Solved I Think That My Computer Has a Virus

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
First of all, I could not download the Farbar Recovery Scan Tool. I tried several times but each time, I saw a message from Windows Defender indicating that this was not a regular download, and it wouldn't let me download it.

The problem occurred this evening. All of a sudden, my computer began running very slowly and some icons on the desktop would not open the programs, e.g., the VPN on my computer. I ran Malwarebytes and Hitman Pro Alert, but the programs did not detect any malware. If someone can tell me how to bypass Windows Defender and download the Farbar Recovery Scan Tool I will appreciate it.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Hi, referee07.

What is the version of your Windows?
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
42,138
First of all, I could not download the Farbar Recovery Scan Tool. I tried several times but each time, I saw a message from Windows Defender indicating that this was not a regular download, and it wouldn't let me download it.
...
This is normal. Its because Microsoft doesn't recognize that the software is safe (yet) and so it will be prompted. Even our TSG Tool gets this message :)

Usually there will be an option like More Info or Advanced to click and then you should have the option to download/run. If the settings are set to Block then you can change it to Warn and that should give you the option to run. You can also turn off SmartScreen but then you will be more vulnerable, so if anything, make sure it's set to Warn. If you continue to have this then you can temporarily turn it off until you are done with the tasks at hand.
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
This is normal. Its because Microsoft doesn't recognize that the software is safe (yet) and so it will be prompted. Even our TSG Tool gets this message :)

