71 replies to this topic

[Satchfan]

Glad to hear that but we still have a bit of work to do.

 

I've heard back from Farbar and will send the next instructions tomorrow as I have work in the morning, (11:10pm here GMT), but hope to get back to you sson.

 

Satchfan

[Satchfan]

P2P - I see you have P2P software, (uTorrent and eMule), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall them now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep them, please don’t use them until we have finished up here.

===================================================

You also have various registry cleaners, Kerish Doctor 2018, Wise Care 365 and Glary Utilities.
Glary Utilities has some half-decent uses but not something that is needed to run all the time. Any Registry Cleaning should be totally avoided.

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

Personally, I don't use a program like that but it’s your choice. I would still recommend disabling the task that runs it all the time. You can still run it if and when you want to.

If you need help disabling the task let me know.

I strongly advise you to get rid of Kerish Doctor 2018, Wise Care 365, Reg Organizer, Glary Utilities and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other  computer.

One of the malware experts, miekiemoes, has an excellent write-up here
Another from quietman7 here

Also uninstall:

Foxit Reader Packages
Free File Viewer 2014
Java 8 Update 45
Java™ 6 Update 25
 

===================================================

Disable Windows Defender

This old version of Windows Defender was pretty useless and generally only looked for spyware. It’s using up resources so I suggest you turn it off.

To turn real-time protection off:

• open Windows Defender, (Start > Programs > Windows Defender)
• click Tools and then General Settings
• under ‘Real-time protection’, uncheck the Turn on real-time protection (recommended) check box
• click Save.

===================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

• go to S:\1 DOWNLOADS and locate Farbar Recovery Scan Tool
• right click and select Cut
• go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

• right-click FRST/FRST64 and select ‘Run as administrator’
• highlight the contents of the code box below, then press Ctrl+c):

Start::
CloseProcesses:
HKLM\...\Command Processor:  <==== ATTENTION
HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\...\MountPoints2: {c98fb593-cdf5-11e2-a792-0013729935b6} - I:\LaunchU3.exe -a
AppInit_DLLs-x32: prio32.dll => No File
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=005B1665-E7FD-4829-8597-10FF3B8C62E8&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> DefaultScope {E8307B89-5F41-4591-83AE-91CC210327DF} URL = hxxp://search.findwide.com/serp?guid={8923D673-FC0B-4784-9C22-AB23B57D4599}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {150CD86F-F345-4925-B538-D590171152BD} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {328FEF41-100D-49A0-8141-3AEBB2938E95} URL =
SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL =
SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {E1F3DBF3-86C1-4F92-9543-FA4EB6E85BCE} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11147
SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {E8307B89-5F41-4591-83AE-91CC210327DF} URL = hxxp://search.findwide.com/serp?guid={8923D673-FC0B-4784-9C22-AB23B57D4599}&action=default_search&k={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
Toolbar: HKLM - FindWide Toolbar - {451A990E-9779-4537-83CC-BF342196DDB0} -  No File
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKLM-x32 - FindWide Toolbar - {451A990E-9779-4537-83CC-BF342196DDB0} -  No File
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> FindWide Toolbar - {451A990E-9779-4537-83CC-BF342196DDB0} -  No File
Toolbar: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Handler: AnVirDisabled - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
FF user.js: detected! => C:\Users\Morgan Pierce Parker\AppData\Roaming\Mozilla\Firefox\Profiles\dzygi7op.default\user.js [2014-12-03]
CHR Extension: (No Name) - C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh [2016-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-23]
CHR Extension: (Chrome Media Router) - C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-23]
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-01-09] (BitDefender SRL)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-11-23] (Zemana Ltd.)
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-01-31 08:55 - 2018-01-31 08:55 - 000000120 ___SH () C:\Users\Morgan Pierce Parker\AppData\Local\00000104
2016-08-05 15:51 - 2016-08-05 15:51 - 000000120 ___SH () C:\Users\Morgan Pierce Parker\AppData\Local\00000114
2015-09-28 13:53 - 2015-09-28 13:53 - 000000184 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\atidt64.dll
2014-03-24 15:15 - 2014-04-22 10:34 - 000006292 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\dat51_.dat
2014-03-24 15:14 - 2014-03-24 15:14 - 000006292 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\dat6_.xml
2013-06-26 13:19 - 2015-11-14 09:56 - 000080384 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 10:42 - 2015-04-01 10:42 - 000000466 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\LMIR0012.tmp.bat
2015-04-01 10:42 - 2015-04-01 10:42 - 000000391 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\LMIR0012.tmp_r.bat
2014-03-31 10:25 - 2014-04-01 06:44 - 000205626 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\log.txt
2014-07-15 14:35 - 2014-07-15 14:35 - 000000009 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\trial.txt
2014-03-31 10:25 - 2014-07-10 08:31 - 000130578 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\viewer.txt
2015-05-08 18:50 - 2016-06-21 08:25 - 000017408 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\WebpageIcons.db
2015-02-07 10:20 - 2015-02-07 10:21 - 000000416 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\winconf.pxt
2013-05-28 02:05 - 2013-05-28 02:05 - 000000000 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\{299B4C55-90B0-4B00-A42D-6008EE8C9E7E}
2013-06-26 17:24 - 2017-05-28 15:56 - 000000005 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list
2013-06-19 06:06 - 2013-06-19 06:06 - 000000008 __RSH () C:\Users\Morgan Pierce Parker\AppData\Local\ℤ™☠
Task: {110BE13F-D012-433D-8F5B-69FF7D4174A3} - \Auslogics\BoostSpeed\Start BoostSpeed оn Morgan Pierce Parker logon -> No File <==== ATTENTION
Task: {3209DD18-6AC4-4F13-8F2F-CF2C6EFF9514} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {67236088-E99D-4BD1-8502-0F76352A6757} - \ParetoLogic Registration3 -> No File <==== ATTENTION
Task: {73292911-1023-4E6B-B3F5-C25B3C2A19E1} - System32\Tasks\{43C2D9A5-4018-4FB4-9291-5D3CA329AAA0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe"
Task: {88A9EF09-423D-4DE8-9EB4-5796A72C17B6} - System32\Tasks\{034BED0F-92BB-462E-8017-95F1CBD727B3} => C:\Windows\system32\pcalua.exe -a C:\temp\morganp\tmp\LOCALS~1\Temp\fox6E64.exe -d "C:\Program Files (x86)\Foxit Software\Foxit Reader" <==== ATTENTION
Task: {C5B37759-383E-417E-8436-CAE86D4EEF8E} - System32\Tasks\{EBD50BF9-4116-4634-802B-F21EB79D001C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe"
Task: {DA5C848D-EC7F-4AB2-BFB0-888C51712D7F} - System32\Tasks\{45D5C5C4-3F1F-43A1-9BAB-FD52B000815E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe"
Task: {FED57421-BF81-4786-A43E-C23BF4B5ED03} - \AdvancedDriverUpdater_UPDATES -> No File <==== ATTENTION
AlternateDataStreams: C:\TransActATSetup 2015 07 18.exe:BDU [0]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:55DB0DDA [180]
AlternateDataStreams: C:\ProgramData\TEMP:5704AA2B [150]
AlternateDataStreams: C:\ProgramData\TEMP:85551434 [442]
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6 [131]
AlternateDataStreams: C:\ProgramData\TEMP:9F3C1A6B [468]
AlternateDataStreams: C:\ProgramData\TEMP:C5549CEC [412]
AlternateDataStreams: C:\ProgramData\TEMP:ED98798B [197]
AlternateDataStreams: C:\ProgramData\TEMP:EEDA5B17 [294]
C:\Windows\system32\drivers\bdsandbox.sys
C:\Program Files\Bitdefender
C:\Program Files (x86)\Foxit Software
EmptyTemp:
End::

