55 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-15 10:19 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-06-15 10:19 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-06-15 09:44 - 2015-07-28 23:02 - 000000000 ____D C:\Users\Perry\AppData\Local\Adobe
2020-06-15 09:15 - 2019-04-22 09:22 - 000000000 ____D C:\Users\Perry\Downloads\adobe
2020-06-11 12:06 - 2020-03-25 11:27 - 000003454 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2020-06-08 12:20 - 2020-03-25 11:14 - 000003662 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate
2020-06-07 21:11 - 2015-07-26 22:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-05 17:24 - 2017-02-13 11:11 - 000000000 ____D C:\Users\Perry\AppData\Local\Autodesk
2020-06-04 01:53 - 2015-07-26 22:35 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-03 11:40 - 2017-02-15 13:23 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-05-27 14:29 - 2017-06-16 14:31 - 000000000 ____D C:\Users\Perry\Documents\Electronics_watches_small_appliances
2020-05-27 10:53 - 2015-08-11 12:32 - 000000000 ____D C:\Users\Perry\Documents\House
2020-05-26 10:36 - 2018-01-12 00:01 - 000208016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

==================== Files in the root of some directories ========

2005-11-27 01:53 - 2005-11-27 01:53 - 000049152 _____ ( ) C:\Program Files (x86)\Interop.WIA.dll
2013-08-25 19:57 - 2013-08-25 19:57 - 000001968 _____ () C:\Program Files (x86)\License.txt
2017-10-02 15:43 - 2017-10-02 15:43 - 001735384 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Base.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 003530240 _____ () C:\Program Files (x86)\PaintDotNet.Base.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000644824 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Core.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 002113024 _____ () C:\Program Files (x86)\PaintDotNet.Core.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000088280 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Data.dll
2017-10-02 15:44 - 2017-10-02 15:44 - 000269824 _____ () C:\Program Files (x86)\PaintDotNet.Data.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000191192 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Effects.dll
2017-10-02 15:44 - 2017-10-02 15:44 - 000488960 _____ () C:\Program Files (x86)\PaintDotNet.Effects.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 001782488 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.exe
2017-07-04 18:17 - 2017-07-04 18:17 - 000000534 _____ () C:\Program Files (x86)\PaintDotNet.exe.config
2017-10-02 15:44 - 2017-10-02 15:44 - 000337112 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Framework.dll
2017-10-02 15:44 - 2017-10-02 15:44 - 001166848 _____ () C:\Program Files (x86)\PaintDotNet.Framework.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 004361728 _____ () C:\Program Files (x86)\PaintDotNet.pdb
2017-10-02 15:43 - 2017-10-02 15:43 - 000405208 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Resources.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000046592 _____ () C:\Program Files (x86)\PaintDotNet.Resources.pdb
2017-10-01 11:50 - 2017-10-01 11:50 - 000146956 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.cs.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000142725 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.da.resources
2017-10-01 12:03 - 2017-10-01 12:03 - 000148759 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.DE.resources
2017-10-01 11:50 - 2017-10-01 11:50 - 000148034 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.ES.resources
2017-08-28 09:24 - 2017-08-28 09:24 - 000159963 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.fa.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000141861 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.fi.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000150514 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.FR.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000190737 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.hi.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000147219 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.hu.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000146125 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.it.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000157120 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.JA.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000150122 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.KO.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000148945 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.lt.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000144563 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.nl.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000145564 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.pl.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000147434 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.PT-BR.resources
2017-10-01 11:50 - 2017-10-01 11:50 - 000147107 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.pt-PT.resources
2017-07-03 21:50 - 2017-07-03 21:50 - 000140551 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.resources
2017-10-01 17:18 - 2017-10-01 17:18 - 000172936 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.RU.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000144431 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.sv.resources
2017-08-28 09:24 - 2017-08-28 09:24 - 000136887 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.ZH-CN.resources
2017-10-01 11:50 - 2017-10-01 11:50 - 000139240 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.zh-TW.resources
2017-10-02 15:43 - 2017-10-02 15:43 - 000566488 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.SystemLayer.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 001089752 _____ () C:\Program Files (x86)\PaintDotNet.SystemLayer.Native.x64.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000996568 _____ () C:\Program Files (x86)\PaintDotNet.SystemLayer.Native.x86.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000824832 _____ () C:\Program Files (x86)\PaintDotNet.SystemLayer.pdb
2017-10-02 15:43 - 2017-10-02 15:43 - 000014040 _____ (dotPDN LLC) C:\Program Files (x86)\PdnRepair.exe
2015-09-24 20:08 - 2015-09-24 20:08 - 000000235 _____ () C:\Program Files (x86)\PdnRepair.exe.config
2017-10-02 15:43 - 2017-10-02 15:43 - 000013824 _____ () C:\Program Files (x86)\PdnRepair.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000029912 _____ (dotPDN LLC) C:\Program Files (x86)\SetupNgen.exe
2010-04-21 01:57 - 2010-04-21 01:57 - 000000254 _____ () C:\Program Files (x86)\SetupNgen.exe.config
2017-10-02 15:43 - 2017-10-02 15:43 - 000028160 _____ () C:\Program Files (x86)\SetupNgen.pdb
2017-10-02 15:43 - 2017-10-02 15:43 - 000111832 _____ () C:\Program Files (x86)\ShellExtension_x64.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000099032 _____ () C:\Program Files (x86)\ShellExtension_x86.dll
2015-08-25 14:41 - 2019-05-14 15:18 - 000000820 _____ () C:\Program Files (x86)\shexview.cfg
2015-08-08 07:55 - 2015-08-25 14:17 - 000171104 _____ (NirSoft) C:\Program Files (x86)\shexview.exe
2017-10-02 15:43 - 2017-10-02 15:43 - 000014040 _____ (dotPDN LLC) C:\Program Files (x86)\UpdateMonitor.exe
2015-09-24 20:10 - 2015-09-24 20:10 - 000000235 _____ () C:\Program Files (x86)\UpdateMonitor.exe.config
2017-10-02 15:43 - 2017-10-02 15:43 - 000013824 _____ () C:\Program Files (x86)\UpdateMonitor.pdb
2015-07-26 00:43 - 2020-01-04 17:08 - 000007609 _____ () C:\Users\Perry\AppData\Local\resmon.resmoncfg