Usually there will be an option like More Info or Advanced to click and then you should have the option to download/run. If the settings are set to Block then you can change it to Warn and that should give you the option to run. You can also turn off SmartScreen but then you will be more vulnerable, so if anything, make sure it's set to Warn. If you continue to have this then you can temporarily turn it off until you are done with the tasks at hand.
Couriant, thanks for your reply. I followed your instructions and temporarily turned off SmartScreen and was able to download FRST and run the program. Please see below for the results of both scans, the FRST and the Additional scan.
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr. M, and Couriant, please see below for the results of the FRST scan and the Additonal scan. Also, I wanted to mention that it took maybe 45 minutes to an hour for my VPN (StrongVPN) to come onboard after I clicked on the desktop icon. Thanks again for all of your help.
__________________________________________________________________________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by User (administrator) on DESKTOP-7RCNB9G (Acer Aspire A315-21) (11-11-2021 19:49:18)
Running from C:\Users\User\Desktop
Loaded Profiles: User
Platform: Microsoft Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366969.inf_amd64_08be8e6c39509940\B367342\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366969.inf_amd64_08be8e6c39509940\B367342\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Audible Inc) C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower A/S) C:\Windows\System32\DriverStore\FileRepository\icesoundapo64.inf_amd64_dad6800789450741\ICEsoundService64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) pGFX -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(Lespeed Technology Co., Ltd -> WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
(Lespeed Technology Co., Ltd -> WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Strong Technology, LLC -> Strong Technology, LLC) C:\Program Files\StrongVPN\StrongVPN.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>
(The OpenVPN Project) [File not signed] C:\Program Files\StrongVPN\OpenVPN\openvpn.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [7823824 2016-05-24] (Compal electronic ,inc -> Dell Inc.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2020-03-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9298344 2021-11-06] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [670824 2020-12-08] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [896104 2020-12-08] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [77432 2021-11-04] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1984120 2021-11-04] (Pro Softnet Corporation -> Prosoftnet)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [TalkHelper] => C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe [5048832 2019-09-04] (TalkHelper Team) [File not signed]
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [148800 2021-11-06] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [482816 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\WINDOWS\system32\CNMLMG3.DLL [1311232 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-04] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2020-10-09]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.) [File not signed]
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-10-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F49EDCE-1AEB-4D26-A2DB-53FC2581DBCE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D63A6C7-EFE6-4D5D-95B8-78E440E6D628} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {2045DF02-82FD-45A8-9E6C-BF945E57D9E7} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {26F71C76-FA19-407A-96D8-B4046C345532} - System32\Tasks\StrongVPN => C:\Program Files\StrongVPN\StrongVPN.exe [4571232 2021-01-14] (Strong Technology, LLC -> Strong Technology, LLC)
Task: {2F6A50FD-577C-49A5-9540-C34FAE0609E3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [148800 2021-11-06] (Siber Systems -> Siber Systems)
Task: {447DB01E-83E5-4A94-A9AE-7088DBC9B6AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-06] (Google LLC -> Google LLC)
Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {4F265025-7DD2-4446-92D5-EF36165FFE93} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {5925253A-E1C5-4216-8688-F73FE76BD174} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
Task: {7072963F-3763-4E9F-A1F5-DE9703BAE827} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION
Task: {71319F3B-C70D-40D5-80E3-E91B57759987} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-06] (Google LLC -> Google LLC)
Task: {719357CE-6075-44F2-9217-7F8EBE0E7D8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-05] (Apple Inc. -> Apple Inc.)
Task: {81EAE70F-A00A-441E-9CC1-F4FE6AA86323} - System32\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [7596792 2021-09-23] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {9098207E-F70E-45E7-8E05-04D7AAF21E8B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {93792EE0-5957-4713-88BF-DB2AA95C937C} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "https://www.roboform.com/test-pass....NCJCMJNOMCMJNNMCMJNMMCMJNLMCMJNKMCMOMJNJMCMPM"
Task: {9D24F48D-9EB4-4C3D-A306-F82963120551} - System32\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001 => C:\Users\User\AppData\Local\GoToMeeting\19796\g2mupdate.exe [31176 2021-06-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {A8FAF71A-612D-4E2E-9C9B-74C122747F9C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA025FA9-DA9E-4ED2-9E27-2919ABDB33D1} - System32\Tasks\Run RoboForm Process => C:\Program Files\Google\Chrome\Application\chrome.exe https://chrome.google.com/webstore/detail/roboform/pnlccmojcmeohlpggmfnbbiapkmbliob
Task: {B6ADC99D-DEE0-487D-AC73-B0ED40024997} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {BE9DE6E7-6A8C-46BF-B86D-237F0FC69C2A} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {C38B73CE-7FF9-4574-981E-18F7B38AF9FD} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [12176632 2021-10-23] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {CB51727F-CE2D-4FC9-826D-5B54D774D768} - \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install -> No File <==== ATTENTION
Task: {CF44BA72-7AE4-4FB8-B1F4-A5DC64FB147F} - System32\Tasks\{995C167A-3E0F-4C93-9F4E-25AFC941C571} => C:\Program Files (x86)\east-tec Eraser\etRiskMonitor.exe (No File)
Task: {DF024C56-F31E-48F0-9C7C-26F3B4420865} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {EC4AF67B-FEB3-4E75-974B-EE8C28C6A853} - System32\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001 => C:\Users\User\AppData\Local\GoToMeeting\19796\g2mupload.exe [31176 2021-06-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {F794D676-3EBB-4430-8D1E-EA7836F9B9D1} - System32\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [8372984 2021-09-30] (Lespeed Technology Co., Ltd -> wisecleaner.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001.job => C:\Users\User\AppData\Local\GoToMeeting\19796\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001.job => C:\Users\User\AppData\Local\GoToMeeting\19796\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-13] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-13] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.18.0.2 198.18.0.1
Tcpip\..\Interfaces\{1964c4a0-6f65-42f1-8089-c633a3b81d6a}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{31d522f3-c05d-4090-9b9d-8cdd3188c581}: [DhcpNameServer] 198.18.0.2 198.18.0.1
Tcpip\..\Interfaces\{597ec23c-d91c-4c2c-a184-d0ae46e78246}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{655546f9-ffec-4aae-b9ae-374d6898b8fd}: [DhcpNameServer] 168.126.63.1 168.126.63.2

