Jump to content


Photo

Google searches redirected to Yahoo search via coolnewtabtheme

Started by azuleno , Aug 03 2020 03:15 AM
Google search Yahoo search coolnewtabtheme search redirect DOES-3-data

  • Please log in to reply
11 replies to this topic

#1 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 239 posts

Posted 03 August 2020 - 03:15 AM

A few days ago I noticed that after typing my search keywords in Google, the search page turned into a Yahoo search page.

 

Went online to look for an easy fix, but could not correct, since nothing was found per suggestions on how to tackle this. So I left Google Chrome settings the same.

 

I ran Malware Bytes first and it found the DOES-3-data.exe in my Downloads folder. I was not able to quarantine the file (Malware Bytes claim was that I did not have the premium app), so I moved the DOES-3-data.exe file (one single file) to the Trash can.  

 

Please notice that when I ran the first MWBytes I got the following line of text, not shown on the second (bottom) scan::

 

 

File: 1
Malware.Sandbox.1, C:\USERS\JORGE\DOWNLOADS\DOES-3-DATA.EXE, No Action By User, 1, 0, 1.0.27831, 1, dds, 00834917
 
 

 

I re-scanned with MWBytes after moving the DOES-3-data file to the trash,and such scan report is shown below.

 

I have to mention that a few days ago I got an Avast Security warning on the DOES-3-data.exe in my Downloads file and I thought it was quarantined, but was not. I checked the ‘Created date’ of the DOES-3-data file and claims to be April 24, 2020; size is 615 KB.

 

I noticed that during the redirects, the URL first flashes a coolnewtabtheme.com link (shown for a fraction of a sec), prior to redirecting to a yahoo.com URL link.  Went to coolnewtabtheme and it shows the name of the company (?) as ‘beget’, with an octopus holding a cup, plus minor stuff. ???

 

So all the following reports were obtained scanning the PC after the DOES-3-data.exe file was move to the Trash can.

 

BTW, all my Google searches are still being redirected to Yahoo search.

 

I also sometimes have a strange keyboard response when typing certain letters or numbers, particularly when using Excel, occasionally when surfing the net. For example, when typing the letter “c” (beginning, mid or end of the word, like in cat, action, doc, etc.) sometimes it will maximize the page to my three monitors (that how I have my system set up, with laptop in the middle, and two monitors on either side.) Sometimes, when typing the number “1”, this will shift the active window to the ‘right’ side monitor, number “2” to the left side monitor. And then it will suddenly stop doing it. If it gets bothersome I need to reboot.

 

There are a few other keys that do similar strange ‘hot key’-like behavior. I do not have any hot keys setup, not on purpose anyway. As I said, rebooting usually ‘fixes’ the problem, only to come back randomly within a day or two.

 

 

Farbar Recovery results are attached.

 

I also ran a Trend Micro-House Call online virus scan and found no threats.

 

ESET online virus scan found no viruses, after hours of scanning.

 

Trend Micro-House Call online virus scan found no threats and did not create a report.

 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 8/3/20
Scan Time: 4:02 AM
Log File: a20b12d8-d55f-11ea-92ff-681729552089.json
 
-Software Information-
Version: 4.1.2.73
Components Version: 1.0.990
Update Package Version: 1.0.27859
License: Free
 
