Solved I Think That My Computer Has a Virus

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr. M, please see the attachments for the requested reports and thanks again for your help

D
Oh, you already ran AdwCleaner in Clean mode. The instructions I gave you didn't ask you to clean, just to scan. That's why I would like you to follow the instructions.

So you deleted the pre-installed software already.

But I don't see anywhere Malwarebytes report. You have posted the MSERT results instead.
Dr. M, thanks again for your replies and for your help. I believe that I ran AdwCleaner in the Clean mode because I read "Clean" in the name of the program. Anyway, please see the attachment for the Report from Malwarebytes that I ran this evening. If this report is not what you are looking for. Please let me know.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Hi.

No, that's not the report I would like to see.

But anyway, do not attach it now, since it seems that the computer is clean.

Please follow very carefully the instructions below:

Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
Code:
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot or a photo).

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
    Please post the result you got (a screenshot or a photo).
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr. M, thanks again for your help. Please see the two
Hi.

No, that's not the report I would like to see.

But anyway, do not attach it now, since it seems that the computer is clean.

Please follow very carefully the instructions below:

Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
Code:
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot or a photo).

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
    Please post the result you got (a screenshot or a photo).
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr. M, thanks again for your help. Please see the two
Dr. M, thanks again for your help. Please see the two attachments for the results of the DSM scan and the SFC SCANNOW scan. Also, I wanted to let you know that the last two nights when I booted-up my computer, it was slow in booting-up and in accessing sites on the web. Thanks again.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Both screenshots are good.

I will ask you to perform a disk check now. But, meanwhile, I went back to your logs and noticed that you have Eset and McAfee remnants we have to take care of them later. These programs are not installed in the computer right now.

Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    Code:
     chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr. M, thanks
Both screenshots are good.

I will ask you to perform a disk check now. But, meanwhile, I went back to your logs and noticed that you have Eset and McAfee remnants we have to take care of them later. These programs are not installed in the computer right now.

Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    Code:
     chkdsk C: /r
    [/c
    [*]You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose[B] Yes, [/B]and then [B]restart[/B] the computer, allowing disk check to run at startup.
    [*]The process will take some time, depending on the disk condition.
    [*]Download [URL='https://www.dropbox.com/s/xfsr4yyg5yun3k1/ListChkdskResult.exe?dl=1']ListChkdskResult[/URL] by SleepyDude and save it on your Desktop.
    [*]Double click on the created icon.
    [*][B]A notepad file will open. Copy its content and paste it in your next reply.[/B]
    [/LIST]
    [/QUOTE]
    
    Dr. M, thanks again for your help.  Please see below for the results of chkdsk.  Also, I wanted to mention that Acronis seems to have attached itself to my computer also.  I used Acronis as my backup program but then switched to Macrium Reflect.  Now, whenever I am backing my computer, Macrium Reflect shows that Acronis there also.  I contacted Macrium, and the technician indicted that apparently Acronis created or somehow inserted itself into a partition???  Anyway, I wanted to mention this.
    __________________________________________________________________________________________________________________
    
    ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
    
    ------< Log generate on 11/18/2021 8:13:01 PM >------
    Category: 0
    Computer Name: DESKTOP-7RCNB9G
    Event Code: 1001
    Record Number: 93137
    Source Name: Microsoft-Windows-Wininit
    Time Written: 11-17-2021 @ 14:14:04
    Event Type: Information
    User: 
    Message: 
    
    Checking file system on C:
    The type of the file system is NTFS.
    
    A disk check has been scheduled.
    Windows will now check the disk.                         
    
    Stage 1: Examining basic file system structure ...
      738560 file records processed.                                                        
    
    
    File verification completed.
     Phase duration (File record verification): 9.71 seconds.
      22778 large file records processed.                                   
    
    
     Phase duration (Orphan file record recovery): 0.00 milliseconds.
      0 bad file records processed.                                     
    
    
     Phase duration (Bad file record checking): 1.45 milliseconds.
    
    Stage 2: Examining file name linkage ...
      13942 reparse records processed.                                      
    
    
      1010244 index entries processed.                                                       
    
    
    Index verification completed.
     Phase duration (Index verification): 23.66 seconds.
      0 unindexed files scanned.                                        
    
    
     Phase duration (Orphan reconnection): 9.72 seconds.
      0 unindexed files recovered to lost and found.                    
    
    
     Phase duration (Orphan recovery to lost and found): 1.91 seconds.
      13942 reparse records processed.                                      
    
    
     Phase duration (Reparse point and Object ID verification): 60.52 milliseconds.
    
    Stage 3: Examining security descriptors ...
    Cleaning up 5432 unused index entries from index $SII of file 0x9.
    Cleaning up 5432 unused index entries from index $SDH of file 0x9.
    Cleaning up 5432 unused security descriptors.
    Security descriptor verification completed.
     Phase duration (Security descriptor verification): 252.60 milliseconds.
      135843 data files processed.                                           
    
    
     Phase duration (Data attribute verification): 1.73 milliseconds.
    CHKDSK is verifying Usn Journal...
      39546152 USN bytes processed.                                                           
    
    
    Usn Journal verification completed.
     Phase duration (USN journal verification): 257.20 milliseconds.
    
    Stage 4: Looking for bad clusters in user file data ...
      738544 files processed.                                                               
    
    
    File data verification completed.
     Phase duration (User file recovery): 22.26 minutes.
    