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-11]
Edge HomePage: Default -> hxxps://www.npr.org/
Edge StartupUrls: Default -> "hxxp://npr.com/"
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-24]
Edge Extension: (RoboForm Password Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2021-10-29]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-11-11]
CHR Notifications: Default -> hxxps://web.skype.com
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-22]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-22]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-22]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-22]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-23]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-22]
CHR Extension: (RoboForm Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2021-11-07]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-05-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5117648 2021-07-13] (SurfRight B.V. -> SurfRight B.V.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [405112 2021-11-04] (Pro Softnet Corporation -> Prosoftnet)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [10507520 2021-11-06] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7826104 2021-11-01] (Malwarebytes Inc -> Malwarebytes)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51224 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
R2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [658224 2021-08-26] (Lespeed Technology Co., Ltd -> WiseCleaner.com)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [29904 2021-02-12] (Acer Incorporated -> Acer Incorporated)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2021-02-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [112856 2020-05-19] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-08] (ASUSTek Computer Inc. -> ASUS)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc. -> McAfee, Inc.)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [410640 2021-07-13] (Microsoft Windows Hardware Compatibility Publisher -> SurfRight B.V.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-11-25] (Martin Malik - REALiX -> REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 mrcbt; C:\WINDOWS\System32\drivers\mrcbt.sys [101032 2021-11-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
R0 mrigflt; C:\WINDOWS\System32\drivers\mrigflt.sys [73136 2021-11-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-06-23] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-27] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-22] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-12] (Microsoft Corporation -> Microsoft Corporation)
R3 WiseRegNotify; C:\WINDOWS\WiseRegNotify.sys [47936 2021-10-30] (Lespeed Technology Co., Ltd -> WiseCleaner.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-11 19:49 - 2021-11-11 19:50 - 000027955 _____ C:\Users\User\Desktop\FRST.txt
2021-11-11 19:47 - 2021-11-11 19:49 - 000000000 ____D C:\FRST
2021-11-11 19:38 - 2021-11-11 19:39 - 002312192 _____ (Farbar) C:\Users\User\Desktop\FRST64 (1).exe
2021-11-11 19:36 - 2021-11-11 19:36 - 002312192 _____ (Farbar) C:\Users\User\Downloads\Unconfirmed 465316.crdownload
2021-11-11 19:33 - 2021-11-11 19:33 - 002312192 _____ (Farbar) C:\Users\User\Downloads\Unconfirmed 519741.crdownload
2021-11-11 19:26 - 2021-11-11 19:26 - 002312192 _____ (Farbar) C:\Users\User\Downloads\Unconfirmed 166588.crdownload
2021-11-11 19:07 - 2021-11-11 19:07 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-11-11 19:06 - 2021-11-11 19:06 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-11-11 19:06 - 2021-11-11 19:06 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-11-10 22:22 - 2021-11-10 22:22 - 000563872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-10 19:37 - 2021-11-10 19:36 - 001447620 _____ C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg
2021-11-09 19:20 - 2021-11-09 19:20 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-11-09 19:19 - 2021-11-11 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-11-09 19:18 - 2021-11-11 19:04 - 000000000 ____D C:\Program Files\iTunes
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}
2021-11-07 19:42 - 2021-11-07 19:42 - 009163994 _____ C:\Users\User\Desktop\유하 - Lesson Four.pptx
2021-11-06 17:47 - 2021-10-14 00:26 - 000058112 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\MRVDP.sys
2021-11-06 12:43 - 2021-11-11 19:04 - 000000000 ____D C:\Program Files\Anki
2021-11-06 12:43 - 2021-11-06 12:43 - 000000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2021-11-06 12:43 - 2021-11-06 12:43 - 000000519 _____ C:\Users\Public\Desktop\Anki.lnk
2021-11-06 10:51 - 2021-11-06 11:18 - 000000000 ____D C:\IDriveLocal
2021-11-06 10:49 - 2021-11-11 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2021-11-06 10:49 - 2021-11-11 19:04 - 000000000 ____D C:\Program Files (x86)\IDriveWindows
2021-11-06 10:49 - 2021-11-09 21:37 - 000000000 ____D C:\ProgramData\IDrive
2021-11-06 10:49 - 2021-11-06 10:49 - 000001205 _____ C:\Users\Public\Desktop\IDrive.lnk
2021-11-06 10:49 - 2021-11-03 17:07 - 000533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2021-11-06 10:49 - 2021-11-03 17:07 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2021-11-06 09:37 - 2021-11-11 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2021-11-06 09:37 - 2021-11-06 09:37 - 000002023 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2021-11-06 09:06 - 2021-11-06 09:06 - 000000000 ___HD C:\$WinREAgent
2021-11-05 20:26 - 2021-11-05 20:26 - 000000000 ____D C:\WINDOWS\Panther
2021-11-04 12:48 - 2021-11-04 12:48 - 000032476 _____ C:\Users\User\Desktop\Nov Group Supervision Schedule.xlsx
2021-11-04 12:22 - 2021-11-04 12:22 - 000703063 _____ C:\Users\User\Desktop\Osan USO Picture.htm
2021-11-02 21:38 - 2021-11-02 21:38 - 000000000 ____D C:\Users\User\Desktop\Outlook Pin From Google
2021-11-02 19:51 - 2021-11-02 19:51 - 000000380 _____ C:\Users\User\Downloads\Backup-codes-referee007.txt
2021-11-02 19:03 - 2021-11-02 19:07 - 000000000 ____D C:\Users\TEMP
2021-11-01 22:36 - 2021-11-01 22:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-01 22:36 - 2021-11-01 22:36 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-10-30 12:24 - 2021-10-30 12:24 - 000000000 ____D C:\Users\User\AppData\Roaming\Wiseduplicatefinder
2021-10-30 11:43 - 2021-11-01 20:44 - 000000004 ___SH C:\WINDOWS\wisefs.dat
2021-10-30 11:07 - 2021-10-30 11:07 - 000003798 _____ C:\WINDOWS\system32\Tasks\Wise Turbo Checker.job
2021-10-30 11:07 - 2021-10-30 11:07 - 000003634 _____ C:\WINDOWS\system32\Tasks\Wise Care 365.job
2021-10-30 11:05 - 2021-10-30 11:05 - 000047936 _____ (WiseCleaner.com) C:\WINDOWS\WiseRegNotify.sys
2021-10-30 11:02 - 2021-11-11 19:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Wise Care 365
2021-10-30 11:02 - 2021-10-30 11:02 - 000001229 _____ C:\Users\Public\Desktop\Wise Care 365.lnk
2021-10-30 11:02 - 2021-10-30 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2021-10-24 22:22 - 2021-10-24 22:22 - 000000000 ____D C:\Users\User\AppData\Local\Anki
2021-10-24 22:21 - 2021-11-07 19:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Anki2