-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: JSOTO-PC\Jorge
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 305167
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 29 min, 19 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-08-2020
Ran by Jorge (administrator) on JSOTO-PC (TOSHIBA Satellite P75-A) (02-08-2020 21:22:38)
Running from C:\Users\Jorge\Desktop
Loaded Profiles: Jorge
Platform: Windows 8 Pro with Media Center (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\SmartUpdater\DocUnzipUpdt.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Antibody Software Limited -> ) C:\Program Files (x86)\WizMouse\WizMouse.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvLaunch.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Cleanup\TuneupSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Cleanup\TuneupUI.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\GManager.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\mlpatch.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\U2VSvr.exe
(Magic Control Technology Corp. -> Magic Control Technology Corporation) C:\Windows\System32\MTri1+64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Netgear Incorporated -> ) C:\Windows\runSW.exe
(Netgear Incorporated -> Realtek) C:\Windows\SwUSB.exe
(SafeNet, Inc. -> SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe <2>
(TOSHIBA CORPORATION -> ) C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC. -> CANON INC.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Util] => C:\windows\system32\Util.exe [195200 2011-05-04] (Magic Control Technology Corp. -> )
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895128 2017-09-18] (Magic Control Technology Corp. -> Magic Control Technology Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2591544 2020-07-15] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (Newsoft Technology Company -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4992048 2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6867968 2020-05-12] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [798816 2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [460896 2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [InstallHelper] => C:\ProgramData\Citrix\Citrix Workspace 2006\InstallHelper.exe [431200 2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] (Antibody Software Limited -> )
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [Speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [45056 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-06-28] (Google Inc -> Google Inc.)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [rUpdater agent] => C:\Users\Jorge\AppData\Roaming\rUpdater Software\rUpdater\rUpdater_agent.exe [1823232 2015-09-01] (Some Company) [File not signed]
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [GoogleChromeAutoLaunch_E49DF4312688D5EC27314F6D6DF8F149] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {09ba931e-e670-11e3-beda-9f39c092eaab} - "E:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {0abedbe9-065a-11e4-beed-ed4ebebe5d0d} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL www.dowpolyurethane.com
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {30cc1b6f-2901-11e5-bfaa-681729552089} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {3af4b0de-fd41-11e3-bee7-eb545ec2ae58} - "E:\MotorolaDeviceManagerSetup.exe" -a
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\windows\system32\AdobePDF.dll [65096 2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\windows\system32\CNCENPM6.dll [152064 2012-09-26] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon WSD Language Monitor: C:\windows\system32\cnnx0_flm.dll [1367040 2012-10-19] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\windows\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\novaPDF 7 Monitor: C:\windows\system32\novamnk7.dll [29008 2011-02-15] (Softland -> Softland)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\chrmstp.exe [2020-07-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{43581A46-171B-48ea-A547-172D32925233}] -> C:\Program Files (x86)\Norton Anti-Theft\Engine64\1.10.0.9\ppcp.dll [2013-10-11] (Symantec Corporation -> Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-07-02]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk [2019-01-08]
ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (NETGEAR -> Realtek Semiconductor Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A7000 Genie.lnk [2018-11-03]
ShortcutTarget: NETGEAR A7000 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe (NETGEAR -> Realtek Semiconductor Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-10-23]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () [File not signed]
Startup: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2015-06-28]
ShortcutTarget: Epson scanner Registration.lnk -> D:\Common\EpsonReg\Ereg.exe (No File)
BootExecute: autocheck autochk * icarus_rvrt.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0EB25943-4E36-48FD-9DE7-82435D6EF17F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-05] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {1613DC06-5D17-43D6-BF8F-E9C217C9DD86} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1774728 2013-07-18] (CANON INC. -> CANON INC.)
Task: {18720FA1-29F7-4808-B6C3-3A1AD90D1B67} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {2CC1EC62-5A08-4436-A411-ED16BE4F12EA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3339872 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
Task: {3D64C279-1B54-4DB6-93F8-C549102C7D46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {4740C05A-22CF-431C-8DEE-A17400F02133} - System32\Tasks\G2MUpdateTask-S-1-5-21-2289314783-225378754-3216661433-1001 => C:\Users\Jorge\AppData\Local\GoToMeeting\18068\g2mupdate.exe [32424 2020-07-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {52879CF4-B07E-4C3F-B6B0-3C0215F31A01} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] (Intel® Services Manager -> )
Task: {533BA1A7-1012-4E1C-88CB-6F0069DC8624} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {572AF79C-1392-4C80-97CB-4D068A9611A0} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle America, Inc. -> Oracle Corporation)
Task: {59D63634-B9B3-468E-96F2-32BCCAF3D58E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {61BACB0E-5FDE-4480-A33D-62392441FF0D} - System32\Tasks\G2MUploadTask-S-1-5-21-2289314783-225378754-3216661433-1001 => C:\Users\Jorge\AppData\Local\GoToMeeting\18068\g2mupload.exe [32424 2020-07-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6D2CAA1B-F8F4-4A30-8E5E-23F69F2E4403} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-11] (Adobe Inc. -> Adobe)
Task: {6E012B99-D0AB-4409-879E-652505F4216B} - System32\Tasks\Express PlayerUpdate => C:\Program Files (x86)\ExpressPlayer\ExpressPlayerUpdater.exe
Task: {8688350E-3C08-4FE5-AEB4-D804AA39E9D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {8F570789-91F1-456F-B578-CFD2BFC8E1E9} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [430984 2010-11-05] (Minitab, Inc. -> Minitab)
Task: {91CA4DB4-C405-430B-B713-F5418D982B19} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5098136 2020-07-08] (Avast Software s.r.o. -> Avast Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {95370CF2-ABFF-47A9-8823-4EC4960148F8} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\windows\system32\gpupdate.exe [20480 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
Task: {9A32FE1C-4733-4F70-91DF-CE466C3ACC98} - System32\Tasks\{13D250AF-DC3F-4E72-95D0-4D301FF21FC0} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {9B6171CF-4523-4451-ABA4-7A4802AC9DE8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [52560 2013-08-01] (Symantec Corporation -> Symantec Corporation)
Task: {A5900890-F62D-4597-886F-62ABB151BCAD} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [489272 2019-08-07] (Bitdefender SRL -> Bitdefender)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\windows\system32\SettingSyncInfo.dll [128512 2013-03-01] (Microsoft Windows -> Microsoft Corporation)
Task: {B075C68B-C208-4238-A82A-739180E32087} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {BE9F05C4-21EE-451F-90CA-8BF3D4BA80B5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BFD73BE2-56B4-4C93-99F9-39B015D1C0F0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39848 2018-06-06] (Garmin International, Inc. -> )
Task: {C30F5172-C0F0-4A01-A551-1F95C8499411} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {CFD30C8B-FB53-41A1-9B43-8073EBDF81FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {D18220B9-246D-4E0D-836C-53799778952A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] (Intel® Services Manager -> )
Task: {D24BF813-20AA-4320-B83A-5BA0E37F995A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [654440 2013-03-19] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {E184A94C-D8F7-4D6F-B86A-EC75B5949EDC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Jorge\Downloads\esetonlinescanner_enu (1).exe [14827616 2020-08-02] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {E54E5153-5DA1-4C4C-A9DB-A56DAF99E0E7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [1456128 2018-12-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E5AE251F-DE60-4675-8853-ACBC0049024E} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Jorge\Downloads\esetonlinescanner_enu (1).exe [14827616 2020-08-02] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {EFD22624-E34A-4976-823B-892DB9E163F0} - System32\Tasks\Avast Software\Avast Cleanup Update BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [2812624 2020-07-15] (Avast Software s.r.o. -> AVAST Software)
Task: {F2060B4A-9CD2-48DD-A8D2-938B6B5C159D} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [52560 2013-08-01] (Symantec Corporation -> Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2289314783-225378754-3216661433-1001.job => C:\Users\Jorge\AppData\Local\GoToMeeting\18068\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-2289314783-225378754-3216661433-1001.job => C:\Users\Jorge\AppData\Local\GoToMeeting\18068\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{52E7B410-17BB-4806-A342-B68D7E68982A}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{A37FD4C9-F58C-4D09-A900-072FC77004EB}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.google.com/?gws_rd=ssl
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-04] (IvoSoft) [File not signed]
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc -> Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2019-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-04] (IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-04] (IvoSoft) [File not signed]
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc -> Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-04] (IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-04] (IvoSoft) [File not signed]
