Jump to content
Sign in to follow this  
SuicideSolution

HiJackThis log

Recommended Posts

Hi

 

Been a while since I posted on here so I apologise if this is not the correct forum location ….

 

Friends sons computer has been a git lately and is causing all sorts of slowing issues!

 

System details:

Windows 10 Pro

64 bit Operating System (x64 bit processor)

4GB Ram

 

Hijackthis log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:29:05, on 24/04/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Games\World_of_Tanks\WargamingGameUpdater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\jack\Desktop\HijackThis.exe
C:\Users\jack\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [Chromium] "c:\users\jack\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol hijack: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC}
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: PremierOpinion - VoiceFive, Inc. - C:\Program Files (x86)\PremierOpinion\pmservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 9231 bytes

 

----------------------------------

 

Kind Regards

 

Loz

 

Share this post


Link to post
Share on other sites


xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32)or Farbar Recovery Scan Tool (x64)andsave the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
     

Share this post


Link to post
Share on other sites

Hi Juliet,

 

Firstly, sincere apologies for delay in applying your solution and posting the logs.  I have had all sorts of problems actually getting the problematic computer to run at all but today have managed it.

 

The links would not work using my default browser and in the end I copied and pasted the HTTP details from the properties of the link to a different browser

 

For future reference, Windows Defender would not allow me to run the FRST app and I had to disable it which took a little time to work out (not being a massive tech dude) but eventually I have managed it and below are the results:

 

FRST Notepad

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2019
Ran by jack (administrator) on DESKTOP-O8IQLFD (Packard Bell imedia S2870) (09-06-2019 17:33:46)
Running from C:\Users\jack\Downloads
Loaded Profiles: jack (Available Profiles: jack)
Platform: Windows 10 Pro Version 1809 17763.475 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\jack\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Wargaming.net Limited -> Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388488 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-06-09] (Google LLC -> Google Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {45452D94-A227-443D-B941-06D26CCBC5EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {58DEFE7B-9A11-4738-B769-08EB8AC9131B} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask => {7C83C056-1D0D-4C8E-A6B0-89E79C213559} C:\WINDOWS\system32\oobe\SetupCleanupTask.dll [191488 2019-05-01] (Microsoft Windows -> Microsoft Corporation)
Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7A343A59-5C9C-4004-9E17-B1E57E933FF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.)
Task: {8630196E-C4B3-4FCB-928C-31E7104D5C2E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {908A8B3C-CE7F-4AD1-8F11-3B38B9759999} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001" /ENABLE
Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{E8EF172D-5181-4F72-A7C8-917528CC7669}" /ENABLE
Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01}" /ENABLE
Task: {B5FB29B5-49E6-4E2B-B899-F4C15786FF7B} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {B6596B23-B583-4976-B70B-09942B51D533} - System32\Tasks\{B742DCA5-9B12-4B2A-BE45-CEC0BE21AC01} => C:\WINDOWS\system32\pcalua.exe -a E:\start.exe -d E:\
Task: {BEC14D0B-64D3-46CB-B192-2681B18181E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-10] (Google Inc -> Google Inc.)
Task: {C5F485D0-1BB8-4F2D-8A39-45128DB0D008} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {D9ED0550-AB98-485F-A012-009BE5BF1557} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{59cf69be-9c1f-4872-8d31-66ca5a00501f}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> hxxp://www.google.co.uk/

