Jump to content


Photo

Issues with PowerPoint, jpegs and Chrome

chrome powerpoint photo viewer 64pixels

  • This topic is locked This topic is locked
4 replies to this topic

#1 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 239 posts

Posted 16 December 2019 - 12:54 AM

Yesterday suddenly I had a hard time to open jpgs (with Windows PhotoViewer), Powerpoint (embedded jpgs in pptx were “red-X” marked, and not being able to open more than one pptx file at a time) and even Chrome was an issue, suddenly becoming inoperable. These symptoms started mildly about three days ago and escalated in the last 48 hours until my laptop was essentially useless. It was hard to download and install FRST, ESET Online scanner, and particularly Malwarebytes, but eventually managed to do so.

 

I have attached the reports. These reports were generated after I scanned and repaired de C drive (took over two hours). I was also having a “64pixels dot com” tab opening automatically every time I was opening Chrome before the repairs; not anymore so far. It seems like all is ‘back-to-normal” but since PUPs were detected I am posting them for your suggestions. Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2019
Ran by Jorge (administrator) on JSOTO-PC (TOSHIBA Satellite P75-A) (15-12-2019 21:44:13)
Running from C:\Users\Jorge\Desktop
Loaded Profiles: Jorge (Available Profiles: Jorge)
Platform: Windows 8 Pro with Media Center (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\SmartUpdater\DocUnzipUpdt.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Antibody Software Limited -> ) C:\Program Files (x86)\WizMouse\WizMouse.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\AvBugReport.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Charles Schwab & Co., Inc. -> Charles Schwab) C:\Program Files (x86)\Schwab\StreetSmart Edge\Updater\StreetSmartAutoUpdate.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\GManager.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\mlpatch.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\U2VSvr.exe
(Magic Control Technology Corp. -> Magic Control Technology Corporation) C:\Windows\System32\MTri1+64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NETGEAR -> Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe
(NETGEAR -> Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe
(Netgear Incorporated -> ) C:\Windows\runSW.exe
(Netgear Incorporated -> Realtek) C:\Windows\SwUSB.exe
(NETGEAR TAIWAN CO., LTD -> NETGEAR) C:\Program Files (x86)\NETGEAR\A6100\A6100.EXE
(NETGEAR TAIWAN CO., LTD -> NETGEAR) C:\Program Files (x86)\NETGEAR\A7000\A7000.EXE
(SafeNet, Inc. -> SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(TOSHIBA CORPORATION -> ) C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC. -> CANON INC.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Util] => C:\windows\system32\Util.exe [195200 2011-05-04] (Magic Control Technology Corp. -> )
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895128 2017-09-18] (Magic Control Technology Corp. -> Magic Control Technology Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (Newsoft Technology Company -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4992048 2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] (Antibody Software Limited -> )
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [Speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [45056 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-06-28] (Google Inc -> Google Inc.)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [rUpdater agent] => C:\Users\Jorge\AppData\Roaming\rUpdater Software\rUpdater\rUpdater_agent.exe [1823232 2015-09-01] (Some Company) [File not signed]
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [2222032 2019-08-08] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {09ba931e-e670-11e3-beda-9f39c092eaab} - "E:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {0abedbe9-065a-11e4-beed-ed4ebebe5d0d} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL www.dowpolyurethane.com
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {30cc1b6f-2901-11e5-bfaa-681729552089} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {3af4b0de-fd41-11e3-bee7-eb545ec2ae58} - "E:\MotorolaDeviceManagerSetup.exe" -a
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> 
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> 
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.79\Installer\chrmstp.exe [2019-12-11] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{43581A46-171B-48ea-A547-172D32925233}] -> C:\Program Files (x86)\Norton Anti-Theft\Engine64\1.10.0.9\ppcp.dll [2013-10-11] (Symantec Corporation -> Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-07-02]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk [2019-01-08]
ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (NETGEAR -> Realtek Semiconductor Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A7000 Genie.lnk [2018-11-03]
ShortcutTarget: NETGEAR A7000 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe (NETGEAR -> Realtek Semiconductor Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-10-23]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () [File not signed]
Startup: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2015-06-28]