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc -> Google Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-04] (IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2289314783-225378754-3216661433-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2289314783-225378754-3216661433-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP5-16/webex/ieatgpc1.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: 3y176be1.default
FF ProfilePath: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default [2020-07-07]
FF Homepage: Mozilla\Firefox\Profiles\3y176be1.default -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\3y176be1.default -> hxxps://twitter.com
FF Extension: (QuickJava) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-11-09] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2019-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2019-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll [2010-08-05] (CambridgeSoft Corporation -> CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll [2010-08-05] (CambridgeSoft Corporation -> CambridgeSoft Corp.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll [2013-02-07] (Wolfram Research, Inc. -> Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default [2020-08-02]
CHR DownloadDir: C:\Users\Jorge\Downloads
CHR Notifications: Default -> hxxps://bitcoinist.com; hxxps://calendar.google.com; hxxps://captainaltcoin.com; hxxps://changelly.com; hxxps://leaderboard.investors.com; hxxps://prod.aws.extcare.com; hxxps://seekingalpha.com; hxxps://swingtrader.investors.com; hxxps://www.google.com; hxxps://www.infowars.com
CHR Extension: (Slides) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (US Weather Radar) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdnkhfljcoblghnaabndinjadlmhknj [2014-11-11]
CHR Extension: (High Contrast - Responsive Browser Color) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimchjhkcpmaifmpbgpimekipcbpgoeo [2020-07-27]
CHR Extension: (Docs) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-25]
CHR Extension: (Screenshot Webpages) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2019-11-28]
CHR Extension: (Gliffy Diagrams) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2017-08-10]
CHR Extension: (Skype Calling) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-04-19]
CHR Extension: (YouTube) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-07-27]
CHR Extension: (Facebook) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-05-27]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2020-02-29]
CHR Extension: (PDF to OCR Text Converter) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdfhfjemjbndkgeafknoifghpfmhpbl [2020-05-25]
CHR Extension: (Background Image for Google™ Homepage) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedihplmdadkgmhdlblolekfbpghnppa [2016-07-29]
CHR Extension: (QuickBooks) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl [2014-09-06]
CHR Extension: (Screen capture, screenshot share/save) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjbjepchlgclmpinlbbeinajphohgfod [2019-01-11]
CHR Extension: (Google Search) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dark Reader) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2020-07-27]
CHR Extension: (Convertio) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppjkefeiehhflmgkhdooajgbkkegpcl [2019-10-21]
CHR Extension: (Highlighter) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdfcjfoifbjplmificlkdfneafllkgmn [2020-07-12]
CHR Extension: (Sheets) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Full Screen Weather) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-08-09]
CHR Extension: (GIF Scrubber) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp [2016-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-26]
CHR Extension: (Save to Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-08-09]
CHR Extension: (Avast Online Security) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-06-03]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2016-10-13]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-06-23]
CHR Extension: (Pixlr Express) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-09-06]
CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07]
CHR Extension: (Voice Recognition) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2016-10-13]
CHR Extension: (Stream Video Downloader) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2020-03-19]
CHR Extension: (Dark Mode On Chrome) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaajgbmdhhkndooikebcindbdclpfjli [2020-05-04]
CHR Extension: (Highlight active tab) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbhoiilapkofcmlbgabfbdbjoljehpok [2019-11-04]
CHR Extension: (FaceBook Video Downloader) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcbmbabdfdohkdfmflhoegnldpihmdak [2019-05-28]
CHR Extension: (Voice to Text) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2018-12-31]
CHR Extension: (Be Limitless) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpnljppdhjpafeaokemhcggofohekbp [2017-09-29]
CHR Extension: (Floating for YouTube™) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2016-01-05]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2018-04-22]
CHR Extension: (Custom Page Zoom) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jodiabicmogcbbiocceenmeflipeelle [2018-12-12]
CHR Extension: (Grammarly for Chrome) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-07-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-19]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2020-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Print Friendly & PDF) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2020-07-27]
CHR Extension: (Notifications for Instagram) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2019-10-13]
CHR Extension: (Gmail) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-27]
CHR Extension: (Chrome Media Router) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-16]
CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-12-16]
CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-01]
CHR HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6514072 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [356824 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1065456 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12979376 2020-07-15] (Avast Software s.r.o. -> AVAST Software)
R2 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [42592 2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-19] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [44552 2020-05-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DocUnzipUpdt.exe; C:\Program Files (x86)\SmartUpdater\DocUnzipUpdt.exe [202752 2013-09-02] () [File not signed]
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-04-15] (DTS, Inc. -> )
S2 epinjectsvc; C:\Program Files (x86)\Citrix\ICA Client\inject.exe [501456 2020-04-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
R2 GManager; C:\windows\system32\GManager.exe [2263768 2017-08-18] (Magic Control Technology Corp. -> )
R2 hasplms; C:\windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet, Inc. -> SafeNet Inc.)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2468496 2012-11-15] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] (Intel® Services Manager -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-02] (Malwarebytes Inc -> Malwarebytes)
R2 MlPatch; C:\windows\system32\MlPatch.exe [2244912 2014-08-22] (Magic Control Technology Corp. -> )
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation -> Symantec Corporation)
S4 NetgearA7000; C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe [45784 2013-07-03] (NETGEAR -> Realtek Semiconductor Corp.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation -> Symantec Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1296560 2019-08-07] (Bitdefender SRL -> Bitdefender)
S4 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (NETGEAR -> Realtek Semiconductor Corp.)
R2 RunSwUSB; C:\Windows\runSW.exe [44528 2018-11-03] (Netgear Incorporated -> )
S4 StreetSmart Edge Updater; C:\Program Files (x86)\Schwab\StreetSmart Edge\Updater\StreetSmartAutoUpdate.exe [47712 2020-03-20] (Charles Schwab & Co., Inc. -> Charles Schwab)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
R2 U2VSvr; C:\windows\system32\U2VSvr.exe [272512 2011-05-04] (Magic Control Technology Corp. -> )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Windows -> Microsoft Corporation)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 A6100; C:\windows\system32\DRIVERS\A6100.sys [7694920 2018-01-15] (NETGEAR TAIWAN CO., LTD -> Realtek Semiconductor Corporation)
S3 A7000; C:\windows\system32\DRIVERS\A7000.sys [7694928 2018-01-15] (NETGEAR TAIWAN CO., LTD -> Realtek Semiconductor Corporation)
R3 Apowersoft_AudioDevice; C:\windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [205880 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [235584 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [195648 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [60480 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42768 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [175192 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [514448 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [109272 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84848 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [851600 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [466232 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [216816 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [323272 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
S3 ccSet_NARA; C:\windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NAT; C:\windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation -> Symantec Corporation)
R3 CnxtHdAudService; C:\windows\system32\drivers\CHDRT64.sys [1682016 2013-03-22] (Conexant Systems, Inc. -> Conexant Systems Inc.)
S3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] (Cisco Systems, Inc. -> )
S3 CXPLRCAP; C:\windows\system32\drivers\elvidcap.sys [153064 2014-05-12] (Elgato Systems -> Elgato Systems GmbH)
S3 dc3d; C:\windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R3 debutfilter; C:\windows\system32\DRIVERS\debutfilterx64.sys [34512 2015-10-19] (NCH Software -> )
R2 entryprotectdrv; C:\Program Files (x86)\Citrix\ICA Client\entryprotect.sys [57032 2020-04-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet, Inc. -> SafeNet Inc.)
S3 jakstaVA; C:\windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (Jaksta Technologies Pty Ltd -> e2eSoft)
R3 L1C; C:\windows\system32\DRIVERS\L1C63x64.sys [119376 2013-01-15] (Atheros Communications