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• in the FRST window, press the ‘Fix’ button once and wait
• please reboot the computer if requested
• it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Thanks

Satchfan

[Satchfan]

Hello Safe

It has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you still need help. If I don't get a reply within 24 hours I'll assume all is well and close this topic.

Satchfan

[Safe]

Sorry Satchfan - I kept looking at page two and did not realize that there was a page 3 as i had been updating my last reply on page 2 LOL . 

 

I have deleted all eMules and uTorrent.  Did not know emules were still installed, but all gone now.  Thanks.

I heard that there was a way to use P2P whereby you use it in a virtual machine and reboot after every use or once per week; can you direct me to instructions to do this on one of my old XP or Win 7 machines --- if you know how and have the time?

 

And, I am deleting all those programs you mentioned and will run your script as soon as I complete the deletion.

 

BTW, I assume this implies the TWEAKING.com tool also as Boggin, I think, recommends it.

 

Also, Will you poiint me to some Malware tool or Defender type tool to use once we are complete?

[Safe]

Also, Satchfan, what PDF (if not Foxit) viewer would you suggest and which file viewer for gernral docs and for  MS word viewer would you suggest ---- MS word itself, which I have purchased is too klunky.

 

I am removing Wise Care 365 - Should I remove Wise PC Engineer also?

Edited by Safe, 15 March 2018 - 03:55 PM.

[Satchfan]

I heard that there was a way to use P2P whereby you use it in a virtual machine and reboot after every use or once per week; can you direct me to instructions to do this on one of my old XP or Win 7 machines

Sorry, this is not something I'm an expert in but would still not advise the use of torrents.

 

Will you poiint me to some Malware tool or Defender type tool to use once we are complete?

 

Yes.

 

Should I remove Wise PC Engineer also?

 

Yes

 

I have a personal situation at the moment that is going to prevent me from responding as soon as I would normally, so please be patient.

 

Thanks

 

Satchfan

[Safe]

OK, Satchfan,

 

I replied that I un-installed: 

eMule

uTorrent

Foxit Reader Packages

Free File Viewer 2014
Java 8 Update 45

Wise PC Engineer

Kerish Doctor 2018,

Wise Care 365,

Reg Organizer,

Glary Utilities

 

But NOT:
Java™ 6 Update 25  <=== This called for a CD rom and I do not remember having one for the installation.  so, not un-installed.

 

I also set Windows Defender to NO real-time and deactivated the "alert if possible malware" 

[Not sure this was the option.  I had it all setup to explain to you in a previous reply but, once starting FRST reply was gone.  FWIW, it might be good to warn people that FRST closes everything instantly one called.]

 

I have some questions:

 

Why have Windows Defender at all if it is useless?  I deactivated all the things it can do.  Should I just un-install?

 

I have deleted all *.exe and script files downloaded with utorrent and eMule, but I still have PDF, MP4, MP3 and AVI tiles that I downloaded.  

Are they safe?  i.e. can virus, etc. hide themselves in these files and damage my machine?

 

I used Foxit Read for PDF files.  What would you suggest as a replacement?

 

TWEAKING-COM all in one tools I did not delete yet as I understood that Boggin who send me to Bleeping likes it and uses it.

===

NOW I JUST RAN FRST, but at first was not clear about the instructions.  I did CONTROL-C the script you posted but did not realize that FRST took it from the clipboard and thought I did something wrong when all windows closed.  So, I terminated FRST with the TM and read instructions again as they (Opera) were closed when FRST started.

 

I will post the log in a moment but first I want to mention that WerFault-exe wanted to be added to startup.  I blocked this as I did not know about it.  Also, I noticed that Abelsoft StartupStar opened with options to stop entries Amazon Music Helper, AnVir Task Manager and OperaAutoUpdate.  I do not know what to do about these.  Ablessoft Startup Firewall is active.  Is this OK?