ShortcutTarget: Epson scanner Registration.lnk -> D:\Common\EpsonReg\Ereg.exe (No File)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0EB25943-4E36-48FD-9DE7-82435D6EF17F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-05] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {151763F2-86AC-4C8E-AFA6-40B3529CF9AB} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {1613DC06-5D17-43D6-BF8F-E9C217C9DD86} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1774728 2013-07-18] (CANON INC. -> CANON INC.)
Task: {1673D980-BD17-4A9A-984C-3E73E94EA3CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {18720FA1-29F7-4808-B6C3-3A1AD90D1B67} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {4740C05A-22CF-431C-8DEE-A17400F02133} - System32\Tasks\G2MUpdateTask-S-1-5-21-2289314783-225378754-3216661433-1001 => C:\Users\Jorge\AppData\Local\GoToMeeting\13022\g2mupdate.exe [32256 2019-05-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {52879CF4-B07E-4C3F-B6B0-3C0215F31A01} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] (Intel® Services Manager -> )
Task: {533BA1A7-1012-4E1C-88CB-6F0069DC8624} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {572AF79C-1392-4C80-97CB-4D068A9611A0} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle America, Inc. -> Oracle Corporation)
Task: {59D63634-B9B3-468E-96F2-32BCCAF3D58E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {61BACB0E-5FDE-4480-A33D-62392441FF0D} - System32\Tasks\G2MUploadTask-S-1-5-21-2289314783-225378754-3216661433-1001 => C:\Users\Jorge\AppData\Local\GoToMeeting\13022\g2mupload.exe [32256 2019-05-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6D2CAA1B-F8F4-4A30-8E5E-23F69F2E4403} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-11] (Adobe Inc. -> Adobe)
Task: {6E012B99-D0AB-4409-879E-652505F4216B} - System32\Tasks\Express PlayerUpdate => C:\Program Files (x86)\ExpressPlayer\ExpressPlayerUpdater.exe
Task: {7ED885A3-21A7-48FD-BC83-E1C2972F2FF9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {8688350E-3C08-4FE5-AEB4-D804AA39E9D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {8F570789-91F1-456F-B578-CFD2BFC8E1E9} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [430984 2010-11-05] (Minitab, Inc. -> Minitab)
Task: {9A32FE1C-4733-4F70-91DF-CE466C3ACC98} - System32\Tasks\{13D250AF-DC3F-4E72-95D0-4D301FF21FC0} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {9B6171CF-4523-4451-ABA4-7A4802AC9DE8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [52560 2013-08-01] (Symantec Corporation -> Symantec Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\windows\system32\SettingSyncInfo.dll [128512 2013-03-01] (Microsoft Windows -> Microsoft Corporation)
Task: {BFD73BE2-56B4-4C93-99F9-39B015D1C0F0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39848 2018-06-06] (Garmin International, Inc. -> )
Task: {C30F5172-C0F0-4A01-A551-1F95C8499411} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {D18220B9-246D-4E0D-836C-53799778952A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] (Intel® Services Manager -> )
Task: {D24BF813-20AA-4320-B83A-5BA0E37F995A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [654440 2013-03-19] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {D85306A3-4895-40AF-8540-8436234E219A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {E0D266AB-C640-4077-B905-63667DE68547} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\windows\system32\gpupdate.exe [20480 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
Task: {E54E5153-5DA1-4C4C-A9DB-A56DAF99E0E7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [1456128 2018-12-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F2060B4A-9CD2-48DD-A8D2-938B6B5C159D} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [52560 2013-08-01] (Symantec Corporation -> Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2289314783-225378754-3216661433-1001.job => C:\Users\Jorge\AppData\Local\GoToMeeting\13022\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-2289314783-225378754-3216661433-1001.job => C:\Users\Jorge\AppData\Local\GoToMeeting\13022\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{52E7B410-17BB-4806-A342-B68D7E68982A}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{A37FD4C9-F58C-4D09-A900-072FC77004EB}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.google.com/?gws_rd=ssl
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-04] (IvoSoft) [File not signed]
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-10.0.2\bin\ssv.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc -> Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2019-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-04] (IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-04] (IvoSoft) [File not signed]
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc -> Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-04] (IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-04] (IvoSoft) [File not signed]
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc -> Google Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-04] (IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2289314783-225378754-3216661433-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2289314783-225378754-3216661433-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP5-16/webex/ieatgpc1.cab
 