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-17] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.view-search.com/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> view search
CHR Profile: C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default [2019-04-29]
CHR Extension: (Slides) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-10]
CHR Extension: (Docs) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-10]
CHR Extension: (Google Drive) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10]
CHR Extension: (YouTube) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-10]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29]
CHR Extension: (Sheets) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-10]
CHR Extension: (Google Docs Offline) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-24]
CHR Extension: (Avast Online Security) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-29]
CHR Extension: (Search Manager) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2019-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-20]
CHR Extension: (Gmail) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-29]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-04-20] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2017-03-05] (Intel(R) pGFX -> Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2205504 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3075400 2018-07-31] (Electronic Arts, Inc. -> Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830128 2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-21] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279120 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167872 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225608 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2018-09-15] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2017-03-08] (Intel Corporation -> Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-09 17:33 - 2019-06-09 17:35 - 000022858 _____ C:\Users\jack\Downloads\FRST.txt
2019-06-09 17:33 - 2019-06-09 17:33 - 000000000 ____D C:\FRST
2019-06-09 17:31 - 2019-06-09 17:31 - 002417664 _____ (Farbar) C:\Users\jack\Downloads\FRST64.exe
2019-06-09 17:29 - 2019-06-09 17:29 - 001770496 _____ (Farbar) C:\Users\jack\Downloads\FRST.exe
2019-06-09 17:01 - 2019-06-09 17:01 - 000000556 _____ C:\WINDOWS\wininit.ini
2019-06-09 15:50 - 2019-01-21 16:46 - 000000864 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190609-155037.backup
2019-06-09 15:49 - 2019-06-09 15:49 - 000000000 ____D C:\Users\jack\AppData\Local\SlimWare Utilities Inc
2019-06-09 15:43 - 2019-06-09 17:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-06-09 15:43 - 2019-06-09 17:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-06-09 15:43 - 2019-06-09 15:43 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2019-06-09 15:43 - 2019-06-09 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2019-06-09 15:43 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2019-06-09 15:39 - 2019-06-09 15:39 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\jack\Downloads\spybotsd-2.7.64.0.exe
2019-06-09 15:37 - 2019-06-09 15:37 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2019-06-09 15:05 - 2019-06-09 15:03 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-05-17 20:30 - 2019-03-05 17:54 - 001108344 _____ (VoiceFive, Inc.) C:\WINDOWS\system32\pmls64.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-09 17:26 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-09 17:12 - 2019-05-01 19:57 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-09 17:12 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2019-06-09 17:10 - 2017-04-03 14:04 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-09 17:07 - 2017-03-05 14:37 - 000000000 __SHD C:\Users\jack\IntelGraphicsProfiles
2019-06-09 17:06 - 2019-05-01 20:03 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-06-09 17:06 - 2019-05-01 20:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-09 17:05 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-06-09 16:59 - 2019-05-01 19:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-09 16:55 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-09 16:53 - 2018-07-31 22:47 - 000000000 ____D C:\Users\jack\AppData\Local\CrashDumps
2019-06-09 16:43 - 2018-11-21 00:10 - 000000000 ____D C:\ProgramData\Packages
2019-06-09 15:56 - 2017-12-10 14:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-09 15:52 - 2018-04-20 21:47 - 000167872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-06-09 15:48 - 2018-04-20 21:47 - 000385880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-06-09 15:48 - 2018-04-20 21:47 - 000225608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-06-09 15:47 - 2019-04-24 16:47 - 000000000 ___RD C:\Users\jack\Desktop\Loz
2019-06-09 15:39 - 2018-06-26 20:04 - 000000000 ____D C:\Users\jack\AppData\Local\AVAST Software
2019-06-09 15:36 - 2019-05-01 20:03 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4127454622-3581897595-3763097022-1001
2019-06-09 15:36 - 2019-05-01 19:46 - 000002364 _____ C:\Users\jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-09 15:36 - 2017-03-05 14:24 - 000000000 ___RD C:\Users\jack\OneDrive
2019-06-09 15:17 - 2019-04-24 16:02 - 000000000 ____D C:\Users\jack\AppData\Local\D3DSCache
2019-06-09 15:10 - 2019-05-01 19:46 - 000000000 ____D C:\Users\jack
2019-06-09 15:05 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-06-09 15:04 - 2019-03-01 17:38 - 000279120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-06-09 15:04 - 2018-10-29 11:05 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-06-09 15:04 - 2018-04-20 21:47 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-06-09 15:04 - 2018-04-20 21:47 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-06-09 15:04 - 2018-04-20 21:47 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-06-09 15:01 - 2019-01-28 19:33 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-06-09 15:01 - 2019-01-21 16:53 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-06-09 15:01 - 2019-01-21 16:53 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-06-09 15:01 - 2019-01-21 16:53 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-06-09 15:01 - 2018-04-20 21:47 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-06-09 15:01 - 2018-04-20 21:47 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-05-17 20:37 - 2019-05-01 20:41 - 000000000 ____D C:\Windows.old
2019-05-17 20:36 - 2019-05-01 20:03 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-17 20:36 - 2019-05-01 20:03 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-17 20:26 - 2018-01-28 19:52 - 000000000 ___RD C:\Users\jack\3D Objects
2019-05-17 20:26 - 2016-11-23 00:39 - 000000000 __RHD C:\Users\Public\AccountPictures