 

OK Satchfan HERE IS THE FRST log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018

Ran by Morgan Pierce Parker (16-03-2018 12:01:55) Run:2

Running from C:\Users\Morgan Pierce Parker\Desktop

Loaded Profiles: Morgan Pierce Parker (Available Profiles: Transition & ASPNET & Harriet Parker Mann & Morgan Pierce Parker & Pee Wee & Pierce Potye & _ocster_1clk_backup_ & NewAdmin & Administrator & DefaultAppPool)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CloseProcesses:

HKLM\...\Command Processor:  <==== ATTENTION

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\...\MountPoints2: K - K:\LaunchU3.exe -a

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\...\MountPoints2: {c98fb593-cdf5-11e2-a792-0013729935b6} - I:\LaunchU3.exe -a

AppInit_DLLs-x32: prio32.dll => No File

GroupPolicy\User: Restriction <==== ATTENTION

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=005B1665-E7FD-4829-8597-10FF3B8C62E8&ref=toolbox&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> DefaultScope {E8307B89-5F41-4591-83AE-91CC210327DF} URL = hxxp://search.findwide.com/serp?guid={8923D673-FC0B-4784-9C22-AB23B57D4599}&action=default_search&k={searchTerms}

SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {150CD86F-F345-4925-B538-D590171152BD} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {328FEF41-100D-49A0-8141-3AEBB2938E95} URL =

SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL =

SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {E1F3DBF3-86C1-4F92-9543-FA4EB6E85BCE} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11147

SearchScopes: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> {E8307B89-5F41-4591-83AE-91CC210327DF} URL = hxxp://search.findwide.com/serp?guid={8923D673-FC0B-4784-9C22-AB23B57D4599}&action=default_search&k={searchTerms}

BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File

Toolbar: HKLM - FindWide Toolbar - {451A990E-9779-4537-83CC-BF342196DDB0} -  No File

Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File

Toolbar: HKLM-x32 - FindWide Toolbar - {451A990E-9779-4537-83CC-BF342196DDB0} -  No File

Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File

Toolbar: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> FindWide Toolbar - {451A990E-9779-4537-83CC-BF342196DDB0} -  No File

Toolbar: HKU\S-1-5-21-2396228472-3482715812-2186985281-1006 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File

Handler: AnVirDisabled - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File

Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FF user.js: detected! => C:\Users\Morgan Pierce Parker\AppData\Roaming\Mozilla\Firefox\Profiles\dzygi7op.default\user.js [2014-12-03]

CHR Extension: (No Name) - C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh [2016-09-02]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-23]

CHR Extension: (Chrome Media Router) - C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-23]

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-01-09] (BitDefender SRL)

R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-11-23] (Zemana Ltd.)

S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]

S3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [X]

S3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

2018-01-31 08:55 - 2018-01-31 08:55 - 000000120 ___SH () C:\Users\Morgan Pierce Parker\AppData\Local\00000104

2016-08-05 15:51 - 2016-08-05 15:51 - 000000120 ___SH () C:\Users\Morgan Pierce Parker\AppData\Local\00000114

2015-09-28 13:53 - 2015-09-28 13:53 - 000000184 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\atidt64.dll

2014-03-24 15:15 - 2014-04-22 10:34 - 000006292 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\dat51_.dat

2014-03-24 15:14 - 2014-03-24 15:14 - 000006292 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\dat6_.xml

2013-06-26 13:19 - 2015-11-14 09:56 - 000080384 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-04-01 10:42 - 2015-04-01 10:42 - 000000466 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\LMIR0012.tmp.bat

2015-04-01 10:42 - 2015-04-01 10:42 - 000000391 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\LMIR0012.tmp_r.bat

2014-03-31 10:25 - 2014-04-01 06:44 - 000205626 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\log.txt

2014-07-15 14:35 - 2014-07-15 14:35 - 000000009 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\trial.txt

2014-03-31 10:25 - 2014-07-10 08:31 - 000130578 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\viewer.txt

2015-05-08 18:50 - 2016-06-21 08:25 - 000017408 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\WebpageIcons.db

2015-02-07 10:20 - 2015-02-07 10:21 - 000000416 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\winconf.pxt

2013-05-28 02:05 - 2013-05-28 02:05 - 000000000 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\{299B4C55-90B0-4B00-A42D-6008EE8C9E7E}

2013-06-26 17:24 - 2017-05-28 15:56 - 000000005 _____ () C:\Users\Morgan Pierce Parker\AppData\Local\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list

2013-06-19 06:06 - 2013-06-19 06:06 - 000000008 __RSH () C:\Users\Morgan Pierce Parker\AppData\Local\ℤ™☠

Task: {110BE13F-D012-433D-8F5B-69FF7D4174A3} - \Auslogics\BoostSpeed\Start BoostSpeed оn Morgan Pierce Parker logon -> No File <==== ATTENTION

Task: {3209DD18-6AC4-4F13-8F2F-CF2C6EFF9514} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe

Task: {67236088-E99D-4BD1-8502-0F76352A6757} - \ParetoLogic Registration3 -> No File <==== ATTENTION

Task: {73292911-1023-4E6B-B3F5-C25B3C2A19E1} - System32\Tasks\{43C2D9A5-4018-4FB4-9291-5D3CA329AAA0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe"

Task: {88A9EF09-423D-4DE8-9EB4-5796A72C17B6} - System32\Tasks\{034BED0F-92BB-462E-8017-95F1CBD727B3} => C:\Windows\system32\pcalua.exe -a C:\temp\morganp\tmp\LOCALS~1\Temp\fox6E64.exe -d "C:\Program Files (x86)\Foxit Software\Foxit Reader" <==== ATTENTION

Task: {C5B37759-383E-417E-8436-CAE86D4EEF8E} - System32\Tasks\{EBD50BF9-4116-4634-802B-F21EB79D001C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe"

Task: {DA5C848D-EC7F-4AB2-BFB0-888C51712D7F} - System32\Tasks\{45D5C5C4-3F1F-43A1-9BAB-FD52B000815E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe"