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-11 19:46 - 2020-10-06 22:32 - 000000000 ____D C:\Users\User\AppData\Local\StrongVPN
2021-11-11 19:43 - 2020-10-06 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-11 19:31 - 2020-10-06 01:55 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-11 19:08 - 2020-10-03 07:27 - 000000000 ___RD C:\Users\User\OneDrive
2021-11-11 19:06 - 2021-04-27 19:38 - 000000000 ____D C:\Users\User\AppData\LocalLow\IGDump
2021-11-11 19:05 - 2021-04-25 19:15 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2021-11-11 19:05 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-11 19:05 - 2020-10-06 01:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-11 19:05 - 2020-10-06 00:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-11 19:05 - 2020-10-03 06:41 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-11 19:05 - 2017-07-05 03:10 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2021-11-11 19:04 - 2021-10-02 11:49 - 000000000 ____D C:\Users\User\AppData\Roaming\Wise Disk Cleaner
2021-11-11 19:04 - 2021-03-17 22:31 - 000000000 ___HD C:\ProgramData\CanonIJScan
2021-11-11 19:04 - 2020-12-23 12:16 - 000000000 ____D C:\Users\User\AppData\Local\RoboForm
2021-11-11 19:04 - 2020-10-09 04:03 - 000000000 ____D C:\Program Files (x86)\Quicken
2021-11-11 19:04 - 2020-10-05 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2021-11-11 19:04 - 2017-07-05 03:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-11-11 18:57 - 2020-10-06 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-11 18:56 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\registration
2021-11-11 18:49 - 2020-10-28 21:51 - 000000000 ____D C:\ProgramData\HitmanPro
2021-11-11 18:41 - 2020-12-26 02:59 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{CE20A205-25EB-46E1-80F9-D7D13D4129F5}
2021-11-10 22:25 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-10 22:04 - 2020-10-06 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-10 21:13 - 2020-10-11 00:34 - 000000000 ____D C:\Users\User\Documents\Outlook Files
2021-11-10 19:50 - 2020-10-11 22:51 - 000271360 _____ C:\Users\User\Documents\removed - Carl's profile.pst
2021-11-10 19:37 - 2020-10-05 22:45 - 000000000 ____D C:\Users\User\Documents\Scanned Documents
2021-11-10 19:33 - 2021-03-17 22:09 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-11-08 22:37 - 2020-10-10 10:24 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-11-08 22:17 - 2020-10-06 01:22 - 000000000 ____D C:\WINDOWS\INF
2021-11-07 19:43 - 2020-10-06 01:05 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-11-07 19:24 - 2020-10-09 22:22 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-06 09:39 - 2020-10-06 22:51 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-11-06 09:37 - 2021-02-13 02:40 - 000101032 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrcbt.sys
2021-11-06 09:37 - 2021-02-13 02:40 - 000073136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrigflt.sys
2021-11-06 09:37 - 2021-02-13 02:40 - 000000000 ____D C:\Program Files\Macrium
2021-11-06 09:23 - 2020-10-06 01:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-06 09:08 - 2020-12-23 12:19 - 000004498 _____ C:\WINDOWS\system32\Tasks\Open URL by RoboForm
2021-11-06 09:08 - 2020-12-23 12:19 - 000003798 _____ C:\WINDOWS\system32\Tasks\Run RoboForm TaskBar Icon
2021-11-05 22:06 - 2020-10-06 01:14 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1023104244-2545508458-507804784-1001
2021-11-05 22:06 - 2020-10-06 00:49 - 000002376 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-04 19:17 - 2020-10-05 22:56 - 000000000 ____D C:\Users\User\Desktop\Misc
2021-11-04 14:16 - 2020-10-06 01:56 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-04 14:15 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-03 09:02 - 2020-10-06 02:13 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-11-02 19:09 - 2020-11-02 14:46 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-02 19:05 - 2020-10-06 01:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-01 22:25 - 2021-10-02 11:49 - 000000000 ____D C:\Program Files (x86)\Wise
2021-11-01 22:19 - 2020-10-07 09:47 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2021-11-01 22:19 - 2020-10-05 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-10-30 10:35 - 2021-10-02 11:49 - 000001289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner.lnk
2021-10-30 10:35 - 2021-10-02 11:49 - 000001277 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2021-10-12 21:55 - 2020-10-21 04:55 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2021-01-15 06:54 - 2021-01-15 06:54 - 000000339 _____ () C:\Users\User\AppData\Local\LMIR0E694001.tmp_r.bat
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ () C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by User (11-11-2021 19:52:16)