==================== FLock ==============================

2015-06-18 02:17 C:\System Recovery

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-06-20 03:00
==================== End of FRST.txt ========================
 

·
Moderator , Security Team
Joined
·
1,049 Posts
Can you post me the new Addition.txt log as well please, I need to see the information on that as well.

Can you also do the following for me please ...

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
Folder: C:\FRST\Quarantine
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 

·
Moderator , Security Team
Joined
·
1,049 Posts
OK, talk to you when you've posted the information from the extra "fix" I asked you to run, and I've had a chance to look it over.
 

·
Registered
Joined
·
147 Posts
Discussion Starter #34
I assumed this scan was to be done in normal boot mode. Let me know if it needs to be done in recovery mode. When the script ran, the system rebooted and wrote the fixlog.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-06-2020
Ran by Perry (25-06-2020 10:24:01) Run:3
Running from C:\Users\Perry\Desktop
Loaded Profiles: Perry
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\FRST\Quarantine
*****************


"C:\FRST\Quarantine" folder move:

Could not move "C:\FRST\Quarantine" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-06-2020 10:29:25)

C:\FRST\Quarantine => Could not move

==== End of Fixlog 10:29:27 ====
 

·
Moderator , Security Team
Joined
·
1,049 Posts
Please pay attention to what I post.

I asked you to use the following fix ...

Folder: C:\FRST\Quarantine

What you actually used was ...

C:\FRST\Quarantine

... the result of which could have been disastrous.

The first asks FRST to list the contents of your quarantine folder, what you used would have deleted the quarantine folder, if it were not a protected folder.

So ..... please run the fix again, and this time use the fix script I gave you.
 

·
Registered
Joined
·
147 Posts
Discussion Starter #36
Sorry for the error. Looks like a cut and paste error in my haste this morning, so I will take more care.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-06-2020
Ran by Perry (25-06-2020 20:11:09) Run:4
Running from C:\Users\Perry\Desktop
Loaded Profiles: Perry
Boot Mode: Normal
==============================================

fixlist content:
*****************
Folder: C:\FRST\Quarantine
*****************


========================= Folder: C:\FRST\Quarantine ========================

2020-06-16 11:25 - 2020-06-25 10:24 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C
2020-06-25 10:24 - 2020-06-25 10:24 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\FRST
2020-06-16 15:07 - 2020-06-16 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData
2020-06-16 15:07 - 2020-06-16 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData\Microsoft
2020-06-16 15:07 - 2020-06-16 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows
2020-06-16 15:07 - 2020-06-16 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu
2020-06-16 15:07 - 2020-06-16 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs
2020-06-16 15:07 - 2020-06-16 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2017-03-10 18:13 - 2017-03-10 18:13 - 000001077 ____A [213547AA1D1A3CEF3A2ACB8F4A6901D0] () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk.xBAD
2020-06-16 11:25 - 2020-06-16 11:25 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows
2020-06-16 11:25 - 2020-06-16 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\System32
2020-06-16 15:07 - 2020-06-16 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\System32\Drivers
2020-06-16 15:07 - 2020-06-16 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\System32\Drivers\etc
2020-06-16 11:25 - 2020-06-16 11:25 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\System32\Tasks
2016-07-21 15:01 - 2016-07-21 15:01 - 000003342 ____A [D6D00C3C7988C2C2AC2531CFE384843C] () C:\FRST\Quarantine\C\Windows\System32\Tasks\PCDDataUploadTask.xBAD
2016-07-21 15:01 - 2016-07-21 15:01 - 000004028 ____A [16E181A161736BC5C695222586FF0F51] () C:\FRST\Quarantine\C\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask.xBAD
2016-07-21 15:01 - 2016-07-21 15:01 - 000003218 ____A [B4006D00241DB023C28E906E6AC1DB0F] () C:\FRST\Quarantine\C\Windows\System32\Tasks\SystemToolsDailyTest.xBAD
2020-06-16 11:26 - 2020-06-16 11:26 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\SysWOW64
2020-06-16 11:26 - 2020-06-16 11:26 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\SysWOW64\Drivers
2016-12-10 17:18 - 2016-12-10 17:18 - 000007168 ____A [524D8D450622DB4A7875B111C299A76B] () C:\FRST\Quarantine\C\Windows\SysWOW64\Drivers\utizodqz.sys.xBAD