Task: {FED57421-BF81-4786-A43E-C23BF4B5ED03} - \AdvancedDriverUpdater_UPDATES -> No File <==== ATTENTION

AlternateDataStreams: C:\TransActATSetup 2015 07 18.exe:BDU [0]

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]

AlternateDataStreams: C:\ProgramData\TEMP:55DB0DDA [180]

AlternateDataStreams: C:\ProgramData\TEMP:5704AA2B [150]

AlternateDataStreams: C:\ProgramData\TEMP:85551434 [442]

AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6 [131]

AlternateDataStreams: C:\ProgramData\TEMP:9F3C1A6B [468]

AlternateDataStreams: C:\ProgramData\TEMP:C5549CEC [412]

AlternateDataStreams: C:\ProgramData\TEMP:ED98798B [197]

AlternateDataStreams: C:\ProgramData\TEMP:EEDA5B17 [294]

C:\Windows\system32\drivers\bdsandbox.sys

C:\Program Files\Bitdefender

C:\Program Files (x86)\Foxit Software

EmptyTemp:

 

*****************

 

Processes closed successfully.

"HKLM\Software\Microsoft\Command Processor\\AutoRun" => not found

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K => not found

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c98fb593-cdf5-11e2-a792-0013729935b6} => not found

HKLM\Software\Classes\CLSID\{c98fb593-cdf5-11e2-a792-0013729935b6} => not found

"prio32.dll" => Value data not found.

"C:\Windows\system32\GroupPolicy\User" => not found

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => not found

HKLM\Software\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => not found

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => not found

HKLM\Software\Wow6432Node\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => not found

"HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => not found

HKLM\Software\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => not found

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{150CD86F-F345-4925-B538-D590171152BD} => not found

HKLM\Software\Classes\CLSID\{150CD86F-F345-4925-B538-D590171152BD} => not found

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{328FEF41-100D-49A0-8141-3AEBB2938E95} => not found

HKLM\Software\Classes\CLSID\{328FEF41-100D-49A0-8141-3AEBB2938E95} => not found

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => not found

HKLM\Software\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => not found

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1F3DBF3-86C1-4F92-9543-FA4EB6E85BCE} => not found

HKLM\Software\Classes\CLSID\{E1F3DBF3-86C1-4F92-9543-FA4EB6E85BCE} => not found

HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E8307B89-5F41-4591-83AE-91CC210327DF} => not found

HKLM\Software\Classes\CLSID\{E8307B89-5F41-4591-83AE-91CC210327DF} => not found

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found

HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found

HKLM\Software\Wow6432Node\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found

"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{451A990E-9779-4537-83CC-BF342196DDB0}" => not found

HKLM\Software\Classes\CLSID\{451A990E-9779-4537-83CC-BF342196DDB0} => not found

"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => not found

HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{451A990E-9779-4537-83CC-BF342196DDB0}" => not found

HKLM\Software\Wow6432Node\Classes\CLSID\{451A990E-9779-4537-83CC-BF342196DDB0} => not found

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => not found

HKLM\Software\Wow6432Node\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found

"HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{451A990E-9779-4537-83CC-BF342196DDB0}" => not found

HKLM\Software\Classes\CLSID\{451A990E-9779-4537-83CC-BF342196DDB0} => not found

"HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => not found

HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found

HKLM\Software\Classes\PROTOCOLS\Handler\AnVirDisabled => not found

HKLM\Software\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => not found

HKLM\Software\Classes\PROTOCOLS\Handler\WSIEChrome => not found

HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => not found

"C:\Users\Morgan Pierce Parker\AppData\Roaming\Mozilla\Firefox\Profiles\dzygi7op.default\user.js" => not found

CHR Extension: (No Name) - C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh [2016-09-02] => Error: No automatic fix found for this entry.

CHR Extension: (Chrome Web Store Payments) - C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-23] => Error: No automatic fix found for this entry.

CHR Extension: (Chrome Media Router) - C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-23] => Error: No automatic fix found for this entry.

"HKLM\System\CurrentControlSet\Services\BDSandBox" => removed successfully

BDSandBox => service removed successfully

ZAM_Guard => Service stopped successfully.

"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully

ZAM_Guard => service removed successfully

"HKLM\System\CurrentControlSet\Services\b06bdrv" => removed successfully

b06bdrv => service removed successfully

"HKLM\System\CurrentControlSet\Services\EUBAKUP0" => removed successfully

EUBAKUP0 => service removed successfully

"HKLM\System\CurrentControlSet\Services\EUBKMON0" => removed successfully

EUBKMON0 => service removed successfully

"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully

VGPU => service removed successfully

C:\Users\Morgan Pierce Parker\AppData\Local\00000104 => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\00000114 => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\atidt64.dll => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\dat51_.dat => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\dat6_.xml => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\LMIR0012.tmp.bat => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\LMIR0012.tmp_r.bat => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\log.txt => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\trial.txt => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\viewer.txt => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\WebpageIcons.db => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\winconf.pxt => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\{299B4C55-90B0-4B00-A42D-6008EE8C9E7E} => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list => moved successfully

C:\Users\Morgan Pierce Parker\AppData\Local\ℤ™☠ => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{110BE13F-D012-433D-8F5B-69FF7D4174A3}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{110BE13F-D012-433D-8F5B-69FF7D4174A3}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\BoostSpeed\Start BoostSpeed оn Morgan Pierce Parker logon" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3209DD18-6AC4-4F13-8F2F-CF2C6EFF9514}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3209DD18-6AC4-4F13-8F2F-CF2C6EFF9514}" => removed successfully