Running from C:\Users\User\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1165 (X64) (2020-10-05 16:05:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1023104244-2545508458-507804784-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1023104244-2545508458-507804784-503 - Limited - Disabled)
Guest (S-1-5-21-1023104244-2545508458-507804784-501 - Limited - Disabled)
User (S-1-5-21-1023104244-2545508458-507804784-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1023104244-2545508458-507804784-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: 2.1.49 - )
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Business Plan Pro 2004 (HKLM-x32\...\{C7BA228D-D0E9-44E5-B0B6-7AD4B0D6EBB0}) (Version: 7.16.0008 - Palo Alto Software)
Byki (HKLM-x32\...\{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}) (Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Deluxe (HKLM-x32\...\Byki Deluxe) (Version: - Transparent Language, Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 3.20.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
Epson WF-3720_4720_4730 Guide (HKLM-x32\...\UsersGuideEpson WF-3720_4720_4730 Guide_is1) (Version: 1.0 - Epson America, Inc.)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM\...\{566A834D-2DDD-3376-B265-20E45991EB23}) (Version: 95.0.4638.69 - Google LLC)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.17.0.19796 (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\GoToMeeting) (Version: 10.17.0.19796 - LogMeIn, Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.23.318 - SurfRight B.V.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.14.907 - SurfRight B.V.)
IDrive version 6.7.4.8 (HKLM-x32\...\IDrive_is1) (Version: 6.7.4.8 - Pro Softnet Corp)
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
Macrium Reflect Home Edition (HKLM\...\{4DFF51B0-3FA5-4F24-819A-1839E3994BA1}) (Version: 8.0.6350 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 8.0 - Paramount Software (UK) Ltd.)
Malwarebytes version 4.4.9.142 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.9.142 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MyDataBase (HKLM-x32\...\{AB856C83-7CA0-4EB5-8D86-792B29EB4A10}) (Version: - )
MySoftware Fonts (HKLM-x32\...\{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}) (Version: - )
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20292 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10426 - Qualcomm)
Quicken 2004 (HKLM-x32\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.016 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8911.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.5.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.5.0 - VS Revo Group, Ltd.)
RoboForm 9-2-1-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 9-2-1-1 - Siber Systems)
StrongVPN (HKLM\...\{1F0FB659-502A-4BF3-AB40-D25BB14FE36C}) (Version: 2.6.2.0 - Strong Technology, LLC) Hidden
StrongVPN (HKLM-x32\...\{9d65bde1-0048-4fe8-bf48-02b946435252}) (Version: 2.6.2.0 - Strong Technology, LLC)
StrongVPN Client (HKLM-x32\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.6.5 - Strong Technology, LLC)
TalkHelper Call Recorder for Skype version 5.50 (HKLM-x32\...\{D290FF60-4288-4A56-9361-F215D78E84D3}_is1) (Version: 5.50 - TalkHelper Team)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wise Care 365 6.1.1 (HKLM-x32\...\Wise Care 365_is1) (Version: 6.1.1 - WiseCleaner.com, Inc.)
Wise Disk Cleaner 10.7.2 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.7.2 - WiseCleaner.com, Inc.)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Zoom (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\ZoomUMX) (Version: 5.6.4 (799) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.5.381.0_x64__ynb6jyjzte8ga [2021-11-11] (Adobe Inc.)
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2021-11-11] (Audible Inc)
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.29.0_x64__dxp88312j1fgj [2021-11-11] (ICEpower)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.1.257.0_x64__v10z8vjag6ke6 [2021-11-11] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-11-11] (INTEL CORP) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-11] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-11] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-11-11] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0 [2021-11-11] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\User\AppData\Local\GoToMeeting\19598\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-11-03] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-11-03] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-11-03] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2021-07-13] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-11-03] () [File not signed]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2021-11-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-11-03] () [File not signed]