FireFox:
========
FF DefaultProfile: 3y176be1.default
FF ProfilePath: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default [2019-11-27]
FF Homepage: Mozilla\Firefox\Profiles\3y176be1.default -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\3y176be1.default -> hxxps://twitter.com
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\Extensions\sp@avast.com.xpi [2019-11-27]
FF Extension: (Avast Online Security) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\Extensions\wrc@avast.com.xpi [2019-11-27] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (QuickJava) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-11-09] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2019-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2019-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll [2010-08-05] (CambridgeSoft Corporation -> CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll [2010-08-05] (CambridgeSoft Corporation -> CambridgeSoft Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] (WildTangent Inc -> )
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll [2013-02-07] (Wolfram Research, Inc. -> Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2289314783-225378754-3216661433-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Jorge\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-10-30] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2289314783-225378754-3216661433-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-2289314783-225378754-3216661433-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://captainaltcoin.com; hxxps://leaderboard.investors.com; hxxps://seekingalpha.com; hxxps://swingtrader.investors.com; hxxps://www.google.com; hxxps://www.investors.com
CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default [2019-12-15]
CHR DownloadDir: C:\Users\Jorge\Downloads
CHR Extension: (Slides) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (US Weather Radar) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdnkhfljcoblghnaabndinjadlmhknj [2014-11-11]
CHR Extension: (Docs) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-25]
CHR Extension: (Screenshot Webpages) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2019-11-28]
CHR Extension: (Gliffy Diagrams) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2017-08-10]
CHR Extension: (Skype Calling) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-04-19]
CHR Extension: (YouTube) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-11-22]
CHR Extension: (Facebook) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-05-27]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2019-11-26]
CHR Extension: (PDF to OCR Text Converter) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdfhfjemjbndkgeafknoifghpfmhpbl [2018-09-24]
CHR Extension: (Background Image for Google™ Homepage) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedihplmdadkgmhdlblolekfbpghnppa [2016-07-29]
CHR Extension: (QuickBooks) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl [2014-09-06]
CHR Extension: (Screen capture, screenshot share/save) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjbjepchlgclmpinlbbeinajphohgfod [2019-01-11]
CHR Extension: (Google Search) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dark Reader) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-12-07]
CHR Extension: (Convertio) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppjkefeiehhflmgkhdooajgbkkegpcl [2019-10-21]
CHR Extension: (Highlighter) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdfcjfoifbjplmificlkdfneafllkgmn [2019-09-12]
CHR Extension: (Sheets) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Full Screen Weather) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-08-09]
CHR Extension: (GIF Scrubber) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp [2016-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Save to Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-08-09]
CHR Extension: (Avast Online Security) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2016-10-13]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-06-23]
CHR Extension: (Pixlr Express) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-09-06]
CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07]
CHR Extension: (Voice Recognition) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2016-10-13]
CHR Extension: (Highlight active tab) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbhoiilapkofcmlbgabfbdbjoljehpok [2019-11-04]
CHR Extension: (FaceBook Video Downloader) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcbmbabdfdohkdfmflhoegnldpihmdak [2019-05-28]
CHR Extension: (Voice to Text) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2018-12-31]
CHR Extension: (Be Limitless) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpnljppdhjpafeaokemhcggofohekbp [2017-09-29]
CHR Extension: (Floating for YouTube™) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2016-01-05]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2018-04-22]
CHR Extension: (Custom Page Zoom) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jodiabicmogcbbiocceenmeflipeelle [2018-12-12]
CHR Extension: (Grammarly for Chrome) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-12-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-18]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2019-11-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Print Friendly & PDF) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2019-12-06]
CHR Extension: (Notifications for Instagram) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2019-10-13]
CHR Extension: (Gmail) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-27]
CHR Extension: (Chrome Media Router) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-12]
CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-10-14]
CHR HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
R2 DocUnzipUpdt.exe; C:\Program Files (x86)\SmartUpdater\DocUnzipUpdt.exe [202752 2013-09-02] () [File not signed]
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-04-15] (DTS, Inc. -> )
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
R2 GManager; C:\windows\system32\GManager.exe [2263768 2017-08-18] (Magic Control Technology Corp. -> )