==================== Files in the root of some directories =======

2018-05-07 18:49 - 2018-05-07 18:49 - 000000000 _____ () C:\Users\jack\AppData\Local\{3AE4B38E-B619-4099-86F2-2FAC96EA531A}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2019
Ran by jack (09-06-2019 17:36:03)
Running from C:\Users\jack\Downloads
Windows 10 Pro Version 1809 17763.475 (X64) (2019-05-01 19:05:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4127454622-3581897595-3763097022-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4127454622-3581897595-3763097022-503 - Limited - Disabled)
Guest (S-1-5-21-4127454622-3581897595-3763097022-501 - Limited - Disabled)
jack (S-1-5-21-4127454622-3581897595-3763097022-1001 - Administrator - Enabled) => C:\Users\jack
WDAGUtilityAccount (S-1-5-21-4127454622-3581897595-3763097022-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.19.0.0 - Byte Technologies LLC) <==== ATTENTION
Epic Games Launcher (HKLM-x32\...\{5F95C9CC-2614-4C5E-B1FC-43029FD7FD6B}) (Version: 1.1.149.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.281 - Electronic Arts)
Microsoft OneDrive (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Origin (HKLM-x32\...\Origin) (Version: 10.5.24.5022 - Electronic Arts, Inc.)
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.311 - VoiceFive, Inc.) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.45.62.1020 - Electronic Arts Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
World of Tanks (HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-09] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.5.5.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-06-09] (king.com)
Code Writer -> C:\Program Files\WindowsApps\ActiproSoftwareLLC.562882FEEB491_3.3.29.0_x64__24pqs290vpjk0 [2019-04-21] (Actipro Software LLC)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.6.0.9_x86__h6adky7gbf63m [2019-01-21] (Gameloft.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-06-09] (Microsoft Corporation) [MS Ad]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.0.1.1_x86__h6adky7gbf63m [2019-06-09] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-21] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-05-01] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-04-29] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-01] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0 [2019-06-09] (Spotify AB)
Text Reader -> C:\Program Files\WindowsApps\13542RyanTremblay.TextReader_3.1.4.0_x64__e0ywhek3s7xze [2017-07-10] (Ryan Tremblay) [MS Ad]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-04-30] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-02-14] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [442]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7943 more sites.

IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\123simsen.com -> www.123simsen.com