    Stage 5: Looking for bad, free clusters ...
      151463513 free clusters processed.                                                       
    
    
    Free space verification is complete.
     Phase duration (Free space recovery): 0.00 milliseconds.
    
    Windows has scanned the file system and found no problems.
    No further action is required.
    
     976122938 KB total disk space.
     369059624 KB in 351364 files.
        324632 KB in 135844 indexes.
             0 KB in bad sectors.
        884626 KB in use by the system.
         65536 KB occupied by the log file.
     605854056 KB available on disk.
    
          4096 bytes in each allocation unit.
     244030734 total allocation units on disk.
     151463514 allocation units available on disk.
    Total duration: 23.02 minutes (1381590 ms).
    
    Internal Info:
    00 45 0b 00 33 6f 07 00 24 4b 0d 00 00 00 00 00  .E..3o..$K......
    7f 02 00 00 f7 33 00 00 00 00 00 00 00 00 00 00  .....3..........
    
    -----------------------------------------------------------------------
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Hi.

Something to ask you first, since it is too difficult for me to read your replies. Do not click on the Reply button when you reply. Just write your reply in the blank reply area and click on the Post reply button.

=============================

1. Feedback

How is the computer running? Still having problem opening programs? Is this happening while doing anything else? Please describe the issue as detailed as you can.

2. FRST logs


Since it's been a while, I would like to check some fresh FRST logs.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr. M, thanks again for your replies and for your help.

My computer seems to be somewhat slow when booting-up but then it seems to be running rather quickly.

Also, you mentioned in a previous reply that you spotted a couple of ruminants of previous programs still hanging-around in my computer and wanted to eradicate these remnants later. I hope that we can get ride of these remnants and also ruminants of Acronis.

Please see below for the results of the RRST scans that were completed this morning.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by User (administrator) on DESKTOP-7RCNB9G (Acer Aspire A315-21) (20-11-2021 11:10:13)
Running from C:\Users\User\Desktop\Tech Support Guy - Communication
Loaded Profiles: User
Platform: Microsoft Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366969.inf_amd64_08be8e6c39509940\B367342\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366969.inf_amd64_08be8e6c39509940\B367342\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Audible Inc) C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower A/S) C:\Windows\System32\DriverStore\FileRepository\icesoundapo64.inf_amd64_dad6800789450741\ICEsoundService64.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) pGFX -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Pro Softnet Corporation -> ) C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <5>
(Strong Technology, LLC -> Strong Technology, LLC) C:\Program Files\StrongVPN\StrongVPN.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>
(The OpenVPN Project) [File not signed] C:\Program Files\StrongVPN\OpenVPN\openvpn.exe
(Transparent Language) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\BYKI4Deluxe.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2020-03-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9298344 2021-11-06] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [670824 2020-12-08] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [896104 2020-12-08] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [77432 2021-11-04] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1984120 2021-11-04] (Pro Softnet Corporation -> Prosoftnet)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [TalkHelper] => C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe [5048832 2019-09-04] (TalkHelper Team) [File not signed]
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [148800 2021-11-06] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [114000240 2021-10-28] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [482816 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\WINDOWS\system32\CNMLMG3.DLL [1311232 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2020-10-09]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.) [File not signed]
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-10-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26F71C76-FA19-407A-96D8-B4046C345532} - System32\Tasks\StrongVPN => C:\Program Files\StrongVPN\StrongVPN.exe [4571232 2021-01-14] (Strong Technology, LLC -> Strong Technology, LLC)
Task: {2F6A50FD-577C-49A5-9540-C34FAE0609E3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [148800 2021-11-06] (Siber Systems -> Siber Systems)
Task: {447DB01E-83E5-4A94-A9AE-7088DBC9B6AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-06] (Google LLC -> Google LLC)
Task: {5925253A-E1C5-4216-8688-F73FE76BD174} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {71319F3B-C70D-40D5-80E3-E91B57759987} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-06] (Google LLC -> Google LLC)
Task: {719357CE-6075-44F2-9217-7F8EBE0E7D8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-05] (Apple Inc. -> Apple Inc.)
Task: {93792EE0-5957-4713-88BF-DB2AA95C937C} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "https://www.roboform.com/test-pass....NCJCMJNOMCMJNNMCMJNMMCMJNLMCMJNKMCMOMJNJMCMPM"
Task: {9D24F48D-9EB4-4C3D-A306-F82963120551} - System32\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001 => C:\Users\User\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {AA025FA9-DA9E-4ED2-9E27-2919ABDB33D1} - System32\Tasks\Run RoboForm Process => C:\Program Files\Google\Chrome\Application\chrome.exe https://chrome.google.com/webstore/detail/roboform/pnlccmojcmeohlpggmfnbbiapkmbliob
Task: {AE1D3906-1970-490F-9BEE-5874BD5AB28E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {C38B73CE-7FF9-4574-981E-18F7B38AF9FD} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [12176632 2021-10-23] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {D620C7B8-CA95-43F4-994D-4257F606C97F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF024C56-F31E-48F0-9C7C-26F3B4420865} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {EC4AF67B-FEB3-4E75-974B-EE8C28C6A853} - System32\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001 => C:\Users\User\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {EF263290-6D0A-4092-A3EC-F9D5CB8F66C7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4C3043C-F02C-40E5-8620-53968C86D85B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001.job => C:\Users\User\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001.job => C:\Users\User\AppData\Local\GoToMeeting\19932\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-13] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-13] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{1964c4a0-6f65-42f1-8089-c633a3b81d6a}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{31d522f3-c05d-4090-9b9d-8cdd3188c581}: [DhcpNameServer] 198.18.0.1 198.18.0.2
Tcpip\..\Interfaces\{597ec23c-d91c-4c2c-a184-d0ae46e78246}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{655546f9-ffec-4aae-b9ae-374d6898b8fd}: [DhcpNameServer] 168.126.63.1 168.126.63.2