R2 hasplms; C:\windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet, Inc. -> SafeNet Inc.)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2468496 2012-11-15] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Trusted Connect Service -> Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation -> Intel Corporation)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] (Intel® Services Manager -> )
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-12-15] (Malwarebytes Inc -> Malwarebytes)
R2 MlPatch; C:\windows\system32\MlPatch.exe [2244912 2014-08-22] (Magic Control Technology Corp. -> )
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] (Intel Corporation-Mobile Wireless Group -> )
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation -> Symantec Corporation)
R2 NetgearA7000; C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe [45784 2013-07-03] (NETGEAR -> Realtek Semiconductor Corp.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation -> Symantec Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [218576 2019-08-08] (TEFINCOM S.A. -> )
R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (NETGEAR -> Realtek Semiconductor Corp.)
R2 RunSwUSB; C:\Windows\runSW.exe [44528 2018-11-03] (Netgear Incorporated -> )
R2 StreetSmart Edge Updater; C:\Program Files (x86)\Schwab\StreetSmart Edge\Updater\StreetSmartAutoUpdate.exe [44832 2019-08-28] (Charles Schwab & Co., Inc. -> Charles Schwab)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
R2 U2VSvr; C:\windows\system32\U2VSvr.exe [272512 2011-05-04] (Magic Control Technology Corp. -> )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Windows -> Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 A6100; C:\windows\system32\DRIVERS\A6100.sys [7694920 2018-01-15] (NETGEAR TAIWAN CO., LTD -> Realtek Semiconductor Corporation )
S3 A7000; C:\windows\system32\DRIVERS\A7000.sys [7694928 2018-01-15] (NETGEAR TAIWAN CO., LTD -> Realtek Semiconductor Corporation )
R3 Apowersoft_AudioDevice; C:\windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [204824 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [209552 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [65120 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42736 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [171520 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\windows\System32\drivers\aswNetSec.sys [552848 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110320 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [83792 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [848432 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460448 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [236024 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [316528 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
S3 ccSet_NARA; C:\windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NAT; C:\windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation -> Symantec Corporation)
S3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] (Cisco Systems, Inc. -> )
S3 CXPLRCAP; C:\windows\system32\drivers\elvidcap.sys [153064 2014-05-12] (Elgato Systems -> Elgato Systems GmbH)
S3 dc3d; C:\windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R3 debutfilter; C:\windows\system32\DRIVERS\debutfilterx64.sys [34512 2015-10-19] (NCH Software -> )
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet, Inc. -> SafeNet Inc.)
S3 jakstaVA; C:\windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (Jaksta Technologies Pty Ltd -> e2eSoft)
R3 L1C; C:\windows\system32\DRIVERS\L1C63x64.sys [119376 2013-01-15] (Atheros Communications Inc. -> Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [216544 2019-12-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [278344 2019-12-15] (Malwarebytes Inc -> Malwarebytes)
R3 mctkmd; C:\windows\system32\drivers\mctkmd64.sys [175736 2017-10-23] (Magic Control Technology Corp. -> Magic Control Technology Corporation)
R0 mctkmdldr; C:\windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corp. -> Magic Control Technology Corporation)
R3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3311072 2013-03-25] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R2 NPF; C:\windows\System32\drivers\npf.sys [47632 2009-10-21] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 QIOMem; C:\windows\System32\drivers\QIOMem.sys [14000 2012-07-26] (WDKTestCert 1,129877367804938542 -> TOSHIBA)
R3 RSP2STOR; C:\windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-05] (Synaptics Incorporated -> Synaptics Incorporated)
S3 T1PExGrp64; C:\windows\system32\DRIVERS\T1PExGrp64.sys [33920 2010-01-20] (Magic Control Technology Corp. -> Magic Control Technology Corp.)
S3 T1PMrGrp64; C:\windows\system32\DRIVERS\T1PMrGrp64.sys [35456 2010-01-20] (Magic Control Technology Corp. -> Magic Control Technology Corp.)
S3 t1pusb64; C:\windows\system32\drivers\t1pusb64.sys [163992 2017-11-29] (Magic Control Technology Corp. -> Magic Control Technology Corp.)
R3 tapnordvpn; C:\windows\system32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R0 THAccel; C:\windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
R3 Thotkey; C:\windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
R3 usb3Hub; C:\windows\System32\drivers\usb3Hub.sys [48024 2013-01-28] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [35232 2013-01-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\windows\System32\drivers\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [230904 2013-01-28] (Microsoft Corporation -> Microsoft Corporation)
R3 XHCIPort; C:\windows\System32\drivers\XHCIPort.sys [194456 2013-01-28] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2018-06-18] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2018-06-18] (Zemana Ltd. -> Zemana Ltd.)
U1 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-12-15 21:38 - 2019-12-15 21:38 - 000216544 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2019-12-15 21:33 - 2019-12-15 21:37 - 000278344 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-12-15 20:57 - 2019-12-15 20:57 - 000009515 _____ C:\Users\Jorge\Desktop\MalwareBytes2019-12-15.txt
2019-12-15 20:52 - 2019-12-15 21:18 - 000041431 _____ C:\Users\Jorge\Desktop\Addition.txt
2019-12-15 20:50 - 2019-12-15 21:47 - 000051421 _____ C:\Users\Jorge\Desktop\FRST.txt