C:\Windows\System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => moved successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => could not remove. Access Denied.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67236088-E99D-4BD1-8502-0F76352A6757}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67236088-E99D-4BD1-8502-0F76352A6757}" => removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration3 => could not remove. Access Denied.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73292911-1023-4E6B-B3F5-C25B3C2A19E1}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73292911-1023-4E6B-B3F5-C25B3C2A19E1}" => removed successfully

C:\Windows\System32\Tasks\{43C2D9A5-4018-4FB4-9291-5D3CA329AAA0} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43C2D9A5-4018-4FB4-9291-5D3CA329AAA0}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88A9EF09-423D-4DE8-9EB4-5796A72C17B6}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88A9EF09-423D-4DE8-9EB4-5796A72C17B6}" => removed successfully

C:\Windows\System32\Tasks\{034BED0F-92BB-462E-8017-95F1CBD727B3} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{034BED0F-92BB-462E-8017-95F1CBD727B3}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5B37759-383E-417E-8436-CAE86D4EEF8E}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5B37759-383E-417E-8436-CAE86D4EEF8E}" => removed successfully

C:\Windows\System32\Tasks\{EBD50BF9-4116-4634-802B-F21EB79D001C} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EBD50BF9-4116-4634-802B-F21EB79D001C}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA5C848D-EC7F-4AB2-BFB0-888C51712D7F}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA5C848D-EC7F-4AB2-BFB0-888C51712D7F}" => removed successfully

C:\Windows\System32\Tasks\{45D5C5C4-3F1F-43A1-9BAB-FD52B000815E} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{45D5C5C4-3F1F-43A1-9BAB-FD52B000815E}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FED57421-BF81-4786-A43E-C23BF4B5ED03}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FED57421-BF81-4786-A43E-C23BF4B5ED03}" => removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedDriverUpdater_UPDATES => could not remove. Access Denied.

C:\TransActATSetup 2015 07 18.exe => ":BDU" ADS removed successfully

C:\ProgramData\TEMP => ":373E1720" ADS removed successfully

C:\ProgramData\TEMP => ":55DB0DDA" ADS removed successfully

C:\ProgramData\TEMP => ":5704AA2B" ADS removed successfully

C:\ProgramData\TEMP => ":85551434" ADS removed successfully

C:\ProgramData\TEMP => ":9341E0C6" ADS removed successfully

C:\ProgramData\TEMP => ":9F3C1A6B" ADS removed successfully

C:\ProgramData\TEMP => ":C5549CEC" ADS removed successfully

C:\ProgramData\TEMP => ":ED98798B" ADS removed successfully

C:\ProgramData\TEMP => ":EEDA5B17" ADS removed successfully

C:\Windows\system32\drivers\bdsandbox.sys => moved successfully

"C:\Program Files\Bitdefender" => not found

C:\Program Files (x86)\Foxit Software => moved successfully

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 0 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5299004 B

Java, Flash, Steam htmlcache => 4857 B

Windows/system/drivers => 43739135 B

Edge => 0 B

Chrome => 613163 B

Firefox => 257369408 B

Opera => 608247619 B

 

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 432 B

Public => 0 B

ProgramData => 0 B

systemprofile => 33186 B

systemprofile32 => 66073 B

LocalService => 33058 B

NetworkService => 33186 B

Transition => 562 B

ASPNET => 0 B

Harriet Parker Mann => 0 B

Morgan Pierce Parker => 17911851 B

Pee Wee => 24333 B

Pierce Potye => 0 B

LogMeInRemoteUser.M764-131-DQ320F => 0 B

_ocster_1clk_backup_ => 0 B

Acronis Agent User => 432 B

NewAdmin => 173800 B

LogMeInRemoteUser.M764-140-DQ64G3 => 432 B

Administrator => 5895867 B

DefaultAppPool => 432 B

 

RecycleBin => 16273695572 B

EmptyTemp: => 16 GB temporary data Removed.

 

================================

 

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-03-2018 12:17:38)

 

 

Result of scheduled keys to remove after reboot:

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => could not remove. Access Denied.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration3 => could not remove. Access Denied.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedDriverUpdater_UPDATES => could not remove. Access Denied.

 

==== End of Fixlog 12:17:38 ====

 

I do not know how to remove the keys mentioned in the log above, so I have not re-booted.  Waiting for you, Satchafan when you have time.

 

And, speaking of time,  THANK YOU, again, VERY MUCH for all the time you have devoted to assisting me fixing my machine.  I can tell already that is is running MUCH faster! 

[Satchfan]

Please reboot if you haven't already.

[Safe]

OK, Satchfan,

I have rebooted.  What's next?

[Satchfan]

what PDF (if not Foxit) viewer would you suggest and which file viewer for gernral docs and for  MS word viewer would you suggest

I’ll deal with that when we’ve finished.

Why have Windows Defender at all if it is useless? [\quote]It generally only looks for spyware and was not for use as an antivirus in versions prior tp Windows 8/8.1/10.

[quote]Java™ 6 Update 25  <=== This called for a CD rom and I do not remember having one for the installation.

Let’s try forcing the uninstall

Download Revo Uninstaller

• double click the installation file on the desktop to run the installer
• let it install to the default location
• double click the new Revo Uninstaller Icon on the desktop to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.

• locate Java
• right-click the icon then choose Uninstall
• click Yes to the warning and choose the Uninstall Mode
• choose the Advanced option and then click Next
• this will launch the programs built in uninstaller, (be patient, it can take several seconds)
• once the uninstaller is done click Next
• Revo Uninstaller will now scan for leftover information, (again, be patient as it can take several seconds)
• once this scan is done click Next
• you will then be presented of the leftover entries found by Revo Uninstaller
• look at ALL of the entries to ensure they relate to the uninstall
• next, click Select All > Delete to remove the entries
• click Next
• if there are any program file folders left over you will be presented with a list to be removed
• again look at ALL of the entries to ensure they are related to the uninstall
• click Select All > Delete to remove the entries
• when you have removed it, close the program.