There are 7943 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2019-06-09 17:12 - 000454736 ____R C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15606 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{DEC7D197-3BA5-437A-9049-0D85C2363A0C}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{DC3F9561-2BE9-4DB7-B6AE-34569439FE4E}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [{6DD80E10-C303-4768-AE8F-ABFFC6A76A0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{5C146A50-4CD1-4D92-806D-F1E32BE1CC1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{7BC40AC7-1F75-4C4D-B664-D05DEE53A735}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{FE9680C6-9BCB-48F2-ACC4-F622C720ECCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{81DFC864-3FAD-4201-8AA8-1592787048AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{F0617115-A03B-4A46-8CA7-B9FD5F39695D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{741172BE-D110-4CDE-A0EF-DA16327C7051}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{00B97100-3509-41E0-8030-659EE04C3393}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{D1E91A08-98D2-405D-B044-772851BD2BA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{472B6F9A-B2CF-44B3-8DC9-17E32988F23C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{1DC36F1F-DC00-4F4F-B580-DE8AA7B30378}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{F667035D-6C19-43F5-968B-F8300B03DB0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{0B6FBE3B-2C9A-4121-9413-A685B39B6A2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{AA41E2F4-B274-4E53-8843-FE426A1AC82A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{3BC22425-2F6C-4867-8F47-E1A940C971AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{5E0B3903-ED20-4405-ADE2-8A3D2B1CBD4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.98.78.0_x86__zpdnekdrzrea0\Spotify.exe No File
FirewallRules: [{471F6D60-FB2A-4987-90B7-67C9BE3AE709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{0E056B65-842E-4AF1-B97F-96E32674B8AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File
FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File
FirewallRules: [{C9540541-E069-4C2D-857B-98B6641674F9}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{F50B3A5A-76E8-4860-9770-A0A27D09E994}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{234D5FEA-936F-4257-8892-B6AD49B4DBA2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{764BF0ED-23FF-4969-8342-67486B238931}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{411A9ED2-FAE3-4D31-89AF-E5FDA365EF59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed]
FirewallRules: [{9C355290-1442-4A7E-8B2E-5B2BF5A1E036}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive) [File not signed]
FirewallRules: [{6C082675-089E-41B0-BE0A-452AE101FE2A}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{7219AB0B-352B-4800-9E61-B732BF5EEECE}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{7D3F4AFD-398D-40EC-8075-2FAD1C39427F}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{5FBA93B2-8DA0-4273-AB19-26F980D33C3C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{8AB97966-EA6C-44CF-9D4C-7DB6F6A735FA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{6F98FBD7-0ED5-4D82-AEAD-6509224A1428}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{4E0801A1-3C82-4FD3-8F7D-A064B04DFC1B}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6DA4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B184455F-7786-46E4-B3FE-EAB454274F77}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{971FF884-1CBC-4EB1-B11F-560E6B9B5E1E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{1AB033B8-57BE-46D5-BC47-F1E50ADFBB3A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{8F439E62-8E69-43A3-BE38-0A1AA124D0CD}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{476B8BE2-5A86-4796-9FC5-5019688E9908}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{505F67D3-0DB3-420E-884D-BB6F8173AD8B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{7E120442-D437-4957-9E58-2F9CF3B820BA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{4F0D2ED3-0662-4A4B-B23D-CEE138207AA8}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{8BB775C4-FB5D-49A4-8FF4-80A54D87ADF6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{59962D78-F343-4650-8713-C20C4E91F83B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{AD4347D5-B237-4094-8C60-3E44B338BBAB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{8B28F566-D121-4A17-A80D-C7345A0AFDC3}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{C4B73AF8-1A0C-41A3-8ABD-60956B9352A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{931C0DC7-C55E-4A6E-B4ED-3DB1ECC7D799}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File
FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File
FirewallRules: [{8870048C-F815-4391-86CC-7621A4509FCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{FF1ABA3C-5419-4D9F-A2CF-F7272C976E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{E6C10C76-B6D2-4412-92D4-C6963F500B94}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{0F59AF8C-2FB3-4C19-83EA-ADA18749D4E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9BC9CA88-E082-4C5B-A6D3-516D277C89A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{623E975E-15F1-4EBA-A25E-594138747853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{72F03D48-9C34-4B07-B816-77090B5F75D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22C78244-AC29-43B3-9AB7-AF905067B853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AF4AEC1B-526F-4AA8-8791-EBF95A763AF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B485EBD6-AA37-409C-A082-FCA779151D7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01806C9B-5453-4635-AE4F-3BF63887AD03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

02-05-2019 17:36:27 Windows Update
09-06-2019 15:49:19 Removed Avast Driver Updater

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2019 05:29:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2a10

Start Time: 01d51ee01a4b78d3

Termination Time: 9

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: d5683e54-0a7f-4442-816f-7e5cad887d01

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm (1).exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/09/2019 05:27:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\jack\Downloads\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/09/2019 05:26:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2304

Start Time: 01d51edda6f005bb

Termination Time: 220

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 92af275e-deda-4dc5-a92d-52dc7ecdfcac

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (06/09/2019 05:24:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: d14

Start Time: 01d51edf242b6b7d

Termination Time: 10165

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 975f26e3-487d-405f-85cf-4b4947d9b91b

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (06/09/2019 05:17:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2a04

Start Time: 01d51ede77ef990a

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 6884681a-d0af-4b96-8b0c-89ac576c6c74

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (06/09/2019 05:08:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\jack\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/09/2019 05:06:31 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.