2019-12-15 20:39 - 2019-12-15 20:39 - 000009781 _____ C:\Users\Jorge\Desktop\Malware Bytes 2019-12-15.txt
2019-12-15 20:06 - 2019-12-15 20:06 - 000000000 ____D C:\Users\Jorge\AppData\Local\cache
2019-12-15 18:27 - 2019-12-15 18:27 - 000001959 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-12-15 18:27 - 2019-12-15 18:27 - 000001959 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-12-15 18:26 - 2019-12-15 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-12-15 18:19 - 2019-12-15 18:18 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2019-12-15 18:13 - 2019-12-15 18:14 - 000506568 _____ C:\windows\system32\FNTCACHE.DAT
2019-12-15 15:17 - 2019-12-15 15:17 - 004169146 _____ C:\Users\Jorge\Downloads\WEBINAR 2018-12-01__001.pptx
2019-12-15 13:52 - 2019-11-12 16:03 - 000748816 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2019-12-15 13:17 - 2019-12-15 13:18 - 161071328 _____ (Malwarebytes) C:\Users\Jorge\Downloads\MBSetup-100523.100523 (1).exe
2019-12-15 12:59 - 2019-12-15 12:59 - 000001125 _____ C:\Users\Jorge\Downloads\SALog.txt
2019-12-15 12:59 - 2019-12-15 12:59 - 000001125 _____ C:\Users\Jorge\Desktop\SALog pre.txt
2019-12-15 12:58 - 2019-12-15 12:59 - 000899584 _____ C:\Users\Jorge\Downloads\RGSA.exe
2019-12-15 12:56 - 2019-12-15 12:56 - 010527368 _____ C:\Users\Jorge\Downloads\bitdefender_online.exe
2019-12-15 12:52 - 2019-12-15 12:54 - 000070212 _____ C:\Users\Jorge\Desktop\Addition pre.txt
2019-12-15 12:51 - 2019-12-15 21:47 - 000000000 ____D C:\FRST
2019-12-15 12:51 - 2019-12-15 12:54 - 000063467 _____ C:\Users\Jorge\Desktop\FRST pre.txt
2019-12-15 12:48 - 2019-12-15 21:09 - 000000818 _____ C:\Users\Jorge\Desktop\ESET Online Scanner.lnk
2019-12-15 12:48 - 2019-12-15 12:48 - 014562400 _____ (ESET spol. s r.o.) C:\Users\Jorge\Downloads\esetonlinescanner_enu (1).exe
2019-12-15 12:44 - 2019-12-15 12:44 - 002264064 _____ (Farbar) C:\Users\Jorge\Desktop\FRST64.exe
2019-12-15 12:42 - 2019-12-15 12:43 - 161071328 _____ (Malwarebytes) C:\Users\Jorge\Downloads\MBSetup-100523.100523.exe
2019-12-15 00:08 - 2019-12-15 00:08 - 005487339 _____ C:\Users\Jorge\Downloads\y2mate.com - hennessy_xo_the_seven_worlds_directed_by_ridley_scott_short_version_PjQClweBMXA_720p.mp4
2019-12-13 14:32 - 2019-12-13 14:32 - 000462064 _____ C:\Users\Jorge\Downloads\86174715-The-Most-Dangerous-Superstition-by-Larken-Rose.pdf
2019-12-13 06:18 - 2019-12-13 06:19 - 035298832 _____ C:\Users\Jorge\Downloads\DownFK.com_video.mp4
2019-12-12 01:55 - 2019-12-12 01:55 - 002654835 _____ C:\Users\Jorge\Desktop\whatinthehell.mp4
2019-12-12 01:21 - 2019-12-12 01:21 - 008021737 _____ C:\Users\Jorge\Downloads\y2mate.com - cruz_leaders_behind_trump_campaign_spying_are_not_jason_bourne_theyre_beavis_and_butt_head_RWJKSQ_G7Ic_360p.mp4
2019-12-11 22:21 - 2019-12-11 22:21 - 000005199 _____ C:\Users\Jorge\Downloads\watchlistExport.csv
2019-12-11 22:12 - 2019-12-15 12:07 - 000000000 ____D C:\Users\Jorge\AppData\Roaming\fityk
2019-12-11 22:12 - 2019-12-11 22:12 - 000000934 _____ C:\Users\Jorge\Desktop\Fityk.lnk
2019-12-11 22:12 - 2019-12-11 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fityk
2019-12-11 22:12 - 2019-12-11 22:12 - 000000000 ____D C:\Program Files (x86)\Fityk
2019-12-11 22:10 - 2019-12-11 22:10 - 005253318 _____ (Marcin Wojdyr ) C:\Users\Jorge\Downloads\fityk-1.3.1-setup.exe
2019-12-11 21:24 - 2019-12-11 21:24 - 000000000 ____D C:\Users\Jorge\Desktop\Investing eBooks
2019-12-11 21:22 - 2019-12-11 21:24 - 000000000 ____D C:\Users\Jorge\Desktop\Mayra Diseño
2019-12-11 20:58 - 2019-12-11 20:59 - 000000000 ____D C:\Users\Jorge\Desktop\eBooks downloads
2019-12-11 20:58 - 2019-12-11 20:58 - 000000000 ____D C:\Users\Jorge\Desktop\High Perf Polymers
2019-12-11 20:57 - 2019-12-11 20:58 - 000000000 ____D C:\Users\Jorge\Desktop\Rubber Chemistry
2019-12-11 20:56 - 2019-12-11 20:57 - 000000000 ____D C:\Users\Jorge\Desktop\SC242526 Solar Minimum
2019-12-11 20:56 - 2019-12-11 20:56 - 000000000 ____D C:\Users\Jorge\Desktop\Passport
2019-12-11 20:55 - 2019-12-11 20:55 - 000000000 ____D C:\Users\Jorge\Desktop\CheckPeople Eli Elizabeth Gomez
2019-12-11 20:54 - 2019-12-11 20:55 - 000000000 ____D C:\Users\Jorge\Desktop\Invest Warrior Trading
2019-12-11 20:53 - 2019-12-11 20:54 - 000000000 ____D C:\Users\Jorge\Desktop\Politics China
2019-12-11 20:53 - 2019-12-11 20:53 - 000000000 ____D C:\Users\Jorge\Desktop\IBD digital newspapers
2019-12-11 20:52 - 2019-12-11 21:33 - 000000000 ____D C:\Users\Jorge\Desktop\Gloves Articles AcademiaEdu
2019-12-10 20:11 - 2019-12-10 20:12 - 196424378 _____ C:\Users\Jorge\Downloads\How I Make $45,000 Per Week.mp4
2019-12-10 20:09 - 2019-12-10 20:10 - 053032514 _____ C:\Users\Jorge\Downloads\y2mate.com - 3_reasons_i_wont_use_the_roth_ira_AWPnphsQ6qI_360p.mp4
2019-12-10 20:05 - 2019-12-10 20:07 - 233258126 _____ C:\Users\Jorge\Downloads\How I Built 9 Income Sources That Make $159,233 Per Month.mp4
2019-12-10 15:06 - 2019-12-10 15:06 - 000335983 _____ C:\Users\Jorge\Desktop\MOU - Jorge Soto 12-10-19 JS.pdf
2019-12-10 14:44 - 2019-12-10 14:44 - 000444458 _____ C:\Users\Jorge\Desktop\NDA - Jorge Soto   12-10-19 JS.pdf
2019-12-09 01:30 - 2019-12-12 13:09 - 000154130 _____ C:\DUMP5d14.tmp
2019-12-08 21:21 - 2019-12-08 21:21 - 000796299 _____ C:\Users\Jorge\Desktop\Snow and Climate - Feedbacks, Drivers and Indices of Change.pdf
2019-12-08 21:11 - 2019-12-08 21:11 - 001985338 _____ C:\Users\Jorge\Desktop\Coronal Mass Ejections, Solar Cycles and Magnetic Poles Reversal.pdf
2019-12-08 21:02 - 2019-12-08 21:02 - 002528574 _____ C:\Users\Jorge\Desktop\Oscillations_of_the_baseline_of_solar_magnetic_fie.pdf
2019-12-08 21:02 - 2019-12-08 21:02 - 001354895 _____ C:\Users\Jorge\Desktop\Prediction_of_the_strength_and_timing_of_sunspot_c.pdf
2019-12-08 13:37 - 2019-12-08 13:38 - 013552646 _____ C:\Users\Jorge\Desktop\Metallosphaera sedula can feed on meteorite metals.pdf
2019-12-07 23:50 - 2019-12-07 23:50 - 000229352 _____ C:\Users\Jorge\Desktop\Ecotricity  Clean vs Dirty Infographic.pdf
2019-12-07 20:04 - 2019-12-08 20:59 - 000007222 _____ C:\Users\Jorge\Desktop\YOUTUBE ADS mostly.txt
2019-12-06 22:31 - 2019-12-07 00:25 - 000015490 _____ C:\Users\Jorge\Desktop\STUCK ON THE WALL.xlsx
2019-12-06 17:09 - 2019-12-06 17:09 - 002713090 _____ C:\Users\Jorge\Desktop\Risk_Management_ebook.pdf
2019-12-05 17:40 - 2019-12-05 17:40 - 0156