================================================

Run Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

• after extraction, double-click on the new Start Emsisoft Emergency Kit icon on your desktop
• the first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates: click Yes so that it downloads the latest database updates
• when update the is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning
• when the scan has completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan
• when the threats have been quarantined, click the View report button in the lower-right corner and the scan log will open in Notepad
• please save the Notepad log on your desktop and post the contents in your next reply
• when you close Emsisoft Emergency Kit it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

================================================

Run Security Analysis

Download Security Analysis by Rocket Grannie from here

• save it to your Desktop
• close your security software to avoid potential conflicts
• double-click RGSA.exe
• click OK on the copyright-disclaimer
• when finished, a Notepad window will open with the results of the scan
• the log named SALog.txt can also be found on the Desktop or, in the same folder from where the tool is run if installed elsewhere
• please copy and paste the contents of that log in the next post.

Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

Logs to include with next post:

Emsisoft log
SALog.txt

Satchfan

[Satchfan]

what PDF (if not Foxit) viewer would you suggest and which file viewer for gernral docs and for  MS word viewer would you suggest

I’ll deal with that when we’ve finished.
 

 

Why have Windows Defender at all if it is useless? [\quote]It generally only looks for spyware and was not for use as an antivirus in versions prior tp Windows 8/8.1/10.

Java™ 6 Update 25  <=== This called for a CD rom and I do not remember having one for the installation.

Let’s try forcing the uninstall

Download Revo Uninstaller

• double click the installation file on the desktop to run the installer
• let it install to the default location
• double click the new Revo Uninstaller Icon on the desktop to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.

• locate Java
• right-click the icon then choose Uninstall
• click Yes to the warning and choose the Uninstall Mode
• choose the Advanced option and then click Next
• this will launch the programs built in uninstaller, (be patient, it can take several seconds)
• once the uninstaller is done click Next
• Revo Uninstaller will now scan for leftover information, (again, be patient as it can take several seconds)
• once this scan is done click Next
• you will then be presented of the leftover entries found by Revo Uninstaller
• look at ALL of the entries to ensure they relate to the uninstall
• next, click Select All > Delete to remove the entries
• click Next
• if there are any program file folders left over you will be presented with a list to be removed
• again look at ALL of the entries to ensure they are related to the uninstall
• click Select All > Delete to remove the entries
• when you have removed it, close the program.

================================================

Run Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

• after extraction, double-click on the new Start Emsisoft Emergency Kit icon on your desktop
• the first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates: click Yes so that it downloads the latest database updates
• when update the is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning
• when the scan has completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan
• when the threats have been quarantined, click the View report button in the lower-right corner and the scan log will open in Notepad
• please save the Notepad log on your desktop and post the contents in your next reply
• when you close Emsisoft Emergency Kit it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

================================================

Run Security Analysis

Download Security Analysis by Rocket Grannie from here

• save it to your Desktop
• close your security software to avoid potential conflicts
• double-click RGSA.exe
• click OK on the copyright-disclaimer
• when finished, a Notepad window will open with the results of the scan
• the log named SALog.txt can also be found on the Desktop or, in the same folder from where the tool is run if installed elsewhere
• please copy and paste the contents of that log in the next post.

Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

Logs to include with next post:

Emsisoft log
SALog.txt

Satchfan

[Safe]

OK Satchfan, did it all, but Java 6 UPDATE sis not seem to uninstall.  I ran it several times and it was still there.  then I saw the FORCE UNINSTALL BOX AND CHECKED THAT and ran again.   Still there again.

 

BTW, I noticed two posts from you are the same time.  Saw they were at the same time so ignored the second one.

 

I could not find any log for the Revo program so nothing to post for it.

 

Here is a post for EMISOFT RUN BEFORE quaranteen, followed by one after quaranteen:

 

Emsisoft Emergency Kit - Version 2017.12

Last update: 3/18/2018 2:18:16 PM

User account: M764-140-DQ64G3\Morgan Pierce Parker

Computer name: M764-140-DQ64G3

OS version: Windows 7x64 Service Pack 1

 

Scan settings:

 

Scan type: Malware Scan

Objects: Rootkits, Memory, Traces, Files

 

Detect PUPs: On

Scan archives: Off

Scan mail archives: Off

ADS Scan: On

File extension filter: Off

Direct disk access: Off

 

Scan start: 3/18/2018 2:22:41 PM

C:\Program Files\My.Freeze.com Toolbar\ detected: Adware.Win32.Mostofate (A) [221645]

C:\Program Files\NoAdware3\ detected: Rogue.Win32.FakeAV (A) [222378]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoAdware\ detected: Rogue.Win32.FakeAV (A) [222381]

C:\Program Files\bigfix detected: Application.AppInstall (A) [228116]

C:\Program Files (x86)\regzooka detected: Application.AppInstall (A) [228821]

C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh detected: Application.InstallExt (A) [229561]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6C09102B-BB86-11D1-A87F-FCA10FDB3241} detected: Rogue.Win32.FraudTool (A) [254995]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6C091031-BB86-11D1-A87F-FCA10FDB3241} detected: Rogue.Win32.FraudTool (A) [254996]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{37B85A2A-692B-4205-9CAD-2626E4993404} detected: Adware.Win32.Glosebar (A) [255751]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37B85A2A-692B-4205-9CAD-2626E4993404} detected: Adware.Win32.Glosebar (A) [255751]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{37B85A2C-692B-4205-9CAD-2626E4993404} detected: Adware.Win32.Glosebar (A) [255752]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37B85A2C-692B-4205-9CAD-2626E4993404} detected: Adware.Win32.Glosebar (A) [255752]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\FILE\SHELL\THEWORLD detected: Adware.Win32.StartPage (A) [261255]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HTMLFILE\SHELL\THEWORLD detected: Adware.Win32.StartPage (A) [261256]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERNETSHORTCUT\SHELL\THEWORLD detected: Adware.Win32.StartPage (A) [261263]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MHTMLFILE\SHELL\THEWORLD detected: Adware.Win32.StartPage (A) [261264]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\STARTMENUINTERNET\THEWORLD.EXE detected: Adware.Win32.StartPage (A) [261268]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{CE7C3CE2-4B15-11D1-ABED-709549C10000} detected: Adware.Win32.BHO (A) [264197]

Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\ADWAREFILTER -> POST_INST_1_CHOICE detected: Rogue.Win32.AdFilter (A) [268254]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP detected: Application.Win32.InstallAd (A) [270325]

Key: HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS detected: Application.Win32.InstallAd (A) [270436]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} detected: Application.AdReg (A) [271424]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} detected: Application.AdReg (A) [271545]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TR.TRFACTORY detected: Application.AdReg (A) [272708]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TR.TRFACTORY.1 detected: Application.AdReg (A) [272709]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE detected: Application.AdReg (A) [272833]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE.1 detected: Application.AdReg (A) [272834]

Key: HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1003\SOFTWARE\STARTNOW TOOLBAR detected: Application.InstallAd (A) [275991]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FREEONLINERADIOPLAYERRECORDER detected: Application.InstallAd (A) [276565]

C:\Program Files (x86)\AMiGO (IB)\Amigo.old detected: Gen:Trojan.Heur.UT.Qu1@bWaBF5mi ( [krnl.xmd]

C:\Program Files (x86)\Freemore Audio Video Suite\FreemoreAudioVideoSuite.exe detected: Application.InstallCore (A) [285897]

C:\Program Files\Multi_Media_US\tbMult.dll detected: Application.Toolbar (A) [285570]

C:\Program Files\Multi_Media_US\tbMul1.dll detected: Application.Toolbar (A) [285570]

 

Scanned 147303

Found 33

 

Scan end: 3/18/2018 2:35:19 PM

Scan time: 0:12:38

 

AFTER QUARANTEEN:

 

Emsisoft Emergency Kit - Version 2017.12

Last update: 3/18/2018 2:18:16 PM

User account: M764-140-DQ64G3\Morgan Pierce Parker

Computer name: M764-140-DQ64G3

OS version: Windows 7x64 Service Pack 1

 

Scan settings:

 

Scan type: Malware Scan

Objects: Rootkits, Memory, Traces, Files

 

Detect PUPs: On

Scan archives: Off

Scan mail archives: Off

ADS Scan: On

File extension filter: Off

Direct disk access: Off

 

Scan start: 3/18/2018 2:22:41 PM

C:\Program Files\My.Freeze.com Toolbar\ detected: Adware.Win32.Mostofate (A) [221645]

C:\Program Files\NoAdware3\ detected: Rogue.Win32.FakeAV (A) [222378]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoAdware\ detected: Rogue.Win32.FakeAV (A) [222381]

C:\Program Files\bigfix detected: Application.AppInstall (A) [228116]

C:\Program Files (x86)\regzooka detected: Application.AppInstall (A) [228821]

C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh detected: Application.InstallExt (A) [229561]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6C09102B-BB86-11D1-A87F-FCA10FDB3241} detected: Rogue.Win32.FraudTool (A) [254995]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6C091031-BB86-11D1-A87F-FCA10FDB3241} detected: Rogue.Win32.FraudTool (A) [254996]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{37B85A2A-692B-4205-9CAD-2626E4993404} detected: Adware.Win32.Glosebar (A) [255751]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37B85A2A-692B-4205-9CAD-2626E4993404} detected: Adware.Win32.Glosebar (A) [255751]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{37B85A2C-692B-4205-9CAD-2626E4993404} detected: Adware.Win32.Glosebar (A) [255752]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37B85A2C-692B-4205-9CAD-2626E4993404} detected: Adware.Win32.Glosebar (A) [255752]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\FILE\SHELL\THEWORLD detected: Adware.Win32.StartPage (A) [261255]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HTMLFILE\SHELL\THEWORLD detected: Adware.Win32.StartPage (A) [261256]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERNETSHORTCUT\SHELL\THEWORLD detected: Adware.Win32.StartPage (A) [261263]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MHTMLFILE\SHELL\THEWORLD detected: Adware.Win32.StartPage (A) [261264]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\STARTMENUINTERNET\THEWORLD.EXE detected: Adware.Win32.StartPage (A) [261268]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{CE7C3CE2-4B15-11D1-ABED-709549C10000} detected: Adware.Win32.BHO (A) [264197]

Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\ADWAREFILTER -> POST_INST_1_CHOICE detected: Rogue.Win32.AdFilter (A) [268254]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP detected: Application.Win32.InstallAd (A) [270325]

Key: HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS detected: Application.Win32.InstallAd (A) [270436]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} detected: Application.AdReg (A) [271424]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} detected: Application.AdReg (A) [271545]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TR.TRFACTORY detected: Application.AdReg (A) [272708]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TR.TRFACTORY.1 detected: Application.AdReg (A) [272709]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE detected: Application.AdReg (A) [272833]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE.1 detected: Application.AdReg (A) [272834]

Key: HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1003\SOFTWARE\STARTNOW TOOLBAR detected: Application.InstallAd (A) [275991]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FREEONLINERADIOPLAYERRECORDER detected: Application.InstallAd (A) [276565]

C:\Program Files (x86)\AMiGO (IB)\Amigo.old detected: Gen:Trojan.Heur.UT.Qu1@bWaBF5mi ( [krnl.xmd]

C:\Program Files (x86)\Freemore Audio Video Suite\FreemoreAudioVideoSuite.exe detected: Application.InstallCore (A) [285897]

C:\Program Files\Multi_Media_US\tbMult.dll detected: Application.Toolbar (A) [285570]

C:\Program Files\Multi_Media_US\tbMul1.dll detected: Application.Toolbar (A) [285570]

 