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,427 posts

Posted 03 August 2020 - 05:52 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
 
start::
 
CreateRestorePoint:
CloseProcesses:
 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-07-02]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (No File)
Startup: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2015-06-28]
ShortcutTarget: Epson scanner Registration.lnk -> D:\Common\EpsonReg\Ereg.exe (No File)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {95370CF2-ABFF-47A9-8823-4EC4960148F8} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\windows\system32\gpupdate.exe [20480 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07]
U1 aswbdisk; no ImagePath
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
 
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk
C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk
C:\windows\system32\gpupdate.exe
 
EmptyTemp:
 
End::
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
If the problem persists and Chrome is Synced with other Devices reset it.
 
 
 
Execute the suggested fix.
 
Restart the computer normally.
===========
 
Is the problem solved?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 239 posts

Posted 03 August 2020 - 11:06 AM

Hi nasdaq,

 

Applied the FRST fix, problem persisted so I turned off sync from my mobile (only other device using my Google accts) per instructions, and executed fix. Restarted the PC. Unfortunately, problem is persisting.

 

I attached the Fixlog text file prior to turning synchronization off, so I wonder if you will rather have one after all was said and done. So this is PRIOR to turning sync off:

 

BTW, I just realized that the RSM files I thought could be the issue with the Google to Yahoo search redirecting seem to be from a statistic program I downloaded some time ago. RSM = Response Surface Modeling. 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-08-2020
Ran by Jorge (03-08-2020 08:40:38) Run:2
Running from C:\Users\Jorge\Desktop
Loaded Profiles: Jorge
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-07-02]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (No File)
Startup: C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2015-06-28]
ShortcutTarget: Epson scanner Registration.lnk -> D:\Common\EpsonReg\Ereg.exe (No File)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {95370CF2-ABFF-47A9-8823-4EC4960148F8} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\windows\system32\gpupdate.exe [20480 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07]
U1 aswbdisk; no ImagePath
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
 
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk
C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk
C:\windows\system32\gpupdate.exe
 
EmptyTemp:
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk => moved successfully
"C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe" => not found
C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk => moved successfully
"D:\Common\EpsonReg\Ereg.exe" => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95370CF2-ABFF-47A9-8823-4EC4960148F8}" => not found
C:\windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 => removed successfully
CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
 
========= netsh int ip reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushDNS =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
 
 
Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========
 
 
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
 
 
========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
 
 
========= "C:\Windows\SysWOW64\lodctr.exe" /R =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
 
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk" => not found
"C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk" => not found
C:\windows\system32\gpupdate.exe => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60395634 B
Java, Flash, Steam htmlcache => 1445 B
Windows/system/drivers => 777358871 B
Edge => 0 B
Chrome => 2033001272 B
Firefox => 37075077 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 268274 B
NetworkService => 268274 B
Jorge => 4187028094 B
 
RecycleBin => 15457572 B
EmptyTemp: => 6.6 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-08-2020 08:51:10)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
 