System errors:
=============
Error: (06/09/2019 05:10:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O8IQLFD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-O8IQLFD\jack SID (S-1-5-21-4127454622-3581897595-3763097022-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/09/2019 05:06:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (06/09/2019 05:04:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{2D15188C-D298-4E10-83B2-64666CCBEBBD}

Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (06/09/2019 05:04:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O8IQLFD)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (06/09/2019 05:01:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PremierOpinion service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================

Date: 2019-06-09 17:09:18.738
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-09 17:06:17.609
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 17:06:17.605
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 17:06:17.445
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 17:06:17.333
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 16:52:39.550
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-09 16:52:22.885
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-09 16:47:39.541
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P11-A3 02/21/2013
Motherboard: Packard Bell imedia S2870
Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz
Percentage of memory in use: 80%
Total physical RAM: 3982.99 MB
Available physical RAM: 781.95 MB
Total Virtual: 7694.99 MB
Available Virtual: 4239.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:461.32 GB) (Free:316.09 GB) NTFS
Drive e: (Sims4_1) (CDROM) (Total:7.81 GB) (Free:0 GB) UDF

\\?\Volume{1059c9e4-01d1-4c84-9dc8-267f55d2fb7c}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS
\\?\Volume{78f3c03f-586e-453c-b80b-c2f9daca59d0}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3C0F8483)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Many thanks for your help and support

 

Regards

 

Loz

Share this post


Link to post
Share on other sites

Let me apologize , I did not receive a response that you had replied, working on a fix now.

Share this post


Link to post
Share on other sites

What might need to be done here is to temporarily disable Avast to run the tools that will be used.

 

The below items need to be removed from your add/remove programs list.

Chromium Browser
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.19.0.0 - Byte Technologies LLC) <==== ATTENTION
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.311 - VoiceFive, Inc.) <==== ATTENTION


For Windows Vista, Windows 7, Windows 8, and Windows 10 double-click on the Uninstall Program option.

When the Add or Remove Programs or the Uninstall Program screen is displayed, please scroll through the list of programs and double-click on each of the entries listed in bold below to uninstall them.
follow the default prompts and allow it to remove all files and all configuration information related to this program.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Farbar Recovery Scan Tool  with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
    
highlight on the  text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.



Start::
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
CHR HomePage: Default -> hxxp://www.view-search.com/
CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> view search
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29]
S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File
FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File
FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6DA4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File
FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File

C:\Windows\Temp\*.*
End::


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

 

 

Please post these logs when finished.

Share this post


Link to post
Share on other sites

Hi Juliet

 

Continued thanks for your help and support.

 

I have followed your instructions but with a few little glitches along the way ...

 

I removed the 4 listed items but in doing so I could not find a 'chromium' browser and so I assumed this was Google Chrome and removed that … I am not sure if that is correct?

 

Also when trying to remove the PremierOpinion from the 'add / remove' options window, I kept getting an error message:

 

I have uploaded a desktop image of the fault message titled 'PremierOpinion Error Message.

 

FRST FIX LOG FILE:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-06-2019
Ran by jack (23-06-2019 12:52:01) Run:1
Running from C:\Users\jack\Desktop\Loz\FRST
Loaded Profiles: jack (Available Profiles: jack)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Clos eP rocesses:
CreateRestorePoint: 
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\...\Run: [Chromium] => c:\users\jack\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5EC6072F-4A2E-480A-A535-57BBA840B942} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> DefaultScope {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_laudmedgms_18_16_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0DyC0DyD0EyDtDtCtD0FtN0D0Tzu0StBtAtDtCtN1L2XzuyEtFtByEtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyByEyD0B0F0AyDtGyC0D0DyBtGyCtBtBtAtGtD0C0EyEtGyD0FtDtDyB0DyByCtC0DtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1QzyzyzyzztC1RtG1QyD1QyCtGyEyEyBtDtGzz1PtA1StG1P1T1RyB1PtAtBtCtAtCyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByEtByDyCzzyBtC%26cr%3D1291875718%26a%3Dwbf_laudmedgms_18_16_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4127454622-3581897595-3763097022-1001 -> {87BBB6C9-73F0-47B6-AAD2-0811C275245F} URL = hxxp://www.view-search.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc. -> Oracle Corporation)
CHR HomePage: Default -> hxxp://www.view-search.com/
CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> view search
CHR Extension: (Avast SafePrice | Comparison, de als, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29]
S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X] <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{67326F6A-DAF4-403D-A689-0E3589ADA176}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File
FirewallRules: [{0CD17905-62A1-4291-A526-FA3C48F69916}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe No File
FirewallRules: [TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{65268CB6-BF11-4237-A176-E025C99D6D A4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{248605FB-F395-4A06-B7BC-FA98B3476600}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File
FirewallRules: [UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe No File 
C:\Windows\Temp\*.*