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 16 December 2019 - 06:54 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Shopping Helper Smartbar (HKLM-x32\...\{C64BEB42-B25D-4674-BB55-4099CB720110}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION
Toshiba Start (HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki) <==== ATTENTION
<<<>>>
 
Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
 
start::
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
ShortcutTarget: Epson scanner Registration.lnk -> D:\Common\EpsonReg\Ereg.exe (No File)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-10.0.2\bin\ssv.dll => No File
FF Plugin HKU\S-1-5-21-2289314783-225378754-3216661433-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-2289314783-225378754-3216661433-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [No File]
CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07]
U1 aswbdisk; no ImagePath
 
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\ChromeHTML: ->  <==== ATTENTION
FirewallRules: [{34F2394B-4D0E-40F2-9868-6AD9CA010DF4}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{F9C2CD59-25FB-40CC-93B4-47B616DD3915}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{4BDEC914-54B8-4AFF-96C9-303DB7228DD4}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
FirewallRules: [{4B1EFB84-9F4C-4B60-8A72-E0E663D107A3}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
FirewallRules: [{00BFB96B-CA18-45EB-8C30-BC335631DB2F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{2B9BB18B-218B-4E15-8697-F13C429D95EA}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{2A8FE5B9-D0BA-41FA-B906-97AE15375E0A}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
FirewallRules: [{8380DEC3-6340-4AED-855F-9FD27ED15D25}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
FirewallRules: [{AF6ED131-F726-48C6-B5ED-E4FB95490888}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{46D27D50-8636-424E-A99A-4AEEFFDDA408}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{3DB5D75E-5D7E-4E83-BDEF-8CDF9430B388}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
FirewallRules: [{01670E59-C8C6-497D-B7EC-EB061C691817}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
FirewallRules: [TCP Query User{AF0FB838-9177-450B-ADE6-692F74C36124}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{9A19D3F9-B9B4-4835-AE9D-5F35F426DA3F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{74D20883-2CAB-41DC-9E91-06AD0B3D7764}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{D65D7C10-BD4A-417E-BF2F-E371F04A127D}C:\program files (x86)\wondershare\allmytube\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\allmytube.exe No File
FirewallRules: [UDP Query User{DAC950F3-76F3-477F-BD33-C58A3172918C}C:\program files (x86)\wondershare\allmytube\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\allmytube.exe No File
FirewallRules: [TCP Query User{251F50EC-9B5B-4B82-BC94-33A76896DE7C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe No File
FirewallRules: [UDP Query User{6CBBA009-5597-4013-BC3F-6DB61EBB781A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe No File
FirewallRules: [{4D3C0967-922C-4BB1-8A4C-A61F6067EE1C}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\ARG2EncLin.exe No File
FirewallRules: [{F7085862-EA29-47F5-B66C-CB719388C1EF}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\ARG2EncLin.exe No File
FirewallRules: [{B6EC2EF9-D286-47E8-8CCF-A2C8C3A8BB43}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\ARG2EncLin.exe No File
FirewallRules: [{D858E4BE-5202-4744-90AA-1EC5928B5B0B}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\ARG2EncLin.exe No File
FirewallRules: [{EB58D189-2283-4902-932C-1305BAC60151}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\Trios.exe No File
FirewallRules: [{573EA6F0-3FB8-43EA-BFAB-1895D39EC9BA}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\Trios.exe No File
FirewallRules: [{24B61821-9144-4E98-82A1-231BB2A77001}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\Trios.exe No File
FirewallRules: [{022E99A1-8DD5-4067-B5C3-58F918CE6A9E}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\Trios.exe No File
FirewallRules: [{F42CDDA5-15FA-49C5-94E4-554BB2F9C1F8}] => (Allow) C:\Users\Jorge\AppData\Roaming\Zoom\bin\airhost.exe No File
 
Reboot:
 
End::
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
  • ===
     
    If the problem persists and Chrome is Synced with other Devices reset it.
     
     
    Execute the suggested fix.
     
    Restart the computer normally.
    ===========
     
    Please post the logs and let me know what problem persists.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #3 azuleno

    azuleno

      Advanced Member

    • Full Member
    • PipPipPip
    • 239 posts

    Posted 16 December 2019 - 02:48 PM

    Hi nasdaq, attached are the requested logs. All seems to be fine with the PC since last night's scanning and repair process (completed to 100%, and finalized before the suggested FRST, ESET and MBytes scannings. I removed the PUPs and two 'game' apps during the AdwCleaner process. Good to use this AdwCleaner since it found a few more 'things'.  Thanks! Let me know if the reports look good. 

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019
    Ran by Jorge (16-12-2019 14:05:38) Run:1
    Running from C:\Users\Jorge\Desktop
    Loaded Profiles: Jorge (Available Profiles: Jorge)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
     
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
     
    HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
    ShortcutTarget: Epson scanner Registration.lnk -> D:\Common\EpsonReg\Ereg.exe (No File)
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    BHO: Java� Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-10.0.2\bin\ssv.dll => No File
    FF Plugin HKU\S-1-5-21-2289314783-225378754-3216661433-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [No File]
    FF Plugin HKU\S-1-5-21-2289314783-225378754-3216661433-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [No File]
    CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07]
    U1 aswbdisk; no ImagePath
     
    HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\ChromeHTML: ->  <==== ATTENTION
    FirewallRules: [{34F2394B-4D0E-40F2-9868-6AD9CA010DF4}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
    FirewallRules: [{F9C2CD59-25FB-40CC-93B4-47B616DD3915}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
    FirewallRules: [{4BDEC914-54B8-4AFF-96C9-303DB7228DD4}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
    FirewallRules: [{4B1EFB84-9F4C-4B60-8A72-E0E663D107A3}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
    FirewallRules: [{00BFB96B-CA18-45EB-8C30-BC335631DB2F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
    FirewallRules: [{2B9BB18B-218B-4E15-8697-F13C429D95EA}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
    FirewallRules: [{2A8FE5B9-D0BA-41FA-B906-97AE15375E0A}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
    FirewallRules: [{8380DEC3-6340-4AED-855F-9FD27ED15D25}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
    FirewallRules: [{AF6ED131-F726-48C6-B5ED-E4FB95490888}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
    FirewallRules: [{46D27D50-8636-424E-A99A-4AEEFFDDA408}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
    FirewallRules: [{3DB5D75E-5D7E-4E83-BDEF-8CDF9430B388}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
    FirewallRules: [{01670E59-C8C6-497D-B7EC-EB061C691817}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe No File
    FirewallRules: [TCP Query User{AF0FB838-9177-450B-ADE6-692F74C36124}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
    FirewallRules: [UDP Query User{9A19D3F9-B9B4-4835-AE9D-5F35F426DA3F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
    FirewallRules: [TCP Query User{74D20883-2CAB-41DC-9E91-06AD0B3D7764}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe No File
    FirewallRules: [TCP Query User{D65D7C10-BD4A-417E-BF2F-E371F04A127D}C:\program files (x86)\wondershare\allmytube\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\allmytube.exe No File
    FirewallRules: [UDP Query User{DAC950F3-76F3-477F-BD33-C58A3172918C}C:\program files (x86)\wondershare\allmytube\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\allmytube.exe No File
    FirewallRules: [TCP Query User{251F50EC-9B5B-4B82-BC94-33A76896DE7C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe No File
    FirewallRules: [UDP Query User{6CBBA009-5597-4013-BC3F-6DB61EBB781A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe No File
    FirewallRules: [{4D3C0967-922C-4BB1-8A4C-A61F6067EE1C}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\ARG2EncLin.exe No File
    FirewallRules: [{F7085862-EA29-47F5-B66C-CB719388C1EF}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\ARG2EncLin.exe No File
    FirewallRules: [{B6EC2EF9-D286-47E8-8CCF-A2C8C3A8BB43}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\ARG2EncLin.exe No File
    FirewallRules: [{D858E4BE-5202-4744-90AA-1EC5928B5B0B}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\ARG2EncLin.exe No File
    FirewallRules: [{EB58D189-2283-4902-932C-1305BAC60151}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\Trios.exe No File
    FirewallRules: [{573EA6F0-3FB8-43EA-BFAB-1895D39EC9BA}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\Trios.exe No File
    FirewallRules: [{24B61821-9144-4E98-82A1-231BB2A77001}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\Trios.exe No File
    FirewallRules: [{022E99A1-8DD5-4067-B5C3-58F918CE6A9E}] => (Allow) C:\Program Files (x86)\TA Instruments\TRIOS\Trios.exe No File
    FirewallRules: [{F42CDDA5-15FA-49C5-94E4-554BB2F9C1F8}] => (Allow) C:\Users\Jorge\AppData\Roaming\Zoom\bin\airhost.exe No File
     
    Reboot:
     
     
    *****************
     
    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe => removed successfully
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\explorer.zza => removed successfully
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe => removed successfully
    "D:\Common\EpsonReg\Ereg.exe" => not found
    HKLM\SOFTWARE\Policies\Mozilla => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
    HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
    HKU\S-1-5-21-2289314783-225378754-3216661433-1001\Software\MozillaPlugins\tdameritrade.com/thinkorswim => removed successfully
    "C:\Program Files\thinkorswim\npthinkorswim.dll" => not found
    HKU\S-1-5-21-2289314783-225378754-3216661433-1001\Software\MozillaPlugins\tdameritrade.com/tossc => removed successfully
    "C:\Program Files\thinkorswim\nptossc.dll" => not found
    CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07] => Error: No automatic fix found for this entry.
    HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
    HKU\S-1-5-21-2289314783-225378754-3216661433-1001_Classes\ChromeHTML => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34F2394B-4D0E-40F2-9868-6AD9CA010DF4}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9C2CD59-25FB-40CC-93B4-47B616DD3915}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BDEC914-54B8-4AFF-96C9-303DB7228DD4}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B1EFB84-9F4C-4B60-8A72-E0E663D107A3}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00BFB96B-CA18-45EB-8C30-BC335631DB2F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B9BB18B-218B-4E15-8697-F13C429D95EA}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A8FE5B9-D0BA-41FA-B906-97AE15375E0A}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8380DEC3-6340-4AED-855F-9FD27ED15D25}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF6ED131-F726-48C6-B5ED-E4FB95490888}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46D27D50-8636-424E-A99A-4AEEFFDDA408}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DB5D75E-5D7E-4E83-BDEF-8CDF9430B388}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01670E59-C8C6-497D-B7EC-EB061C691817}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AF0FB838-9177-450B-ADE6-692F74C36124}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9A19D3F9-B9B4-4835-AE9D-5F35F426DA3F}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{74D20883-2CAB-41DC-9E91-06AD0B3D7764}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D65D7C10-BD4A-417E-BF2F-E371F04A127D}C:\program files (x86)\wondershare\allmytube\allmytube.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DAC950F3-76F3-477F-BD33-C58A3172918C}C:\program files (x86)\wondershare\allmytube\allmytube.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{251F50EC-9B5B-4B82-BC94-33A76896DE7C}C:\program files (x86)\videolan\vlc\vlc.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6CBBA009-5597-4013-BC3F-6DB61EBB781A}C:\program files (x86)\videolan\vlc\vlc.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D3C0967-922C-4BB1-8A4C-A61F6067EE1C}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7085862-EA29-47F5-B66C-CB719388C1EF}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6EC2EF9-D286-47E8-8CCF-A2C8C3A8BB43}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D858E4BE-5202-4744-90AA-1EC5928B5B0B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB58D189-2283-4902-932C-1305BAC60151}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{573EA6F0-3FB8-43EA-BFAB-1895D39EC9BA}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24B61821-9144-4E98-82A1-231BB2A77001}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{022E99A1-8DD5-4067-B5C3-58F918CE6A9E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F42CDDA5-15FA-49C5-94E4-554BB2F9C1F8}" => removed successfully
     