==== End of Fixlog 08:51:10 ====

#4 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 239 posts

Posted 03 August 2020 - 11:18 AM

These are the logs obtained AFTER the Google sync was turned off. I have not yet turned it back on. These are essentially a full Scan. Please see the above report for what was generated after the suggested fix, which unfortunately did not work. I hope I am not confusing, but let me know how else I can help you so that you can help me.  Thanks! Deeply appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-08-2020
Ran by Jorge (administrator) on JSOTO-PC (TOSHIBA Satellite P75-A) (03-08-2020 13:03:34)
Running from C:\Users\Jorge\Desktop
Loaded Profiles: Jorge
Platform: Windows 8 Pro with Media Center (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\SmartUpdater\DocUnzipUpdt.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Antibody Software Limited -> ) C:\Program Files (x86)\WizMouse\WizMouse.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Cleanup\TuneupSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Cleanup\TuneupUI.exe <2>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <23>
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\GManager.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\mlpatch.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\U2VSvr.exe
(Magic Control Technology Corp. -> Magic Control Technology Corporation) C:\Windows\System32\MTri1+64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Netgear Incorporated -> ) C:\Windows\runSW.exe
(Netgear Incorporated -> Realtek) C:\Windows\SwUSB.exe
(SafeNet, Inc. -> SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe <2>
(TOSHIBA CORPORATION -> ) C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA CORPORATION -> ) C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC. -> CANON INC.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Util] => C:\windows\system32\Util.exe [195200 2011-05-04] (Magic Control Technology Corp. -> )
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895128 2017-09-18] (Magic Control Technology Corp. -> Magic Control Technology Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2591544 2020-07-15] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (Newsoft Technology Company -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4992048 2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6867968 2020-05-12] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [798816 2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [460896 2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [InstallHelper] => C:\ProgramData\Citrix\Citrix Workspace 2006\InstallHelper.exe [431200 2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] (Antibody Software Limited -> )
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [Speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [45056 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-06-28] (Google Inc -> Google Inc.)
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [rUpdater agent] => C:\Users\Jorge\AppData\Roaming\rUpdater Software\rUpdater\rUpdater_agent.exe [1823232 2015-09-01] (Some Company) [File not signed]
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\Run: [GoogleChromeAutoLaunch_E49DF4312688D5EC27314F6D6DF8F149] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {09ba931e-e670-11e3-beda-9f39c092eaab} - "E:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {0abedbe9-065a-11e4-beed-ed4ebebe5d0d} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL www.dowpolyurethane.com
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {30cc1b6f-2901-11e5-bfaa-681729552089} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\...\MountPoints2: {3af4b0de-fd41-11e3-bee7-eb545ec2ae58} - "E:\MotorolaDeviceManagerSetup.exe" -a
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\windows\system32\AdobePDF.dll [65096 2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\windows\system32\CNCENPM6.dll [152064 2012-09-26] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon WSD Language Monitor: C:\windows\system32\cnnx0_flm.dll [1367040 2012-10-19] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\windows\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\novaPDF 7 Monitor: C:\windows\system32\novamnk7.dll [29008 2011-02-15] (Softland -> Softland)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\chrmstp.exe [2020-07-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{43581A46-171B-48ea-A547-172D32925233}] -> C:\Program Files (x86)\Norton Anti-Theft\Engine64\1.10.0.9\ppcp.dll [2013-10-11] (Symantec Corporation -> Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk [2019-01-08]
ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (NETGEAR -> Realtek Semiconductor Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A7000 Genie.lnk [2018-11-03]
ShortcutTarget: NETGEAR A7000 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe (NETGEAR -> Realtek Semiconductor Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-10-23]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () [File not signed]
BootExecute: autocheck autochk * icarus_rvrt.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0EB25943-4E36-48FD-9DE7-82435D6EF17F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-05] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {1613DC06-5D17-43D6-BF8F-E9C217C9DD86} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1774728 2013-07-18] (CANON INC. -> CANON INC.)
Task: {18720FA1-29F7-4808-B6C3-3A1AD90D1B67} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {2CC1EC62-5A08-4436-A411-ED16BE4F12EA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3339872 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
Task: {3D64C279-1B54-4DB6-93F8-C549102C7D46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {4740C05A-22CF-431C-8DEE-A17400F02133} - System32\Tasks\G2MUpdateTask-S-1-5-21-2289314783-225378754-3216661433-1001 => C:\Users\Jorge\AppData\Local\GoToMeeting\18068\g2mupdate.exe [32424 2020-07-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {52879CF4-B07E-4C3F-B6B0-3C0215F31A01} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] (Intel® Services Manager -> )
Task: {533BA1A7-1012-4E1C-88CB-6F0069DC8624} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {572AF79C-1392-4C80-97CB-4D068A9611A0} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle America, Inc. -> Oracle Corporation)
Task: {59D63634-B9B3-468E-96F2-32BCCAF3D58E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {61BACB0E-5FDE-4480-A33D-62392441FF0D} - System32\Tasks\G2MUploadTask-S-1-5-21-2289314783-225378754-3216661433-1001 => C:\Users\Jorge\AppData\Local\GoToMeeting\18068\g2mupload.exe [32424 2020-07-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {68808DB8-02E6-4223-B15A-21FC6B09D002} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\Windows\SysWOW64\gpupdate.exe [18432 2012-07-25] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
Task: {6D2CAA1B-F8F4-4A30-8E5E-23F69F2E4403} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-11] (Adobe Inc. -> Adobe)
Task: {6E012B99-D0AB-4409-879E-652505F4216B} - System32\Tasks\Express PlayerUpdate => C:\Program Files (x86)\ExpressPlayer\ExpressPlayerUpdater.exe
Task: {8688350E-3C08-4FE5-AEB4-D804AA39E9D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {8F570789-91F1-456F-B578-CFD2BFC8E1E9} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [430984 2010-11-05] (Minitab, Inc. -> Minitab)
Task: {91CA4DB4-C405-430B-B713-F5418D982B19} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [5098136 2020-07-08] (Avast Software s.r.o. -> Avast Software)
Task: {9A32FE1C-4733-4F70-91DF-CE466C3ACC98} - System32\Tasks\{13D250AF-DC3F-4E72-95D0-4D301FF21FC0} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {9B6171CF-4523-4451-ABA4-7A4802AC9DE8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [52560 2013-08-01] (Symantec Corporation -> Symantec Corporation)
Task: {A5900890-F62D-4597-886F-62ABB151BCAD} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [489272 2019-08-07] (Bitdefender SRL -> Bitdefender)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\windows\system32\SettingSyncInfo.dll [128512 2013-03-01] (Microsoft Windows -> Microsoft Corporation)
Task: {B075C68B-C208-4238-A82A-739180E32087} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {BE9F05C4-21EE-451F-90CA-8BF3D4BA80B5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BFD73BE2-56B4-4C93-99F9-39B015D1C0F0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39848 2018-06-06] (Garmin International, Inc. -> )
Task: {C30F5172-C0F0-4A01-A551-1F95C8499411} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {CFD30C8B-FB53-41A1-9B43-8073EBDF81FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {D18220B9-246D-4E0D-836C-53799778952A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] (Intel® Services Manager -> )