*****************

Clos eP rocesses: => Error: No automatic fix found for this entry.
Restore point was successfully created.
"HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EC6072F-4A2E-480A-A535-57BBA840B942}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC6072F-4A2E-480A-A535-57BBA840B942}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => removed successfully
HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => not found
HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87BBB6C9-73F0-47B6-AAD2-0811C275245F} => removed successfully
HKLM\Software\Classes\CLSID\{87BBB6C9-73F0-47B6-AAD2-0811C275245F} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2019-03-18] (Oracle America, Inc." => not found
"C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll" => not found
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2019-03-18] (Oracle America, Inc." => not found
"C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll" => not found
"Chrome HomePage" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
CHR Extension: (Avast SafePrice | Comparison, de als, coupons) - C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-04-29] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\PremierOpinion => removed successfully
PremierOpinion => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67326F6A-DAF4-403D-A689-0E3589ADA176}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CD17905-62A1-4291-A526-FA3C48F69916}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E03DCC34-2769-4338-8830-5439153396F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65268CB6-BF11-4237-A176-E025C99D6D A4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{248605FB-F395-4A06-B7BC-FA98B3476600}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{520B3C10-A075-47CF-882C-3A578CA95CA4}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0223E1D4-91B8-4DCC-9237-F236CA90D1D0}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\chrome_installer.log => moved successfully
Could not move "C:\Windows\Temp\MpCmdRun.log" => Scheduled to move on reboot.
C:\Windows\Temp\sa.Microsoft.SkypeApp_kzf8qxf38zg5c_1__.Public.InstallAgent.dat => moved successfully
C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-06-2019 12:58:32)

C:\Windows\Temp\MpCmdRun.log => Could not move

==== End of Fixlog 12:58:33 ====

 

 

ADW CLEANER LOG FILE:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-23-2019
# Duration: 00:00:04
# OS:       Windows 10 Pro
# Cleaned:  32
# Failed:   2


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files\WebDiscoverBrowser
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion
Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\Users\jack\AppData\Local\WebDiscoverBrowser
Deleted       C:\Users\jack\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted       C:\Windows\SysWOW64\pmls.dll
Deleted       C:\Windows\System32\PMLS64.DLL

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
Deleted       HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted       HKCU\Software\WebDiscoverBrowser
Deleted       HKCU\Software\csastats
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
Deleted       HKLM\Software\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\.DEFAULT\Software\WebDiscoverBrowser
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-18\Software\WebDiscoverBrowser
Not Deleted   HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\java-runtime-environment-64.en.softonic.com
Not Deleted   HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\java-runtime-environment-64.en.softonic.com

***** [ Chromium (and derivatives) ] *****

Deleted       Search Manager

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5686 octets] - [23/06/2019 13:04:08]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

ROGUEKILLER LOG FILE:

 

RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : jack [Administrator]
Started from : C:\Users\jack\Desktop\RogueKiller_portable64.exe
Signatures : 20190622_071611, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/06/23 13:44:36 (Duration : 00:18:55)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.SearchManager (Potentially Malicious)] Search Manager -- nahhmpbckpgdidfnmfkfgiflpjijilce -> Deleted
 

 

With the RogueKiller programme I wasnt sure which version to install - I know it is 64 bit but it gave me the option of 'Installer' or 'Portable' versions and as the portable version differentiated between 32 and 64 bit I went for that.  In doing so I found that none of the buttons were in the places you had described so I am not sure if the log posted will have what you might expect to see?

 

Let me know and i can always try the installer version and report the resulting log file

 

Many thanks

 

 

PremierOpinion Error Message.png

Share this post


Link to post
Share on other sites

p.s.

 

I meant to say that in order to remove the 'PremierOpinion' from the computer I searched for it and found that it only seemed to appear on the start up menu so I used the remove/uninstall option from here and it seems to have gone (on face value anyway?)

Share this post


Link to post
Share on other sites

You did good.

If any of it is left it's been rendered useless.

 

Let's check for remnants

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Here

  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
  • After the installation IS complete let it update if it asks.
  • Under SETTINGS.....APPLICATIONS leave everything at default
  • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
  • Then go to the Dashboard and click on SCAN NOW
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
  • Then click on POST
  • Exit Malwarebytes


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
  • Once the extraction is complete, the EEK folder will open. Right-click on G0tu5D9.pngstart emergency kit scanner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, open EEK again (in the C:\EEK folder);
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;


Please post these 2 logs when finished.

