Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
21 - 40 of 55 Posts

· Registered
Joined
·
1,494 Posts
Discussion Starter · #21 ·
Dr. M, thanks
Both screenshots are good.

I will ask you to perform a disk check now. But, meanwhile, I went back to your logs and noticed that you have Eset and McAfee remnants we have to take care of them later. These programs are not installed in the computer right now.

Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    Code:
     chkdsk C: /r
    [/c
    [*]You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose[B] Yes, [/B]and then [B]restart[/B] the computer, allowing disk check to run at startup.
    [*]The process will take some time, depending on the disk condition.
    [*]Download [URL='https://www.dropbox.com/s/xfsr4yyg5yun3k1/ListChkdskResult.exe?dl=1']ListChkdskResult[/URL] by SleepyDude and save it on your Desktop.
    [*]Double click on the created icon.
    [*][B]A notepad file will open. Copy its content and paste it in your next reply.[/B]
    [/LIST]
    [/QUOTE]
    
    Dr. M, thanks again for your help.  Please see below for the results of chkdsk.  Also, I wanted to mention that Acronis seems to have attached itself to my computer also.  I used Acronis as my backup program but then switched to Macrium Reflect.  Now, whenever I am backing my computer, Macrium Reflect shows that Acronis there also.  I contacted Macrium, and the technician indicted that apparently Acronis created or somehow inserted itself into a partition???  Anyway, I wanted to mention this.
    __________________________________________________________________________________________________________________
    
    ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
    
    ------< Log generate on 11/18/2021 8:13:01 PM >------
    Category: 0
    Computer Name: DESKTOP-7RCNB9G
    Event Code: 1001
    Record Number: 93137
    Source Name: Microsoft-Windows-Wininit
    Time Written: 11-17-2021 @ 14:14:04
    Event Type: Information
    User: 
    Message:
    
    Checking file system on C:
    The type of the file system is NTFS.
    
    A disk check has been scheduled.
    Windows will now check the disk.
    
    Stage 1: Examining basic file system structure ...
      738560 file records processed.
    
    File verification completed.
     Phase duration (File record verification): 9.71 seconds.
      22778 large file records processed.
    
     Phase duration (Orphan file record recovery): 0.00 milliseconds.
      0 bad file records processed.
    
     Phase duration (Bad file record checking): 1.45 milliseconds.
    
    Stage 2: Examining file name linkage ...
      13942 reparse records processed.
    
      1010244 index entries processed.
    
    Index verification completed.
     Phase duration (Index verification): 23.66 seconds.
      0 unindexed files scanned.
    
     Phase duration (Orphan reconnection): 9.72 seconds.
      0 unindexed files recovered to lost and found.
    
     Phase duration (Orphan recovery to lost and found): 1.91 seconds.
      13942 reparse records processed.
    
     Phase duration (Reparse point and Object ID verification): 60.52 milliseconds.
    
    Stage 3: Examining security descriptors ...
    Cleaning up 5432 unused index entries from index $SII of file 0x9.
    Cleaning up 5432 unused index entries from index $SDH of file 0x9.
    Cleaning up 5432 unused security descriptors.
    Security descriptor verification completed.
     Phase duration (Security descriptor verification): 252.60 milliseconds.
      135843 data files processed.
    
     Phase duration (Data attribute verification): 1.73 milliseconds.
    CHKDSK is verifying Usn Journal...
      39546152 USN bytes processed.
    
    Usn Journal verification completed.
     Phase duration (USN journal verification): 257.20 milliseconds.
    
    Stage 4: Looking for bad clusters in user file data ...
      738544 files processed.
    
    File data verification completed.
     Phase duration (User file recovery): 22.26 minutes.
    
    Stage 5: Looking for bad, free clusters ...
      151463513 free clusters processed.
    
    Free space verification is complete.
     Phase duration (Free space recovery): 0.00 milliseconds.
    
    Windows has scanned the file system and found no problems.
    No further action is required.
    
     976122938 KB total disk space.
     369059624 KB in 351364 files.
        324632 KB in 135844 indexes.
             0 KB in bad sectors.
        884626 KB in use by the system.
         65536 KB occupied by the log file.
     605854056 KB available on disk.
    