Task: {D24BF813-20AA-4320-B83A-5BA0E37F995A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [654440 2013-03-19] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {E184A94C-D8F7-4D6F-B86A-EC75B5949EDC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Jorge\Downloads\esetonlinescanner_enu (1).exe [14827616 2020-08-02] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {E54E5153-5DA1-4C4C-A9DB-A56DAF99E0E7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [1456128 2018-12-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E5AE251F-DE60-4675-8853-ACBC0049024E} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Jorge\Downloads\esetonlinescanner_enu (1).exe [14827616 2020-08-02] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {EFD22624-E34A-4976-823B-892DB9E163F0} - System32\Tasks\Avast Software\Avast Cleanup Update BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [2812624 2020-07-15] (Avast Software s.r.o. -> AVAST Software)
Task: {F2060B4A-9CD2-48DD-A8D2-938B6B5C159D} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [52560 2013-08-01] (Symantec Corporation -> Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2289314783-225378754-3216661433-1001.job => C:\Users\Jorge\AppData\Local\GoToMeeting\18068\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-2289314783-225378754-3216661433-1001.job => C:\Users\Jorge\AppData\Local\GoToMeeting\18068\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{52E7B410-17BB-4806-A342-B68D7E68982A}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{A37FD4C9-F58C-4D09-A900-072FC77004EB}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2289314783-225378754-3216661433-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.google.com/?gws_rd=ssl
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-04] (IvoSoft) [File not signed]
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc -> Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2019-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-04] (IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-04] (IvoSoft) [File not signed]
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc -> Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-04] (IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-04] (IvoSoft) [File not signed]
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc -> Google Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-04] (IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2289314783-225378754-3216661433-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2289314783-225378754-3216661433-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP5-16/webex/ieatgpc1.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: 3y176be1.default
FF ProfilePath: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default [2020-08-03]
FF Homepage: Mozilla\Firefox\Profiles\3y176be1.default -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\3y176be1.default -> hxxps://twitter.com
FF Extension: (QuickJava) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\3y176be1.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-11-09] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2019-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2019-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll [2010-08-05] (CambridgeSoft Corporation -> CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll [2010-08-05] (CambridgeSoft Corporation -> CambridgeSoft Corp.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll [2013-02-07] (Wolfram Research, Inc. -> Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default [2020-08-03]
CHR DownloadDir: C:\Users\Jorge\Downloads
CHR Notifications: Default -> hxxps://bitcoinist.com; hxxps://calendar.google.com; hxxps://captainaltcoin.com; hxxps://changelly.com; hxxps://leaderboard.investors.com; hxxps://prod.aws.extcare.com; hxxps://seekingalpha.com; hxxps://swingtrader.investors.com; hxxps://www.google.com; hxxps://www.infowars.com
CHR Extension: (Slides) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (US Weather Radar) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdnkhfljcoblghnaabndinjadlmhknj [2014-11-11]
CHR Extension: (High Contrast - Responsive Browser Color) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimchjhkcpmaifmpbgpimekipcbpgoeo [2020-07-27]
CHR Extension: (Docs) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-25]
CHR Extension: (Screenshot Webpages) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2019-11-28]
CHR Extension: (Gliffy Diagrams) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2017-08-10]
CHR Extension: (Skype Calling) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-04-19]
CHR Extension: (YouTube) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-07-27]
CHR Extension: (Facebook) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-05-27]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2020-02-29]
CHR Extension: (PDF to OCR Text Converter) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdfhfjemjbndkgeafknoifghpfmhpbl [2020-05-25]
CHR Extension: (Background Image for Google™ Homepage) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedihplmdadkgmhdlblolekfbpghnppa [2016-07-29]
CHR Extension: (QuickBooks) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl [2014-09-06]
CHR Extension: (Screen capture, screenshot share/save) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjbjepchlgclmpinlbbeinajphohgfod [2019-01-11]
CHR Extension: (Google Search) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dark Reader) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2020-07-27]
CHR Extension: (Convertio) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppjkefeiehhflmgkhdooajgbkkegpcl [2019-10-21]
CHR Extension: (Highlighter) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdfcjfoifbjplmificlkdfneafllkgmn [2020-07-12]
CHR Extension: (Sheets) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Full Screen Weather) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-08-09]
CHR Extension: (GIF Scrubber) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp [2016-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-03]
CHR Extension: (Save to Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-08-09]
CHR Extension: (Avast Online Security) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-06-03]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2016-10-13]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-06-23]
CHR Extension: (Pixlr Express) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-09-06]
CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07]
CHR Extension: (Voice Recognition) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2016-10-13]
CHR Extension: (Stream Video Downloader) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2020-03-19]
CHR Extension: (Dark Mode On Chrome) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaajgbmdhhkndooikebcindbdclpfjli [2020-05-04]
CHR Extension: (Highlight active tab) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbhoiilapkofcmlbgabfbdbjoljehpok [2019-11-04]
CHR Extension: (FaceBook Video Downloader) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcbmbabdfdohkdfmflhoegnldpihmdak [2019-05-28]
CHR Extension: (Voice to Text) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2018-12-31]
CHR Extension: (Be Limitless) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpnljppdhjpafeaokemhcggofohekbp [2017-09-29]
CHR Extension: (Floating for YouTube™) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2016-01-05]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2018-04-22]
CHR Extension: (Custom Page Zoom) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jodiabicmogcbbiocceenmeflipeelle [2018-12-12]
CHR Extension: (Grammarly for Chrome) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-07-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-19]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2020-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Print Friendly & PDF) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2020-07-27]
CHR Extension: (Notifications for Instagram) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2019-10-13]
CHR Extension: (Gmail) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-27]
CHR Extension: (Chrome Media Router) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-16]
CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-12-16]
CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\System Profile [2020-08-03]
CHR HKU\S-1-5-21-2289314783-225378754-3216661433-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6514072 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [356824 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1065456 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [12979376 2020-07-15] (Avast Software s.r.o. -> AVAST Software)