Also, tell me how the computer is now.

Share this post


Link to post
Share on other sites

Hi Juliet,

 

 

Apologies again for the slight delay in sorting your guidance but it sometimes is a couple of weeks before I am able to sit in front of the computer ...

 

Anyways all done as instructed as below:

 

Malware Bytes Log:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 06/07/2019
Scan Time: 15:34
Log File: 329b9624-9ffb-11e9-b684-eca86bd6d5e5.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.11428
Licence: Trial

-System Information-
OS: Windows 10 (Build 17763.475)
CPU: x64
File System: NTFS
User: DESKTOP-O8IQLFD\jack

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 284251
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 4 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [2078], [476595],1.0.11428
PUP.Optional.SearchManager, HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [2078], [476595],1.0.11428
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, [2078], [476595],1.0.11428

Registry Value: 1
PUP.Optional.SearchManager, HKU\S-1-5-21-4127454622-3581897595-3763097022-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [2078], [476595],1.0.11428

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.SearchModule, C:\USERS\JACK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\chrome-extension_nahhmpbckpgdidfnmfkfgiflpjijilce_0.localstorage, Quarantined, [281], [453492],1.0.11428

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

EEK Log:

 

Emsisoft Emergency Kit 2019.6.0.9501 stable [en-us]
OS: Windows 10 (Version 10.0, Build 17763, 64-bit Edition)

Forensics log

    Date    Component    Action    Details    
06/07/2019 16:15:43    User    Update    Downloaded and installed 63 files (4394 kb) (21 min. 47 sec.).        
06/07/2019 16:14:30    User DESKTOP-O8IQLFD\JACK    Infection quarantined    Medium risk Malware "Adware.DealPly.1.Gen (B)" in "trzCC02.tmp".        
06/07/2019 16:08:27    Scanner    Scan finished    Found 1 object , user to decide on further actions.        
06/07/2019 16:01:53    Scanner    Detection    Medium risk Malware "Adware.DealPly.1.Gen (B)" in "trzCC02.tmp" (SHA1: 19c0ab79e706c1d46cdaffcd11ed6f929de6724f)        
06/07/2019 15:56:10    User DESKTOP-O8IQLFD\jack    Scan started    Malware Scan        
06/07/2019 15:55:46    User DESKTOP-O8IQLFD\jack    Setting modified    "Detect PUPs" has been changed to "Enabled".        
06/07/2019 15:55:41    User DESKTOP-O8IQLFD\jack    Setting modified    "Recommended readings & news" has been changed to "Enabled".        
06/07/2019 15:54:03    User DESKTOP-O8IQLFD\jack    Setting modified    "Recommended readings & news" has been changed to "Disabled".        
06/07/2019 15:53:56    Core    Notification    "Recommended Reading:9 critical cyber safety lessons to teach your kids".        
 

 

I had some trouble locating the Quarantine Log export option as it wasn't under the Quarantine Tab?  I then went to logs and found an entry that said as above and so saved that.

 

I then deleted the quarantined item and found an entry that read:

 

06/07/2019 16:43:25
Medium risk Malware "Adware.DealPly.1.Gen (B)" in "C:\Users\jack\AppData\Roaming\Lobus\trzCC02.tmp" deleted by user DESKTOP-O8IQLFD\JACK


 

 

Overall the PC is better … start up can be a little slow but after a minute or two it seems to run reasonably ok.  On more than one occasion the Microsoft Edge closed without any prompting, once or twice when I minimised it and another time when I first ran ?EEK (Perhaps a requirement of the scan procedure I put that down to?)

 

Continued thanks for your help :)

 

Loz

Share this post


Link to post
Share on other sites

What the last scans found weren't that alarming but we don't want that on the machine.

Let's give this a day of regular use and see if those times of slacking get a bit better.

Share this post


Link to post
Share on other sites

Hi Juliet

 

Again apologies for delay ... I dont get as much time teching problems as I would like and the PC is at another house but I am told it is running better and smother than before to the satisfaction of the girlfriends son ...

 

Thank you for all your help :) ... you are quality :)

 

Share this post


Link to post
Share on other sites

Glad we could help. SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...