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-20]
Edge HomePage: Default -> hxxps://www.npr.org/
Edge StartupUrls: Default -> "hxxp://npr.com/"
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-16]
Edge Extension: (RoboForm Password Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2021-10-29]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-11-20]
CHR Notifications: Default -> hxxps://web.skype.com
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-22]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-22]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-22]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-22]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-23]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-22]
CHR Extension: (RoboForm Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2021-11-07]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-05-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5117648 2021-07-13] (SurfRight B.V. -> SurfRight B.V.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [405112 2021-11-04] (Pro Softnet Corporation -> Prosoftnet)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [10507520 2021-11-06] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51224 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [371200 2021-01-15] (Microsoft Windows -> Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [29904 2021-02-12] (Acer Incorporated -> Acer Incorporated)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2021-02-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [112856 2020-05-19] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-08] (ASUSTek Computer Inc. -> ASUS)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [410640 2021-07-13] (Microsoft Windows Hardware Compatibility Publisher -> SurfRight B.V.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-11-25] (Martin Malik - REALiX -> REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 mrcbt; C:\WINDOWS\System32\drivers\mrcbt.sys [101032 2021-11-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
R0 mrigflt; C:\WINDOWS\System32\drivers\mrigflt.sys [73136 2021-11-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-06-23] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-27] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-22] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-12] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-18 20:11 - 2021-11-18 20:13 - 000007366 _____ C:\Users\User\Desktop\ListChkdskResult.txt
2021-11-17 23:51 - 2021-11-17 23:31 - 000197679 _____ C:\Users\User\Desktop\ListChkdskResult.exe
2021-11-17 23:31 - 2021-11-17 23:31 - 000197679 _____ C:\Users\User\Downloads\ListChkdskResult.exe
2021-11-17 23:14 - 2021-11-17 23:14 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-11-17 23:14 - 2021-11-17 23:14 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-11-17 23:14 - 2021-11-17 23:14 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-11-17 23:13 - 2021-11-17 23:13 - 000000112 ___SH C:\bootTel.dat
2021-11-15 22:52 - 2021-11-15 22:52 - 000000117 _____ C:\Users\User\Desktop\Vocabulary.com.url
2021-11-15 21:09 - 2021-11-15 21:09 - 000001379 _____ C:\Users\Public\Desktop\Skype.lnk
2021-11-15 21:09 - 2021-11-15 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-11-14 20:42 - 2021-11-14 20:42 - 008553680 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_8.3.0 (2).exe
2021-11-14 20:25 - 2021-11-14 20:26 - 008553680 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_8.3.0 (1).exe
2021-11-14 09:49 - 2021-11-14 09:50 - 000000114 _____ C:\Users\User\Desktop\Zoom (Personal).url
2021-11-13 14:50 - 2021-11-20 11:07 - 000000000 ____D C:\Users\User\Desktop\Tech Support Guy - Communication
2021-11-12 19:10 - 2021-11-12 19:21 - 000000000 ____D C:\AdwCleaner
2021-11-12 19:07 - 2021-11-12 19:09 - 008553680 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_8.3.0.exe
2021-11-11 19:47 - 2021-11-20 11:17 - 000000000 ____D C:\FRST
2021-11-10 19:37 - 2021-11-10 19:36 - 001447620 _____ C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg
2021-11-09 19:20 - 2021-11-09 19:20 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-11-09 19:19 - 2021-11-11 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-11-09 19:18 - 2021-11-11 19:04 - 000000000 ____D C:\Program Files\iTunes
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}
2021-11-07 19:42 - 2021-11-07 19:42 - 009163994 _____ C:\Users\User\Desktop\유하 - Lesson Four.pptx
2021-11-06 17:47 - 2021-10-14 00:26 - 000058112 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\MRVDP.sys
2021-11-06 12:43 - 2021-11-11 19:04 - 000000000 ____D C:\Program Files\Anki
2021-11-06 12:43 - 2021-11-06 12:43 - 000000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2021-11-06 12:43 - 2021-11-06 12:43 - 000000519 _____ C:\Users\Public\Desktop\Anki.lnk
2021-11-06 10:51 - 2021-11-06 11:18 - 000000000 ____D C:\IDriveLocal
2021-11-06 10:49 - 2021-11-13 18:51 - 000000000 ____D C:\ProgramData\IDrive
2021-11-06 10:49 - 2021-11-11 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2021-11-06 10:49 - 2021-11-11 19:04 - 000000000 ____D C:\Program Files (x86)\IDriveWindows
2021-11-06 10:49 - 2021-11-06 10:49 - 000001205 _____ C:\Users\Public\Desktop\IDrive.lnk
2021-11-06 10:49 - 2021-11-03 17:07 - 000533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2021-11-06 10:49 - 2021-11-03 17:07 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2021-11-06 09:37 - 2021-11-11 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2021-11-06 09:37 - 2021-11-06 09:37 - 000002023 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2021-11-06 09:06 - 2021-11-06 09:06 - 000000000 ___HD C:\$WinREAgent
2021-11-05 20:26 - 2021-11-05 20:26 - 000000000 ____D C:\WINDOWS\Panther
2021-11-04 12:48 - 2021-11-04 12:48 - 000032476 _____ C:\Users\User\Desktop\Nov Group Supervision Schedule.xlsx
2021-11-04 12:22 - 2021-11-04 12:22 - 000703063 _____ C:\Users\User\Desktop\Osan USO Picture.htm
2021-11-02 21:38 - 2021-11-02 21:38 - 000000000 ____D C:\Users\User\Desktop\Outlook Pin From Google
2021-11-02 19:51 - 2021-11-02 19:51 - 000000380 _____ C:\Users\User\Downloads\Backup-codes-referee007.txt
2021-11-02 19:03 - 2021-11-02 19:07 - 000000000 ____D C:\Users\TEMP
2021-11-01 22:36 - 2021-11-12 18:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-01 22:36 - 2021-11-12 18:36 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-10-30 12:24 - 2021-10-30 12:24 - 000000000 ____D C:\Users\User\AppData\Roaming\Wiseduplicatefinder
2021-10-30 11:43 - 2021-11-01 20:44 - 000000004 ___SH C:\WINDOWS\wisefs.dat
2021-10-30 11:05 - 2021-10-30 11:05 - 000047936 _____ (WiseCleaner.com) C:\WINDOWS\WiseRegNotify.sys
2021-10-24 22:22 - 2021-10-24 22:22 - 000000000 ____D C:\Users\User\AppData\Local\Anki
2021-10-24 22:21 - 2021-11-07 19:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Anki2