          4096 bytes in each allocation unit.
     244030734 total allocation units on disk.
     151463514 allocation units available on disk.
    Total duration: 23.02 minutes (1381590 ms).
    
    Internal Info:
    00 45 0b 00 33 6f 07 00 24 4b 0d 00 00 00 00 00  .E..3o..$K......
    7f 02 00 00 f7 33 00 00 00 00 00 00 00 00 00 00  .....3..........
    
    -----------------------------------------------------------------------
 

· Trusted Advisor & Malware Specialist
Joined
·
4,092 Posts
Hi.

Something to ask you first, since it is too difficult for me to read your replies. Do not click on the Reply button when you reply. Just write your reply in the blank reply area and click on the Post reply button.

=============================

1. Feedback

How is the computer running? Still having problem opening programs? Is this happening while doing anything else? Please describe the issue as detailed as you can.

2. FRST logs


Since it's been a while, I would like to check some fresh FRST logs.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.
 

· Registered
Joined
·
1,494 Posts
Discussion Starter · #23 ·
Dr. M, thanks again for your replies and for your help.

My computer seems to be somewhat slow when booting-up but then it seems to be running rather quickly.

Also, you mentioned in a previous reply that you spotted a couple of ruminants of previous programs still hanging-around in my computer and wanted to eradicate these remnants later. I hope that we can get ride of these remnants and also ruminants of Acronis.

Please see below for the results of the RRST scans that were completed this morning.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by User (administrator) on DESKTOP-7RCNB9G (Acer Aspire A315-21) (20-11-2021 11:10:13)
Running from C:\Users\User\Desktop\Tech Support Guy - Communication
Loaded Profiles: User
Platform: Microsoft Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366969.inf_amd64_08be8e6c39509940\B367342\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366969.inf_amd64_08be8e6c39509940\B367342\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Audible Inc) C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower A/S) C:\Windows\System32\DriverStore\FileRepository\icesoundapo64.inf_amd64_dad6800789450741\ICEsoundService64.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) pGFX -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Pro Softnet Corporation -> ) C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <5>
(Strong Technology, LLC -> Strong Technology, LLC) C:\Program Files\StrongVPN\StrongVPN.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>
(The OpenVPN Project) [File not signed] C:\Program Files\StrongVPN\OpenVPN\openvpn.exe
(Transparent Language) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\BYKI4Deluxe.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2020-03-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9298344 2021-11-06] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [670824 2020-12-08] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [896104 2020-12-08] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [77432 2021-11-04] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1984120 2021-11-04] (Pro Softnet Corporation -> Prosoftnet)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [TalkHelper] => C:\Program Files (x86)\TalkHelper Call Recorder for Skype\TalkHelper.exe [5048832 2019-09-04] (TalkHelper Team) [File not signed]
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [148800 2021-11-06] (Siber Systems -> Siber Systems)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [114000240 2021-10-28] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [482816 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\WINDOWS\system32\CNMLMG3.DLL [1311232 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2020-10-09]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.) [File not signed]
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-10-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26F71C76-FA19-407A-96D8-B4046C345532} - System32\Tasks\StrongVPN => C:\Program Files\StrongVPN\StrongVPN.exe [4571232 2021-01-14] (Strong Technology, LLC -> Strong Technology, LLC)
Task: {2F6A50FD-577C-49A5-9540-C34FAE0609E3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [148800 2021-11-06] (Siber Systems -> Siber Systems)
Task: {447DB01E-83E5-4A94-A9AE-7088DBC9B6AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-06] (Google LLC -> Google LLC)
Task: {5925253A-E1C5-4216-8688-F73FE76BD174} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {71319F3B-C70D-40D5-80E3-E91B57759987} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-06] (Google LLC -> Google LLC)
Task: {719357CE-6075-44F2-9217-7F8EBE0E7D8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-05] (Apple Inc. -> Apple Inc.)
Task: {93792EE0-5957-4713-88BF-DB2AA95C937C} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "https://www.roboform.com/test-pass....NCJCMJNOMCMJNNMCMJNMMCMJNLMCMJNKMCMOMJNJMCMPM"
Task: {9D24F48D-9EB4-4C3D-A306-F82963120551} - System32\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001 => C:\Users\User\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {AA025FA9-DA9E-4ED2-9E27-2919ABDB33D1} - System32\Tasks\Run RoboForm Process => C:\Program Files\Google\Chrome\Application\chrome.exe https://chrome.google.com/webstore/detail/roboform/pnlccmojcmeohlpggmfnbbiapkmbliob
Task: {AE1D3906-1970-490F-9BEE-5874BD5AB28E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {C38B73CE-7FF9-4574-981E-18F7B38AF9FD} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [12176632 2021-10-23] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {D620C7B8-CA95-43F4-994D-4257F606C97F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF024C56-F31E-48F0-9C7C-26F3B4420865} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {EC4AF67B-FEB3-4E75-974B-EE8C28C6A853} - System32\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001 => C:\Users\User\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {EF263290-6D0A-4092-A3EC-F9D5CB8F66C7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4C3043C-F02C-40E5-8620-53968C86D85B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001.job => C:\Users\User\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001.job => C:\Users\User\AppData\Local\GoToMeeting\19932\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-13] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-13] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{1964c4a0-6f65-42f1-8089-c633a3b81d6a}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{31d522f3-c05d-4090-9b9d-8cdd3188c581}: [DhcpNameServer] 198.18.0.1 198.18.0.2
Tcpip\..\Interfaces\{597ec23c-d91c-4c2c-a184-d0ae46e78246}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{655546f9-ffec-4aae-b9ae-374d6898b8fd}: [DhcpNameServer] 168.126.63.1 168.126.63.2