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2021-11-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-11-03] () [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.x264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-11-06 10:49 - 2021-11-03 17:07 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 000168089 _____ () [File not signed] C:\Program Files\StrongVPN\OpenVPN\liblzo2-2.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 000106309 _____ () [File not signed] C:\Program Files\StrongVPN\OpenVPN\libpkcs11-helper-1.dll
2019-08-16 08:13 - 2019-08-16 08:13 - 000989184 _____ () [File not signed] C:\Program Files\StrongVPN\runtimes\win-x86\native\e_sqlite3.dll
2021-02-12 01:10 - 2021-02-12 01:10 - 040403968 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.dll
2021-02-12 01:10 - 2021-02-12 01:10 - 000052224 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleSystemFileWrapperRT.dll
2020-11-28 12:17 - 2020-11-28 12:17 - 001123840 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\e_sqlite3.dll
2020-11-02 14:47 - 2020-11-02 14:47 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-11-02 14:47 - 2020-11-02 14:47 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-11-06 10:49 - 2021-11-03 17:07 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2021-11-06 10:49 - 2021-11-03 17:07 - 001663488 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\IDriveWindows\SQLite.Interop.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 003140848 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\StrongVPN\OpenVPN\libcrypto-1_1.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 000956349 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\StrongVPN\OpenVPN\libssl-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E61E54 [188]
AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://npr.com/
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> DefaultScope {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL =
SearchScopes: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL =
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-19 06:03 - 2017-03-19 06:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\burn the ships.jpg
DNS Servers: 198.18.0.2 - 198.18.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "HDSoft"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "TalkHelper"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "EPSDNMON"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{18197EB2-B548-4FA5-B54E-8FB87C5F2C16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0B7DBA8-8C6B-4A37-B679-C910315054D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C1B37A72-E7DB-4166-A247-FBC5FB686E98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C7CE68E-60AF-4133-A00C-36579CF2BED9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C7EC2A50-ABE8-476B-84DC-14ED10CDFA9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9A4776B-1C09-43A1-BAA6-5EDF77EAD794}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{1AE07879-AB1D-41C8-B542-59689D6CB7D6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{65F3B639-EC8F-45FB-9E48-DD9445E1B8B2}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{17698B5E-6EFF-492F-8693-5FD65AD09B9F}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{E2CD141A-F244-42B2-9729-C8F939EA737E}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{ECDEE32B-DFE0-4DD4-A37F-971EDDA22B05}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C125D32C-5112-42EA-91B7-F20643C37397}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E8B7FDF-AD86-475E-9DFC-D46318A8A6C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{80EB8422-923E-47F0-8A0E-937272E805D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E843C55-974E-41D7-BA9D-50C0664E6C9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36BF40C2-A29C-4A98-B0A4-EE44D44E5F97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69E3B4D5-4DD9-46C5-94EC-12EEC5EDE0B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3F43CF15-92B6-49A2-BAC9-30FD2D5F1B56}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1D93A943-7566-4460-A4BB-4A496A8F3A04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00565160-6CEA-472A-A057-5A5A8996F367}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6F1B1665-2124-44E1-BAF0-C22F917B16EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0387C768-08F8-4C2B-AE99-BAFF6594EFE4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4400E2EA-C21C-40F3-8AA2-9809D1E9D25E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{454175CF-7B74-4B39-B0DF-DE6A4886B1BD}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2CD0643D-A6A5-4A27-B659-0747B8C33D48}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8BAF7209-7E6A-4C80-A94D-8FE4FD0E829F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A4FA8C2F-01AA-4400-AC76-3F38952CE700}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6FB759B3-0E01-42AE-832A-2C9C30346A72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File