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-20 11:31 - 2020-10-06 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-20 11:30 - 2020-10-11 00:34 - 000000000 ____D C:\Users\User\Documents\Outlook Files
2021-11-20 11:20 - 2020-10-06 01:55 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-20 11:06 - 2020-10-06 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-20 11:02 - 2020-10-06 22:32 - 000000000 ____D C:\Users\User\AppData\Local\StrongVPN
2021-11-20 11:02 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-20 10:56 - 2021-10-02 11:49 - 000000000 ____D C:\Users\User\AppData\Roaming\Wise Disk Cleaner
2021-11-20 10:55 - 2020-10-06 22:51 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-11-20 10:55 - 2020-10-06 01:22 - 000000000 ____D C:\WINDOWS\INF
2021-11-20 10:38 - 2021-04-27 19:38 - 000000000 ____D C:\Users\User\AppData\LocalLow\IGDump
2021-11-20 10:16 - 2020-10-03 07:27 - 000000000 ___RD C:\Users\User\OneDrive
2021-11-20 10:14 - 2020-12-26 02:59 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{CE20A205-25EB-46E1-80F9-D7D13D4129F5}
2021-11-19 22:36 - 2020-10-11 22:51 - 000271360 _____ C:\Users\User\Documents\referee007@gmail.com - Carl's profile.pst
2021-11-19 21:40 - 2020-10-09 04:03 - 000000000 ____D C:\Program Files (x86)\Quicken
2021-11-18 21:19 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-18 21:16 - 2020-10-06 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-18 20:33 - 2020-10-06 01:56 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-18 19:38 - 2020-12-01 00:06 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6bc3ff8c0ff0b
2021-11-18 19:38 - 2020-10-09 22:20 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-17 23:13 - 2021-04-25 19:15 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2021-11-17 23:13 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-17 23:13 - 2020-10-06 00:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-17 23:13 - 2020-10-03 06:41 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-17 21:58 - 2020-10-28 21:51 - 000000000 ____D C:\ProgramData\HitmanPro
2021-11-17 21:58 - 2020-10-06 01:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-17 21:58 - 2017-07-05 03:10 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2021-11-16 22:26 - 2020-10-06 01:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-14 22:00 - 2021-10-02 11:49 - 000000000 ____D C:\Program Files (x86)\Wise
2021-11-14 21:34 - 2020-11-02 14:46 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-14 21:24 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\registration
2021-11-14 20:19 - 2020-10-09 22:22 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-13 21:12 - 2020-10-05 22:56 - 000000000 ____D C:\Users\User\Desktop\Misc
2021-11-13 13:37 - 2020-10-09 07:43 - 000000660 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001.job
2021-11-13 13:37 - 2020-10-09 07:43 - 000000564 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001.job
2021-11-13 08:51 - 2020-10-09 07:43 - 000003826 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001
2021-11-13 08:51 - 2020-10-09 07:43 - 000003730 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001
2021-11-13 08:51 - 2020-10-09 07:43 - 000000000 ____D C:\Users\User\AppData\Local\GoToMeeting
2021-11-12 19:22 - 2021-03-16 18:28 - 000000000 ____D C:\Program Files\EPSON
2021-11-12 19:22 - 2017-07-05 03:15 - 000000000 ____D C:\ProgramData\Dell
2021-11-12 19:21 - 2020-11-25 04:27 - 000000000 ____D C:\Users\User\AppData\Roaming\IObit
2021-11-12 19:21 - 2017-07-05 03:04 - 000000000 ____D C:\Program Files\Dell
2021-11-11 20:06 - 2020-10-06 01:05 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-11-11 19:04 - 2021-03-17 22:31 - 000000000 ___HD C:\ProgramData\CanonIJScan
2021-11-11 19:04 - 2020-12-23 12:16 - 000000000 ____D C:\Users\User\AppData\Local\RoboForm
2021-11-11 19:04 - 2020-10-05 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2021-11-11 19:04 - 2017-07-05 03:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-11-10 19:37 - 2020-10-05 22:45 - 000000000 ____D C:\Users\User\Documents\Scanned Documents
2021-11-10 19:33 - 2021-03-17 22:09 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-11-08 22:37 - 2020-10-10 10:24 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-11-06 09:37 - 2021-02-13 02:40 - 000101032 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrcbt.sys
2021-11-06 09:37 - 2021-02-13 02:40 - 000073136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrigflt.sys
2021-11-06 09:37 - 2021-02-13 02:40 - 000000000 ____D C:\Program Files\Macrium
2021-11-06 09:08 - 2020-12-23 12:19 - 000004498 _____ C:\WINDOWS\system32\Tasks\Open URL by RoboForm
2021-11-06 09:08 - 2020-12-23 12:19 - 000003798 _____ C:\WINDOWS\system32\Tasks\Run RoboForm TaskBar Icon
2021-11-05 22:06 - 2020-10-06 01:14 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1023104244-2545508458-507804784-1001
2021-11-05 22:06 - 2020-10-06 00:49 - 000002376 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-03 09:02 - 2020-10-06 02:13 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-11-02 19:05 - 2020-10-06 01:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-01 22:19 - 2020-10-07 09:47 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2021-11-01 22:19 - 2020-10-05 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-10-30 10:35 - 2021-10-02 11:49 - 000001289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner.lnk
2021-10-30 10:35 - 2021-10-02 11:49 - 000001277 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk

==================== Files in the root of some directories ========

2021-01-15 06:54 - 2021-01-15 06:54 - 000000339 _____ () C:\Users\User\AppData\Local\LMIR0E694001.tmp_r.bat
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ () C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by User (20-11-2021 11:32:07)
Running from C:\Users\User\Desktop\Tech Support Guy - Communication
Microsoft Windows 10 Home Version 21H1 19043.1165 (X64) (2020-10-05 16:05:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1023104244-2545508458-507804784-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1023104244-2545508458-507804784-503 - Limited - Disabled)
Guest (S-1-5-21-1023104244-2545508458-507804784-501 - Limited - Disabled)
User (S-1-5-21-1023104244-2545508458-507804784-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1023104244-2545508458-507804784-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: 2.1.49 - )
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Business Plan Pro 2004 (HKLM-x32\...\{C7BA228D-D0E9-44E5-B0B6-7AD4B0D6EBB0}) (Version: 7.16.0008 - Palo Alto Software)
Byki (HKLM-x32\...\{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}) (Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Deluxe (HKLM-x32\...\Byki Deluxe) (Version: - Transparent Language, Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 3.20.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
Epson WF-3720_4720_4730 Guide (HKLM-x32\...\UsersGuideEpson WF-3720_4720_4730 Guide_is1) (Version: 1.0 - Epson America, Inc.)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM\...\{566A834D-2DDD-3376-B265-20E45991EB23}) (Version: 96.0.4664.45 - Google LLC)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.18.0.19932 (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.14.907 - SurfRight B.V.)
IDrive version 6.7.4.8 (HKLM-x32\...\IDrive_is1) (Version: 6.7.4.8 - Pro Softnet Corp)
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
Macrium Reflect Home Edition (HKLM\...\{4DFF51B0-3FA5-4F24-819A-1839E3994BA1}) (Version: 8.0.6350 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 8.0 - Paramount Software (UK) Ltd.)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MyDataBase (HKLM-x32\...\{AB856C83-7CA0-4EB5-8D86-792B29EB4A10}) (Version: - )
MySoftware Fonts (HKLM-x32\...\{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}) (Version: - )
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20292 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10426 - Qualcomm)
Quicken 2004 (HKLM-x32\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8911.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.5.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.5.0 - VS Revo Group, Ltd.)
RoboForm 9-2-1-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 9-2-1-1 - Siber Systems)
Skype version 8.78 (HKLM-x32\...\Skype_is1) (Version: 8.78 - Skype Technologies S.A.)
StrongVPN (HKLM\...\{1F0FB659-502A-4BF3-AB40-D25BB14FE36C}) (Version: 2.6.2.0 - Strong Technology, LLC) Hidden
StrongVPN (HKLM-x32\...\{9d65bde1-0048-4fe8-bf48-02b946435252}) (Version: 2.6.2.0 - Strong Technology, LLC)
StrongVPN Client (HKLM-x32\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.6.5 - Strong Technology, LLC)
TalkHelper Call Recorder for Skype version 5.50 (HKLM-x32\...\{D290FF60-4288-4A56-9361-F215D78E84D3}_is1) (Version: 5.50 - TalkHelper Team)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wise Disk Cleaner 10.7.2 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.7.2 - WiseCleaner.com, Inc.)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Zoom (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\ZoomUMX) (Version: 5.6.4 (799) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.5.381.0_x64__ynb6jyjzte8ga [2021-11-14] (Adobe Inc.)
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2021-11-14] (Audible Inc)
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.29.0_x64__dxp88312j1fgj [2021-11-14] (ICEpower)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.2.261.0_x64__v10z8vjag6ke6 [2021-11-16] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-11-14] (INTEL CORP) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-14] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-14] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-11-14] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-16] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\User\AppData\Local\GoToMeeting\19598\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-11-03] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-11-03] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-11-03] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2021-07-13] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-11-03] () [File not signed]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2021-11-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-11-03] () [File not signed]
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2021-11-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-11-03] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.x264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-11-06 10:49 - 2021-11-03 17:07 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000278528 _____ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\AEEngine.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000303104 _____ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\KeyMapper.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000409600 _____ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\svg-cairo.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 002535424 _____ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\TLVideo.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 000168089 _____ () [File not signed] C:\Program Files\StrongVPN\OpenVPN\liblzo2-2.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 000106309 _____ () [File not signed] C:\Program Files\StrongVPN\OpenVPN\libpkcs11-helper-1.dll
2019-08-16 08:13 - 2019-08-16 08:13 - 000989184 _____ () [File not signed] C:\Program Files\StrongVPN\runtimes\win-x86\native\e_sqlite3.dll