R2 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [42592 2020-06-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-19] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [44552 2020-05-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DocUnzipUpdt.exe; C:\Program Files (x86)\SmartUpdater\DocUnzipUpdt.exe [202752 2013-09-02] () [File not signed]
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-04-15] (DTS, Inc. -> )
S2 epinjectsvc; C:\Program Files (x86)\Citrix\ICA Client\inject.exe [501456 2020-04-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
R2 GManager; C:\windows\system32\GManager.exe [2263768 2017-08-18] (Magic Control Technology Corp. -> )
R2 hasplms; C:\windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet, Inc. -> SafeNet Inc.)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2468496 2012-11-15] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] (Intel® Services Manager -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-03] (Malwarebytes Inc -> Malwarebytes)
R2 MlPatch; C:\windows\system32\MlPatch.exe [2244912 2014-08-22] (Magic Control Technology Corp. -> )
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation -> Symantec Corporation)
S4 NetgearA7000; C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe [45784 2013-07-03] (NETGEAR -> Realtek Semiconductor Corp.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation -> Symantec Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1296560 2019-08-07] (Bitdefender SRL -> Bitdefender)
S4 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (NETGEAR -> Realtek Semiconductor Corp.)
R2 RunSwUSB; C:\Windows\runSW.exe [44528 2018-11-03] (Netgear Incorporated -> )
S4 StreetSmart Edge Updater; C:\Program Files (x86)\Schwab\StreetSmart Edge\Updater\StreetSmartAutoUpdate.exe [47712 2020-03-20] (Charles Schwab & Co., Inc. -> Charles Schwab)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
R2 U2VSvr; C:\windows\system32\U2VSvr.exe [272512 2011-05-04] (Magic Control Technology Corp. -> )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Windows -> Microsoft Corporation)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 A6100; C:\windows\system32\DRIVERS\A6100.sys [7694920 2018-01-15] (NETGEAR TAIWAN CO., LTD -> Realtek Semiconductor Corporation)
S3 A7000; C:\windows\system32\DRIVERS\A7000.sys [7694928 2018-01-15] (NETGEAR TAIWAN CO., LTD -> Realtek Semiconductor Corporation)
R3 Apowersoft_AudioDevice; C:\windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [205880 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [235584 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [195648 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [60480 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42768 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [175192 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [514448 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [109272 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84848 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [851600 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [466232 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [216816 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [323272 2020-07-09] (Avast Software s.r.o. -> AVAST Software)
S3 ccSet_NARA; C:\windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NAT; C:\windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation -> Symantec Corporation)
R3 CnxtHdAudService; C:\windows\system32\drivers\CHDRT64.sys [1682016 2013-03-22] (Conexant Systems, Inc. -> Conexant Systems Inc.)
S3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] (Cisco Systems, Inc. -> )
S3 CXPLRCAP; C:\windows\system32\drivers\elvidcap.sys [153064 2014-05-12] (Elgato Systems -> Elgato Systems GmbH)
S3 dc3d; C:\windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R3 debutfilter; C:\windows\system32\DRIVERS\debutfilterx64.sys [34512 2015-10-19] (NCH Software -> )
R2 entryprotectdrv; C:\Program Files (x86)\Citrix\ICA Client\entryprotect.sys [57032 2020-04-24] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet, Inc. -> SafeNet Inc.)
S3 jakstaVA; C:\windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (Jaksta Technologies Pty Ltd -> e2eSoft)
R3 L1C; C:\windows\system32\DRIVERS\L1C63x64.sys [119376 2013-01-15] (Atheros Communications Inc. -> Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [216056 2020-08-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-03] (Malwarebytes Inc -> Malwarebytes)
R3 mctkmd; C:\windows\system32\drivers\mctkmd64.sys [175736 2017-10-23] (Magic Control Technology Corp. -> Magic Control Technology Corporation)
R0 mctkmdldr; C:\windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corp. -> Magic Control Technology Corporation)
R3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3311072 2013-03-26] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R2 NPF; C:\windows\System32\drivers\npf.sys [47632 2009-10-21] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 QIOMem; C:\windows\System32\drivers\QIOMem.sys [14000 2012-07-26] (WDKTestCert 1,129877367804938542 -> TOSHIBA)
R3 RSP2STOR; C:\windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 T1PExGrp64; C:\windows\system32\DRIVERS\T1PExGrp64.sys [33920 2010-01-20] (Magic Control Technology Corp. -> Magic Control Technology Corp.)
S3 T1PMrGrp64; C:\windows\system32\DRIVERS\T1PMrGrp64.sys [35456 2010-01-20] (Magic Control Technology Corp. -> Magic Control Technology Corp.)
R3 t1pusb64; C:\windows\system32\drivers\t1pusb64.sys [163992 2017-11-29] (Magic Control Technology Corp. -> Magic Control Technology Corp.)
S3 tapnordvpn; C:\windows\system32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R0 THAccel; C:\windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
R3 Thotkey; C:\windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
R3 usb3Hub; C:\windows\System32\drivers\usb3Hub.sys [48024 2013-01-28] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [35232 2013-01-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\windows\System32\drivers\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [230904 2013-01-28] (Microsoft Corporation -> Microsoft Corporation)
R3 XHCIPort; C:\windows\System32\drivers\XHCIPort.sys [194456 2013-01-28] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2018-06-18] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2018-06-18] (Zemana Ltd. -> Zemana Ltd.)
U1 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-08-03 13:08 - 2020-08-03 13:08 - 000001501 _____ C:\Users\Jorge\Downloads\Q29udHJvbGxlci5TdHJlZXRTbWFydCBFZGdl (2).ica
2020-08-03 13:03 - 2020-08-03 13:05 - 000056775 _____ C:\Users\Jorge\Desktop\FRST.txt
2020-08-03 12:06 - 2020-08-03 12:06 - 000001287 _____ C:\Users\Jorge\Desktop\RSMS-2-DATA MWB.txt
2020-08-03 09:02 - 2020-08-03 09:02 - 000000078 _____ C:\Users\Jorge\Desktop\coolnewtabtheme.txt
2020-08-03 08:50 - 2020-08-03 08:50 - 002295808 _____ (Farbar) C:\Users\Jorge\Desktop\FRST64.exe
2020-08-03 08:47 - 2020-08-03 08:47 - 000000000 ___HD C:\$AV_ASW
2020-08-03 08:40 - 2020-08-03 08:51 - 000006024 _____ C:\Users\Jorge\Desktop\Fixlog preOFF.txt
2020-08-03 08:04 - 2020-08-03 08:04 - 000216056 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2020-08-03 04:58 - 2020-08-03 04:58 - 000001202 _____ C:\Users\Jorge\Desktop\MWB2.txt
2020-08-03 04:00 - 2020-08-03 04:00 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2020-08-02 21:54 - 2020-08-02 21:54 - 014827616 _____ (ESET spol. s r.o.) C:\Users\Jorge\Downloads\esetonlinescanner (1).exe
2020-08-02 21:54 - 2020-08-02 21:54 - 000000798 _____ C:\Users\Jorge\Desktop\ESET Online Scanner.lnk
2020-08-02 20:13 - 2020-08-03 12:39 - 000003648 _____ C:\windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-08-02 20:10 - 2020-08-02 20:15 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-08-02 20:10 - 2020-08-02 20:10 - 000102744 _____ C:\ProgramData\agent.1596413422.bdinstall.v2.bin
2020-08-02 20:10 - 2020-08-02 20:10 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-08-02 18:47 - 2020-08-02 18:48 - 014827616 _____ (ESET spol. s r.o.) C:\Users\Jorge\Downloads\esetonlinescanner.exe
2020-08-02 18:44 - 2020-08-02 18:44 - 002901023 _____ C:\Users\Jorge\AppData\Local\census.cache
2020-08-02 18:41 - 2020-08-02 18:41 - 002542025 _____ C:\Users\Jorge\AppData\Local\ars.cache
2020-08-02 17:17 - 2020-08-02 17:17 - 002665440 _____ (Trend Micro Inc.) C:\Users\Jorge\Downloads\HousecallLauncher64.exe
2020-08-02 17:17 - 2020-08-02 17:17 - 000000036 _____ C:\Users\Jorge\AppData\Local\housecall.guid.cache
2020-08-02 16:29 - 2020-08-02 16:29 - 000001285 _____ C:\Users\Jorge\Desktop\M