==================== Restore Points =========================

01-11-2021 22:21:07 Revo Uninstaller Pro's restore point - Wise Hotkey 1.2.8
06-11-2021 09:34:50 [IDS_MSI_ERROR_1715]
06-11-2021 11:24:11 Restore Operation

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/11/2021 07:47:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.1151 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 394

Start Time: 01d7d6e3c2010d72

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: ef8dcf99-09ce-469b-9ec1-0c732ebb6687

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/11/2021 07:44:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CHXSmartScreen.exe version 10.0.19041.423 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2aac

Start Time: 01d7d6e8f94a9fd8

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

Report Id: cdb3ac70-0160-413a-830f-a8f3d54e15d4

Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Hang type: Activation

Error: (11/11/2021 07:41:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CHXSmartScreen.exe version 10.0.19041.423 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 22e0

Start Time: 01d7d6e88324297c

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

Report Id: ac233e1c-fc1f-42c5-a3bf-1d6dc5cf7468

Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Hang type: Activation

Error: (11/11/2021 07:35:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhostw.exe, version: 10.0.19041.906, time stamp: 0xd1ac4c39
Faulting module name: amdihk64.dll, version: 2.0.0.1788, time stamp: 0x609a1bdf
Exception code: 0xc0000005
Fault offset: 0x00000000000063cf
Faulting process id: 0x2380
Faulting application start time: 0x01d7d6e54ec113d2
Faulting application path: C:\WINDOWS\system32\taskhostw.exe
Faulting module path: C:\WINDOWS\SYSTEM32\amdihk64.dll
Report Id: 57597fd9-5b0f-4749-b8e7-35b17a3ddc59
Faulting package full name:
Faulting package-relative application ID:

Error: (11/11/2021 07:21:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Bubbles.scr version 10.0.19041.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 26dc

Start Time: 01d7d6e594e5cbea

Termination Time: 10412

Application Path: C:\Windows\System32\Bubbles.scr

Report Id: 211a5695-278b-4dd1-8764-486c317828b7

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/11/2021 07:06:40 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Revo Uninstaller Pro's restore point - Wise Hotkey 1.2.8). Additional information: 0x80070005.

Error: (11/11/2021 06:49:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devicecensus.exe, version: 10.0.19645.1029, time stamp: 0x827fe5ce
Faulting module name: amdihk64.dll_unloaded, version: 2.0.0.1788, time stamp: 0x609a1bdf
Exception code: 0xc0000005
Fault offset: 0x00000000000063cf
Faulting process id: 0x13e4
Faulting application start time: 0x01d7d6df21ea9dcd
Faulting application path: C:\WINDOWS\system32\devicecensus.exe
Faulting module path: amdihk64.dll
Report Id: 31c6230e-77ef-4e3f-b7f5-267da716e9a8
Faulting package full name:
Faulting package-relative application ID:

Error: (11/11/2021 06:49:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.

DETAIL - Access is denied.


System errors:
=============
Error: (11/11/2021 07:44:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server Microsoft.Windows.Apprep.ChxApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca did not register with DCOM within the required timeout.

Error: (11/11/2021 07:41:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server Microsoft.Windows.Apprep.ChxApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca did not register with DCOM within the required timeout.

Error: (11/11/2021 06:49:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
%%2147943515 = A system shutdown is in progress.

Error: (11/11/2021 06:49:34 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Error: (11/11/2021 06:49:05 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (11/11/2021 06:49:04 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (11/11/2021 06:49:04 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (11/10/2021 10:22:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-09-22 03:56:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-22 03:38:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-28 23:15:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-28 21:40:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-28 18:32:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-11-10 22:22:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.743.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2021-11-10 22:22:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.743.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2021-11-10 21:57:10
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.1175.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-11-10 21:51:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.1175.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-11-10 21:51:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.1175.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===============
Date: 2021-11-11 19:46:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.22 04/30/2019
Motherboard: SR Squirtle_SR
Processor: AMD A9-9420e RADEON R5, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 37%
Total physical RAM: 11733.37 MB
Available physical RAM: 7276.44 MB
Total Virtual: 13525.37 MB
Available Virtual: 8817.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.9 GB) (Free:573.12 GB) NTFS

\\?\Volume{24caf064-650a-4a79-afc8-6449631a3336}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{a0f69297-3a9d-4b11-9a7c-f9a831e7a696}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 
Last edited by a moderator:

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Hi, referee07.

The logs are clean from malware.

Some thoughts/maintenance, before we do some additional scans, to ensure that everything is clean:

1. Wise Cleaner

I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

So... My recommendation is to uninstall these:

Wise Care 365 6.1.1
Wise Disk Cleaner 10.7.2

If you decide to keep them, please don't use the registry cleaning option.