2021-02-12 01:10 - 2021-02-12 01:10 - 040403968 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.dll
2021-02-12 01:10 - 2021-02-12 01:10 - 000052224 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleSystemFileWrapperRT.dll
2020-11-28 12:17 - 2020-11-28 12:17 - 001123840 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\e_sqlite3.dll
2009-08-20 05:37 - 2009-08-20 05:37 - 001585152 _____ (Envion) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\TLSound.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000614400 _____ (hxxp://cairographics.org) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\libcairo.dll
2021-07-21 22:19 - 2021-07-21 22:20 - 042803200 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.dll
2001-04-14 21:32 - 2001-04-14 21:32 - 000431376 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\riched20.dll
2004-08-04 13:56 - 2004-08-04 13:56 - 000406528 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\USP10.dll
2020-11-02 14:47 - 2020-11-02 14:47 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-11-02 14:47 - 2020-11-02 14:47 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-11-06 10:49 - 2021-11-03 17:07 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2021-11-06 10:49 - 2021-11-03 17:07 - 001663488 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\IDriveWindows\SQLite.Interop.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 003140848 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\StrongVPN\OpenVPN\libcrypto-1_1.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 000956349 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\StrongVPN\OpenVPN\libssl-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://npr.com/
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM-x32 -> DefaultScope {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-19 06:03 - 2017-03-19 06:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\burn the ships.jpg
DNS Servers: 198.18.0.1 - 198.18.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "IDrive Tray"
HKLM\...\StartupApproved\Run32: => "IDrive Background process"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "HDSoft"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "TalkHelper"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "EPSDNMON"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{18197EB2-B548-4FA5-B54E-8FB87C5F2C16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0B7DBA8-8C6B-4A37-B679-C910315054D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C1B37A72-E7DB-4166-A247-FBC5FB686E98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C7CE68E-60AF-4133-A00C-36579CF2BED9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C7EC2A50-ABE8-476B-84DC-14ED10CDFA9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9A4776B-1C09-43A1-BAA6-5EDF77EAD794}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{1AE07879-AB1D-41C8-B542-59689D6CB7D6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{65F3B639-EC8F-45FB-9E48-DD9445E1B8B2}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{17698B5E-6EFF-492F-8693-5FD65AD09B9F}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{E2CD141A-F244-42B2-9729-C8F939EA737E}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{ECDEE32B-DFE0-4DD4-A37F-971EDDA22B05}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C125D32C-5112-42EA-91B7-F20643C37397}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E8B7FDF-AD86-475E-9DFC-D46318A8A6C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{454175CF-7B74-4B39-B0DF-DE6A4886B1BD}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9072D7A7-7CF9-49AA-818C-3B47B817250A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8FA6AD45-64EC-44A8-84DE-66F0E3275DB2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{313BF587-9B3E-4D95-885D-C3C79C0C9CD3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2BDD8A23-CBE3-44DC-AA85-A87679B9E3F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{91E14767-4947-40ED-AB9E-2619610828C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{45A99FF9-3B8C-4BB1-AA1C-65FCA0F8F980}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10789008-2FF6-4B73-AB6B-54F1171E1718}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6B105560-D7F4-4385-ACBC-C2519488B175}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22E2B45B-AC9F-451D-9EA5-74A166C8CFFA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C29C95F-0D71-4A36-89A7-0646B9FEAB52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00BAB6CD-18B8-4619-ADAA-020F2B26DF68}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CCDFCA8B-1735-4613-BAD4-7703B6F22649}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A5FA2A5-7F86-49E0-9015-96ED98900553}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1CBFEEC-9310-47EF-981B-8D16A5DAAA62}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{88C7D57A-BD8E-40C1-A0A8-760B94DB8915}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D592ED52-2E7F-40F8-A3CE-CE34E0DB6E7A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CF10B797-DCC6-4CEA-AD47-4B778F3B640B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0780049A-1A07-4428-B493-E2F80F510899}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AD022A7B-B8FA-47D6-8D0A-A3D1934934F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68948A76-CCEC-4CFB-BDD5-EE80DFD9C9FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C058E468-C885-4B9E-8072-157EF47C58B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3D24A986-8350-4F87-B922-4C368F770648}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC366C2A-EA56-4A1D-97D2-48EAB241DF28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B0FF13EF-C01E-4593-A1DE-F65AE12F3CC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00FC6683-E28C-40D2-AF52-568B92C163B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7B7660F9-264B-4592-AFA1-FFBE91811AAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{38A02C3D-0A66-45FE-8E46-1DC753F6855D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7DEDFC24-BB9E-43D2-95D9-1D1A4317309F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