====== End of Folder: ======


==== End of Fixlog 20:11:09 ====
 

·
Moderator , Security Team
Joined
·
1,049 Posts
Houston we have a problem.

Your Quarantine folder list is way too short, which means that the incorrect fix you ran has had some effect and deleted some of the entries.

It should contain details for every item we've fixed, which it doesn't, and that is unfortunate since it means we can't restore any of them should we have needed to.

The reason I say that, is because the MSConfig items we "fixed" were not present in your latest scan logs, which means that they've been removed and not reset to default as I mistakenly believed they would be.

Now this may not be of any concern to you, as you had disabled them from starting anyway, but it does mean that if at some point you wanted to re-enable them, you would not be able to do so.

How is your computer behaving ?

Is there anything you can't do that you believe you should be able to ?
 

·
Registered
Joined
·
147 Posts
Discussion Starter #38 (Edited)
The computer seems to be behaving Ok base on few quick checks: running frequently used programs , internet access , printer , and accessing control panel. I have not rebooted. I won't be able to do any major fix/ debugging for this problem until after my deadline of Tuesday, June 30, but I can do some minor things .

In the my post #34 Fixlist states Could not move "C:\FRST\Quarantine" => Scheduled to move on reboot. Does this mean that there is a pending command on reboot. If so, is there anything that can be done. I would like to hold off on rebooting until after the 30 th, unless a reason to do now.

There is a pending Window update which I would like to postpone, unless a reason to do now.

Can the msconfig fixes be re-entered or set to default base on the program reinstall or setting change ( if the programs are known) or is this a OS issue that cannot be resolved this way? I have created a preliminary list of the programs. Another option, use the Dell restore partition ?

Are any Event View errors worth looking at ?
 

·
Moderator , Security Team
Joined
·
1,049 Posts
In answer to your questions ....

1. If you have not yet rebooted your machine since running FRST, then yes there is a pending task that will execute during bootup. Namely it will try to delete FRSTs quarantine files.

However, since the files we wanted to recover have already been deleted, there's no more damage that can be done.

All that would be deleted are ...

2017-03-10 18:13 - 2017-03-10 18:13 - 000001077 ____A [213547AA1D1A3CEF3A2ACB8F4A6901D0] () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk.xBAD
2016-07-21 15:01 - 2016-07-21 15:01 - 000003342 ____A [D6D00C3C7988C2C2AC2531CFE384843C] () C:\FRST\Quarantine\C\Windows\System32\Tasks\PCDDataUploadTask.xBAD
2016-07-21 15:01 - 2016-07-21 15:01 - 000004028 ____A [16E181A161736BC5C695222586FF0F51] () C:\FRST\Quarantine\C\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask.xBAD
2016-07-21 15:01 - 2016-07-21 15:01 - 000003218 ____A [B4006D00241DB023C28E906E6AC1DB0F] () C:\FRST\Quarantine\C\Windows\System32\Tasks\SystemToolsDailyTest.xBAD
2016-12-10 17:18 - 2016-12-10 17:18 - 000007168 ____A [524D8D450622DB4A7875B111C299A76B] () C:\FRST\Quarantine\C\Windows\SysWOW64\Drivers\utizodqz.sys.xBAD
.... none of which are going to effect the functionality of your machine.

So reboot and allow it to perform the outstanding task

2. Reinstalling the individual programs related to the msconfig items is the way to get them back.

All you should have to do is run the necessary installer programs, and install over your existing installs. The installer program will then replace any missing elements.

If you then want to disable any or all of them, then we can discuss how to do that.

Looking at your Event logs, I think it would be beneficial if you did the following before re-installing the missing program elements ...

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
CMD: DISM /online /cleanup-image /restorehealth
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt and run a check on your system files using Microsoft's DISM (Deployment Image Servicing and Management ) tool, and attempt to repair any faulty ones it finds. This can take some time so be patient (on my machine it took about 30 mins, but dependant on what may need to be fixed it could take longer).
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 

·
Moderator , Security Team
Joined
·
1,049 Posts
It's now 5 days since my last post, so as you have not replied I will assume your problem is resolved, or you have abandoned this topic.

So .... this topic is now closed.
 
21 - 40 of 57 Posts
Status
Not open for further replies.
Top