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,427 posts

Posted 03 August 2020 - 12:12 PM

Hi
 
I have Attached a new Fixlist.txt
 
Run it as previously suggested.
 
After the Restart reset the Chrome Sync.
 
Close and restart CHROME.
 
Let me know if the problem persists.

Attached Files


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 239 posts

Posted 03 August 2020 - 01:07 PM

Hi nasdaq, 

 

I appreciate your patience. Followed your instructions, reset Chrome sync back on, etc. 

 

The issue is still lingering. The redirected search took a bit longer (3-4 secs vs 1 sec before) but I am still being redirected to the Yahoo search. The new Fixlog is here

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-08-2020
Ran by Jorge (03-08-2020 14:51:20) Run:3
Running from C:\Users\Jorge\Desktop
Loaded Profiles: Jorge
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR Extension: (Pixlr Express) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-09-06]
CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07]
DeleteKey: HKLM\SOFTWARE\Google\Chrome\Extensions\hojmjpdlmjopaeginhldhiokeidchjid
DeleteKey: HKLM\SOFTWARE\Google\Chrome\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Restart:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
CHR Extension: (Pixlr Express) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-09-06] => Error: No automatic fix found for this entry.
CHR Extension: (New Tab Redirect) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2019-07-07] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\hojmjpdlmjopaeginhldhiokeidchjid => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna => not found
 
 
The system needed a reboot.
 
==== End of Fixlog 14:51:48 ====

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,427 posts

Posted 04 August 2020 - 05:36 AM

Hi,
 
Your copy of Chrome may have been compromised
 
Remove and re-install Chrome. Follow these instructions.
 
 
step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.
 
step2.gif If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
 
step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
 
step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
 
step5.gif Clear your Chrome cache and cookies
 
step6.gif Remove Chrome using the the instructions on this page.
 
step7.gif Re-install Chrome and the Bookmarks and passwords.
<<<>>

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 239 posts

Posted 04 August 2020 - 10:21 PM

Hi nasdaq, got sidetracked with a few things. I will look into the suggested steps above by Thursday or Friday. Thanks again!


#9 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 239 posts

Posted 06 August 2020 - 11:56 AM

Hi nasdaq,

 

I've been using Spywareinfoforums help to tackle PC issues for... about 20 years. You guys are awesome. I have pitched 'nominal' $20 donations throughout, and made a bigger one ($256) a couple of years ago. I realize the forum's expenses are high. When I signed in a few days ago and I saw the forum was struggling (about a year ago), my heart sank. I can see that funding will be a recurring issue, since you guys volunteer your time AND your knowledge. And more. An honest to good non-profit. Now, back to the issue I was having with my laptop... was:

 

I found Spy Hunter 5 software at the same time you were helping me resolve my issue. Spy Hunter 5 is from enigmasoft (dot) com. I'm certain you knew about this. They had a demo so I tried it, scanned my PC (long 6 hours, as usual with these things), found a fair amount of issues (the terrible, the bad and the uglys), but more importantly, it took care of the coolnewtabtheme  (..not so cool...) issue. Removed, rebooted. Gone. No more redirects. I did not have to remove Chrome as you suggested. But you never know. With that said, we can consider this case closed. Thanks!

 

I still want to tell you and your team that I have you folks in high esteem. I appreciate your help, as usual. I hope the forum will continue. I will do my donation in a moment. Again, take care, and let's watch out for all the "viruses" in this world specially in this year 2020. Cheers!


#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,427 posts

Posted 07 August 2020 - 05:54 AM

Hi,

 

If still available can you give me the Spyhunter log.

Would like to know what may have been causing this.

 

Thank you for your support.

 

nasdaq


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 239 posts

Posted 08 August 2020 - 08:37 AM

Hi nasdaq,

 

I got a report (log) after the process was done, but I had to dig for it from the app. The report turned into an incredible 4000 pages in Word. There is a fair amount of empty space, so it’s only like 1500 pages. Still long! I’ve converted to a text file, but it is still 5MB+ in size.

 

I already crashed your website twice because of the size of the Copy/Paste bundle in this box, even as plain text. Any suggestions?

 

BTW, I found a ‘redirector.exe’ in the log which at first I thought it might be the culprit. However, I don’t think so as I recognize the Citrix app/website as the one that Schwab uses to redirect me to their Street Smart Edge (SSE) platform in the Cloud.

 

I have a jpeg (could not Copy/Paste the text) from the Quarantined Objects in SpyHunter 5’s app ‘Scan/Quarantine’ tab. This may be more informative. File size is 290 KB but it exceeds the limit allowed for uploading (saw 35kB or so as max).


#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,427 posts

Posted 09 August 2020 - 05:00 AM

Hi,

 

Thank you for trying.

 

Have a good day.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Back to PC Checkup and Troubleshooting


  1. SpywareInfo Forum
  2. General Computing Issues
  3. PC Checkup and Troubleshooting
  4. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button