11-11-2021 20:04:13 Revo Uninstaller Pro's restore point - HitmanPro 3.8
11-11-2021 20:08:28 Revo Uninstaller Pro's restore point - OpenAL
12-11-2021 19:20:53 AdwCleaner_BeforeCleaning_12/11/2021_19:20:51
14-11-2021 21:16:15 Restore Operation

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/20/2021 11:27:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StrongVPN.exe version 2.6.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4168

Start Time: 01d7ddab83d206d0

Termination Time: 18272

Application Path: C:\Program Files\StrongVPN\StrongVPN.exe

Report Id: c6cb1f05-5c54-42ce-86ab-15b4ec072058

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 640, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\csrss.exe, PID: 6316, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 10436, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 10436, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 8784, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\SecurityHealthService.exe, PID: 8568, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 10436, ProfSvc PID: 1628.


System errors:
=============
Error: (11/18/2021 10:18:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {776DBC8D-7347-478C-8D71-791E12EF49D8} did not register with DCOM within the required timeout.

Error: (11/18/2021 09:17:06 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Qualcomm Atheros QCA9377 Wireless Network Adapter, {1964c4a0-6f65-42f1-8089-c633a3b81d6a}, had event 71

Error: (11/18/2021 09:17:06 PM) (Source: Qcamain10x64) (EventID: 5002) (User: )
Description: Qualcomm Atheros QCA9377 Wireless Network Adapter : Has determined that the network adapter is not functioning properly.

Error: (11/18/2021 09:07:37 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (11/18/2021 08:43:33 PM) (Source: mrcbt) (EventID: 2008) (User: NT AUTHORITY)
Description: Event-ID 2008

Error: (11/18/2021 08:43:31 PM) (Source: mrcbt) (EventID: 2008) (User: NT AUTHORITY)
Description: Event-ID 2008

Error: (11/17/2021 11:38:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {BE19F061-C08B-426E-811F-2A1CEB1E80AD} did not register with DCOM within the required timeout.

Error: (11/17/2021 11:14:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EpsonCustomerResearchParticipation service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===============
Date: 2021-11-20 11:40:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-11-20 11:39:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.22 04/30/2019
Motherboard: SR Squirtle_SR
Processor: AMD A9-9420e RADEON R5, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 53%
Total physical RAM: 11733.37 MB
Available physical RAM: 5505.64 MB
Total Virtual: 13525.37 MB
Available Virtual: 6727.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.9 GB) (Free:574.2 GB) NTFS

\\?\Volume{24caf064-650a-4a79-afc8-6449631a3336}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{a0f69297-3a9d-4b11-9a7c-f9a831e7a696}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Hi.

1. Use Eset and McAfee uninstallers

See here how to remove McAfee (Method 2): McAfee KB - How to remove McAfee products from a PC that runs Windows (TS101331)

See here how to remove Eset: [KB2289] Manually uninstall your ESET product using the ESET uninstaller tool


2. Change a setting in Malwarebytes
  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, ALL the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items ALL options are set to Always.
  • Close Malwarebytes.

3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]
2021-11-02 19:03 - 2021-11-02 19:07 - 000000000 ____D C:\Users\TEMP
2021-01-15 06:54 - 2021-01-15 06:54 - 000000339 _____ () C:\Users\User\AppData\Local\LMIR0E694001.tmp_r.bat
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ () C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

4. Manage start up items

This can reduce the start up time.

1. Right click anywhere on your task bar and choose Task Manager.
2. If you see a window with a More details button, choose More details. Otherwise move on to the step 3 directly.
3. Click on Start up tab and check the columns Status and Start-up impact. See if you don't need any of the enabled items to start with Windows. Especially check items with the indication High. Click on the items you don't need to start with Windows and select Disable.
4. Restart the computer and check if it is still slow at start-up.
5. Report your comments in your next reply.

In your next reply, please post:
  1. What happened when you used the antivirus uninstallers
  2. If Malwarebytes setting changed successfully
  3. The fixlog.txt
  4. If start-up time takes less after step 4
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr. M, thanks again for your help. Please see below for the results of the FRXT Fix scan.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by User (21-11-2021 11:38:39) Run:2
Running from C:\Users\User\Desktop\Tech Support Guy - Communication
Loaded Profiles: User
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]
2021-11-02 19:03 - 2021-11-02 19:07 - 000000000 ____D C:\Users\TEMP
2021-01-15 06:54 - 2021-01-15 06:54 - 000000339 _____ () C:\Users\User\AppData\Local\LMIR0E694001.tmp_r.bat
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ () C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Acronis Scheduler2 Service" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Acronis Scheduler2 Service" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AcronisTibMounterMonitor" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AcronisTibMounterMonitor" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\TrueImageMonitor.exe" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrueImageMonitor.exe" => not found
HKLM\System\CurrentControlSet\Services\EpsonCustomerResearchParticipation => removed successfully
EpsonCustomerResearchParticipation => service removed successfully
C:\Users\TEMP => moved successfully
C:\Users\User\AppData\Local\LMIR0E694001.tmp_r.bat => moved successfully
C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8} => moved successfully
"AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}" => removed successfully
"AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12733526 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1009520 B
Edge => 0 B
Chrome => 2266192 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8466 B
NetworkService => 11242 B
User => 197704606 B

RecycleBin => 20996335 B
EmptyTemp: => 225.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:40:32 ====

Also, I don't really have a anti-virus program per se on my computer. I was advised by a computer technician in a computer repair shop where I was previously living that if I use Malwarebytes I really don't need to have an anti-virus program on my computer, because Malwarebytes is also an excellent anti-virus program. (Please let me know what you think of this.)