    =========== EmptyTemp: ==========
     
    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35720311 B
    Java, Flash, Steam htmlcache => 4059 B
    Windows/system/drivers => 452424652 B
    Edge => 0 B
    Chrome => 1772469206 B
    Firefox => 47433203 B
    Opera => 0 B
     
    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 191906850 B
    systemprofile32 => 191906978 B
    LocalService => 191911790 B
    NetworkService => 191914588 B
    Jorge => 793536487 B
     
    RecycleBin => 2899582 B
    EmptyTemp: => 3.6 GB temporary data Removed.
     
    ================================
     
    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-12-2019 14:22:26)
     
     
    Result of scheduled keys to remove after reboot:
     
    HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
     
    ==== End of Fixlog 14:22:26 ====
     
     
    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.0.0
    # -------------------------------
    # Build:    11-21-2019
    # Database: 2019-11-26.1 (Cloud)
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start:    12-16-2019
    # Duration: 00:00:16
    # OS:       Windows 8 Pro with Media Center
    # Cleaned:  65
    # Failed:   0
     
     
    ***** [ Services ] *****
     
    No malicious services cleaned.
     
    ***** [ Folders ] *****
     
    Deleted       C:\ProgramData\FileCure
    Deleted       C:\Users\Jorge\AppData\Local\StormAlerts
    Deleted       C:\Users\Jorge\AppData\Roaming\ap_logs
     
    ***** [ Files ] *****
     
    No malicious files cleaned.
     
    ***** [ DLL ] *****
     
    No malicious DLLs cleaned.
     
    ***** [ WMI ] *****
     
    No malicious WMI cleaned.
     
    ***** [ Shortcuts ] *****
     
    No malicious shortcuts cleaned.
     
    ***** [ Tasks ] *****
     
    No malicious tasks cleaned.
     
    ***** [ Registry ] *****
     
    Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\astromendabarand.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\astromendagames.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchengineland.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchenginewatch.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\solvusoft.com
    Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wajam.com
    Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
    Deleted       HKCU\Software\ParetoLogic
    Deleted       HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
    Deleted       HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
    Deleted       HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
    Deleted       HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
    Deleted       HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
    Deleted       HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
    Deleted       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
    Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
    Deleted       HKLM\Software\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
    Deleted       HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
    Deleted       HKLM\Software\Classes\uus3url-pl
    Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BFHP
    Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2289314783-225378754-3216661433-1001\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    Deleted       HKLM\Software\Wow6432Node\ParetoLogic
    Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
    Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{81DBD99D-8D37-439A-A705-6A6504261E26}
    Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
    Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
    Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C64BEB42-B25D-4674-BB55-4099CB720110}
     
    ***** [ Chromium (and derivatives) ] *****
     
    No malicious Chromium entries cleaned.
     
    ***** [ Chromium URLs ] *****
     
    Deleted       Ixquick - English
     
    ***** [ Firefox (and derivatives) ] *****
     
    No malicious Firefox entries cleaned.
     
    ***** [ Firefox URLs ] *****
     
    No malicious Firefox URLs cleaned.
     
    ***** [ Preinstalled Software ] *****
     
    Deleted       Preinstalled.Pokki   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
    Deleted       Preinstalled.WildTangentGamesBundle   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
    Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES
    Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\BEJEWELED 3
    Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\CHUZZLE DELUXE
    Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\KING ODDBALL
    Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR
    Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES
    Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP
    Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\TOUCHPOINTS\TOSHIBA
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-1337349b-559b-4f06-b6ed-03b9fab35b57
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-55b03a12-2872-49f9-983f-10b20435ab1f
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-729b104c-cb9c-4a83-994b-72c6e1edfd97
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-7a4b3afe-ca13-4c87-b934-97e18cdadc02
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-efa80b23-ac42-4681-9bd4-d77182bfaf9f
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-f60a553a-4d31-4b4d-b20d-3f76ff6165f2
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
    Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
     
     
    *************************
     
    [+] Delete Tracing Keys
    [+] Reset Winsock
     
    *************************
     
    AdwCleaner[S00].txt - [12384 octets] - [16/12/2019 15:09:50]
     
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     
     
     


    #4 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 17 December 2019 - 06:54 AM

    Looking good.

     

    Stay safe.


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #5 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,376 posts

    Posted 23 December 2019 - 06:29 AM

    Glad we could help. :)

    If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760




    Member of UNITE
    Support SpywareInfo Forum - click the button