Scanned 147303

Found 33

 

Scan end: 3/18/2018 2:35:19 PM

Scan time: 0:12:38

 

C:\Program Files\Multi_Media_US\tbMul1.dll Application.Toolbar (A)

C:\Program Files\Multi_Media_US\tbMult.dll Application.Toolbar (A)

C:\Program Files (x86)\Freemore Audio Video Suite\FreemoreAudioVideoSuite.exe Application.InstallCore (A)

C:\Program Files (x86)\AMiGO (IB)\Amigo.old Gen:Trojan.Heur.UT.Qu1@bWaBF5mi (

Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FREEONLINERADIOPLAYERRECORDER Application.InstallAd (A)

Key: HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1003\SOFTWARE\STARTNOW TOOLBAR Application.InstallAd (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE.1 Application.AdReg (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE Application.AdReg (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TR.TRFACTORY.1 Application.AdReg (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TR.TRFACTORY Application.AdReg (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Application.AdReg (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Application.AdReg (A)

Key: HKEY_USERS\S-1-5-21-2396228472-3482715812-2186985281-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS Application.Win32.InstallAd (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP Application.Win32.InstallAd (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\ADWAREFILTER -> POST_INST_1_CHOICE Rogue.Win32.AdFilter (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{CE7C3CE2-4B15-11D1-ABED-709549C10000} Adware.Win32.BHO (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\STARTMENUINTERNET\THEWORLD.EXE Adware.Win32.StartPage (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MHTMLFILE\SHELL\THEWORLD Adware.Win32.StartPage (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERNETSHORTCUT\SHELL\THEWORLD Adware.Win32.StartPage (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HTMLFILE\SHELL\THEWORLD Adware.Win32.StartPage (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\FILE\SHELL\THEWORLD Adware.Win32.StartPage (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37B85A2C-692B-4205-9CAD-2626E4993404} Adware.Win32.Glosebar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{37B85A2C-692B-4205-9CAD-2626E4993404} Adware.Win32.Glosebar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37B85A2A-692B-4205-9CAD-2626E4993404} Adware.Win32.Glosebar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{37B85A2A-692B-4205-9CAD-2626E4993404} Adware.Win32.Glosebar (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6C091031-BB86-11D1-A87F-FCA10FDB3241} Rogue.Win32.FraudTool (A)

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6C09102B-BB86-11D1-A87F-FCA10FDB3241} Rogue.Win32.FraudTool (A)

C:\Users\Morgan Pierce Parker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh Application.InstallExt (A)

C:\Program Files (x86)\regzooka Application.AppInstall (A)

C:\Program Files\bigfix Application.AppInstall (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoAdware\ Rogue.Win32.FakeAV (A)

C:\Program Files\NoAdware3\ Rogue.Win32.FakeAV (A)

C:\Program Files\My.Freeze.com Toolbar\ Adware.Win32.Mostofate (A)

 

Quarantined 33

 

HERE IS THE RGSA LOG:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 18th March, 2018

Running from:C:\Users\Morgan Pierce Parker\Desktop (14:42:33 - 03/18/2018)

***---------------------------------------------------------***

Microsoft Windows 7 Ultimate X64 Service Pack 1

UAC is Disabled

Internet Explorer 11

Default Browser: Opera

***------------Antivirus - Antispyware - Firewall-----------***

Windows Defender (Disabled - Not up to Date)

Windows Firewall (Enabled)

No other Firewall Installed

***-------Security Programs - Browsers - Miscellaneous------***

Adobe Flash Player NPAPI (26.0.0.137) ==> is out of Date

CCleaner (5.21) ==> is out of Date

Defraggler (2.15) ==> is out of Date

Google Chrome (64.0.3282.186) ==> is out of Date

Java (1.7.0.20) ==> is out of Date

Malwarebytes (3.4.4.2398)

Microsoft Silverlight (5.1.50907.0)

Mozilla Firefox (58.0.2) ==> is out of Date

Opera (12.18.1873)

Safari (5.34.52.7)

Windows Live Essentials (16.4.3528.0331) ==> is no longer supported

 

***----------------Analysis Complete-------------------------***

Thanks, again Satchfan.  i will wait to hear from you.. 

[Satchfan]

Please do not use the Internet at the moment as you have no antivirus currently installed: we’ll deal with that when your computer is clean.

 

Sorry about the late reply and the two posts but my Internet access here is a bit ropey as I'm in a secluded village at the moment.

 

Run Malwarebytes Anti-Malware

Let's try it again.

• Launch Malwarebytes Anti-Malware
• on the Dashboard, click Update Now
• after the update completes, click the Scan Now' button.
• if an update is available, clicking the Update Now button will update it
• a Threat Scan will begin.
• when the scan is complete, if malware has been detected, click Quarantine Selected to allow MBAM to clean what was found
• when the prompt to restart the computer appears, click Yes.
• after the restart once you are back at your desktop, open MBAM once more
• click on the “History” tab, the “Application Logs”
• double-click on the scan log which shows the date and time of the scan just performed.
• click Copy to Clipboard
• please paste the contents of the clipboard into your reply.

Satchfan
 

 

[Safe]

Hi Satchafan,

 

I did what  you said and rebooted after running Malware Bytes, but there was no text file.  I captured the report in 5 graphic screens for you, but can  not post due to Bleeping file size limit.  Where can I post for you (I really looked all over the machine:  Desktop, MWB program folder, et.)  where could it be?  Seems to be no TXT option.)

[Satchfan]

First:

Show hidden Files and Folders

• open Windows Explorer, (Windows key+E)
• at the top, click on Tools>Folder options
• click on the 'View' tab
• under 'Files and Folders', place a check in Show hidden files, folders and drives

You can then find the log at the following location:

C:\Users\Morgan Pierce Parker\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

I’m afraid that I won’t be able to reply for 36 hours as the family situation I previously mentioned demands my time.

Satchfan