The changes that you suggested for Malwarebytes seems to have taken effect with the exception of your suggestion of turning off Windows Security Center the option was checked, but when I turned it off, I got a warning dialogue pop-up indicating that both Windows Defender and Malwarebytes were both turned off. And so, I turned the Security Center on again. (What do you think?)

Most of the items under "Start-Up" in "Task Manager" were disabled and all of the enabled items were either "Not Measured" with one showing "Low" for "Startup Impact."

And, lastly, my computer seems to be faster at start-up, and if you could, please advise as to what I need to do if the system seems to be slowing down again.

Thanks again for your help.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Hi, referee007.

You didn't reply to my question about using Eset and McAfee uninstallers. Did they work?

Regarding your questions/concerns:

my computer seems to be faster at start-up, and if you could, please advise as to what I need to do if the system seems to be slowing down again.
Computers as we use them, saving new things, downloading new programs, browsing in the web etc., become slower. From time to time, we need to make a tidiness, delete old/unusable files, clean browser history, empty temporary files... If you can't do that by yourself, you can come here and ask us to do that for you. Have also in mind, that like people, computers get older. A ten years old computer doesn't run with the same way it ran ten years ago.

Most of the items under "Start-Up" in "Task Manager" were disabled and all of the enabled items were either "Not Measured" with one showing "Low" for "Startup Impact."
You can only leave enabled whatever has to do with your security.

Also, I don't really have a anti-virus program per se on my computer. I was advised by a computer technician in a computer repair shop where I was previously living that if I use Malwarebytes I really don't need to have an anti-virus program on my computer, because Malwarebytes is also an excellent anti-virus program. (Please let me know what you think of this.)
Actually you do have an antivirus: Windows Defender is the Windows 10 built-in antivirus and it is good enough to keep you safe. Together with Malwarebytes, they provide a good security, if, of course you follow the safe computing rules. Having them both work for you, Defender acts as an antivirus and Malwarebytes as an antimalware solution.

The changes that you suggested for Malwarebytes seems to have taken effect with the exception of your suggestion of turning off Windows Security Center the option was checked, but when I turned it off, I got a warning dialogue pop-up indicating that both Windows Defender and Malwarebytes were both turned off. And so, I turned the Security Center on again. (What do you think?)
Yes, I want you to make that change in Malwarebytes, otherwise Defender is disabled.

After that,

Check Windows Defender
  • Go to Settings (Windows icon on the keyboard + i)
  • Select Privacy & Security
  • From the left pane, Windows Security
  • Open Windows Security
  • Please take a screenshot of what you see at the Security at a glance screen (Microsoft's instructions of how to take screenshots using snipping tool are here)
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr.M, yes, I am still here. I went out-of-town for Thanksgiving, and the hotel in which I was staying seemed not to allow my computer to connect to the Internet via WiFi; (there was no ethernet cable option) or to allow my VPN to work. The hotel was on a U.S. military instillation, and the technician who came to my room to check-out my WiFi connection said that he has found that many times, WiFi won't work because of VPNs. I turned off my computer, restarted it and didn't allow the VPN to try to connect and I was able to access the Internet, but the VPN wouldn't open. I thought that something was shady about this and tried to turn-off my computer. The computer wouldn't turn off, and I just held the power button down until the computer shut-down. I didn't turn my computer back on until I returned to my home last night, and then the computer was very slow in opening, and for it to access the internet, and for programs to open. This morning I started my computer again and everything seems to be working well.

Dr.M, I checked and I believe that my computer has neither EST nor McAfee installed anywhere on the computer. Please see the attachment for a screen of my computer's Defender settings. And, thanks again for your help and I hope that you had a good Thanksgiving.
 

Attachments

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,453
Dr.M, I have two questions: Can you suggest a good computer back-up/restore program. I have used Acronis before and I recently purchased IDrive. I didn't like Acronis and I can't figure-out how to back-up my entire computer to the Cloud as well as an external hard-drive. Also, I would like to back my entire computer up so that in case something catastrophic to it, I can restore my computer in its entirety to another computer. Should it clone my computer or image it? Thanks again for your help.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,395
Hi.

I hope you had a nice Thanksgiving Day.

You posted the Firewalls screenshot. I want the Windows Security window, to check if everything is fine with Defender.

Dr.M, I checked and I believe that my computer has neither EST nor McAfee installed anywhere on the computer.
You don't. That's why we need to make Defender work properly.

Dr.M, I have two questions: Can you suggest a good computer back-up/restore program.
I used Macrium Free: Macrium Software | Reflect Free Edition

But then I decided to backup only my personal files. In case the computer breaks, I would want a fresh start regarding programs etc.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top