2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.[/*]
Code:
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:56E61E54 [188]
AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
SearchScopes: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> DefaultScope {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL =
SearchScopes: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL =
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
FirewallRules: [{2CD0643D-A6A5-4A27-B659-0747B8C33D48}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8BAF7209-7E6A-4C80-A94D-8FE4FD0E829F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A4FA8C2F-01AA-4400-AC76-3F38952CE700}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6FB759B3-0E01-42AE-832A-2C9C30346A72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
Task: {2045DF02-82FD-45A8-9E6C-BF945E57D9E7} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {4F265025-7DD2-4446-92D5-EF36165FFE93} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
Task: {7072963F-3763-4E9F-A1F5-DE9703BAE827} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION
Task: {B6ADC99D-DEE0-487D-AC73-B0ED40024997} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {BE9DE6E7-6A8C-46BF-B86D-237F0FC69C2A} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {CB51727F-CE2D-4FC9-826D-5B54D774D768} - \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install -> No File <==== ATTENTION
Task: {CF44BA72-7AE4-4FB8-B1F4-A5DC64FB147F} - System32\Tasks\{995C167A-3E0F-4C93-9F4E-25AFC941C571} => C:\Program Files (x86)\east-tec Eraser\etRiskMonitor.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc. -> McAfee, Inc.)
C:\WINDOWS\System32\drivers\HipShieldK.sys
DeleteKey: HKCU\Software\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. Your decision about Wise software
  2. The fixlog.txt
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr. M, thanks again for your reply and help. I did run the Microsoft Safety Scanner (MSS) which apparently generated a report; should I try to send it to you? Also, when I right-click on the FRST64 icon on my computer's desktop and choose Administrator, there is no "Fix" option, in fact there is nothing showing on the resulting screen after I press "Yes" to the disclaimer. Also, Outlook is now not acting correctly after I ran MSS, i.e., many of the entries for e-mails are blank, and when I click on an e-mail Outlook shuts-down. Thanks again.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
I gave you a full set of instructions above and you ran other tool?

Please, if you want my assistance, follow my instructions, at least until the end of the cleaning procedure. Otherwise, let me know.

Run FRST fix as you ran it before and you will see the Fix button. First, you have to select the content of the code in my previous post, right click on it and choose copy.
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
I gave you a full set of instructions above and you ran other tool?

Please, if you want my assistance, follow my instructions, at least until the end of the cleaning procedure. Otherwise, let me know.

Run FRST fix as you ran it before and you will see the Fix button. First, you have to select the content of the code in my previous post, right click on it and choose copy.
Dr. M, I didn't run any other tools. And I followed your instructions. I have attached the result of the FRST Fix. Also, when my computer restarted, it seems that Outlook is running well now. I do have a question: does Wise Disk Cleaner and/or Wise Care 365 have any merits? It seems that the programs can clean-out left-over "stuff" on my computer, but I don't want to tamper in any way with my computer's Registry. Thanks again for all of your help.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Dr. M, I didn't run any other tools. And I followed your instructions. I have attached the result of the FRST Fix.
Then you meant that you ran FRST and not Microsoft Safety Scanner. Right?

I do have a question: does Wise Disk Cleaner and/or Wise Care 365 have any merits? It seems that the programs can clean-out left-over "stuff" on my computer, but I don't want to tamper in any way with my computer's Registry.
I already told you my opinion. I would not keep them. But it's your computer, so your decision. At least, do not use the registry cleaning option, as I said before.

Let's continue:

1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Scan mode)
  • Open Malwarebytes you have already installed in your computer.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, ALLthe options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items ALL options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Then you meant that you ran FRST and not Microsoft Safety Scanner. Right?



I already told you my opinion. I would not keep them. But it's your computer, so your decision. At least, do not use the registry cleaning option, as I said before.

Let's continue:

1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Scan mode)
  • Open Malwarebytes you have already installed in your computer.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, ALLthe options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items ALL options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
Dr. M, thanks again for your replies and your expertise. I did run Microsoft's Safety Scanner as well as AdwCleaner and Malwarebytes Scanner. Please see the attachments for the reports. Thanks again.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Please run the tools I tell you from now on, please.

Can I see the Malwarebytes report too?

AdwCleaner (Clean mode)

The findings in Folders part of the log, is a PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list it to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I keep only the programs I need/use. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Please run the tools I tell you from now on, please.

Can I see the Malwarebytes report too?

AdwCleaner (Clean mode)

The findings in Folders part of the log, is a PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list it to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I keep only the programs I need/use. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
Please run the tools I tell you from now on, please.

Can I see the Malwarebytes report too?

AdwCleaner (Clean mode)

The findings in Folders part of the log, is a PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list it to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I keep only the programs I need/use. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
Dr. M, please see the attachments for the requested reports and thanks again for your help
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Oh, you already ran AdwCleaner in Clean mode. The instructions I gave you didn't ask you to clean, just to scan. That's why I would like you to follow the instructions.

So you deleted the pre-installed software already.

But I don't see anywhere Malwarebytes report. You have posted the MSERT results instead.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top