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-20]
Edge HomePage: Default -> hxxps://www.npr.org/
Edge StartupUrls: Default -> "hxxp://npr.com/"
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-16]
Edge Extension: (RoboForm Password Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2021-10-29]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-11-20]
CHR Notifications: Default -> hxxps://web.skype.com
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-22]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-22]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-22]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-22]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-23]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-22]
CHR Extension: (RoboForm Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2021-11-07]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-05-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5117648 2021-07-13] (SurfRight B.V. -> SurfRight B.V.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [405112 2021-11-04] (Pro Softnet Corporation -> Prosoftnet)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [10507520 2021-11-06] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51224 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [371200 2021-01-15] (Microsoft Windows -> Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [29904 2021-02-12] (Acer Incorporated -> Acer Incorporated)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2021-02-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [112856 2020-05-19] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-08] (ASUSTek Computer Inc. -> ASUS)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [410640 2021-07-13] (Microsoft Windows Hardware Compatibility Publisher -> SurfRight B.V.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-11-25] (Martin Malik - REALiX -> REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 mrcbt; C:\WINDOWS\System32\drivers\mrcbt.sys [101032 2021-11-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
R0 mrigflt; C:\WINDOWS\System32\drivers\mrigflt.sys [73136 2021-11-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-06-23] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-27] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-22] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-12] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-18 20:11 - 2021-11-18 20:13 - 000007366 _____ C:\Users\User\Desktop\ListChkdskResult.txt
2021-11-17 23:51 - 2021-11-17 23:31 - 000197679 _____ C:\Users\User\Desktop\ListChkdskResult.exe
2021-11-17 23:31 - 2021-11-17 23:31 - 000197679 _____ C:\Users\User\Downloads\ListChkdskResult.exe
2021-11-17 23:14 - 2021-11-17 23:14 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-11-17 23:14 - 2021-11-17 23:14 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-11-17 23:14 - 2021-11-17 23:14 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-11-17 23:13 - 2021-11-17 23:13 - 000000112 ___SH C:\bootTel.dat
2021-11-15 22:52 - 2021-11-15 22:52 - 000000117 _____ C:\Users\User\Desktop\Vocabulary.com.url
2021-11-15 21:09 - 2021-11-15 21:09 - 000001379 _____ C:\Users\Public\Desktop\Skype.lnk
2021-11-15 21:09 - 2021-11-15 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-11-14 20:42 - 2021-11-14 20:42 - 008553680 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_8.3.0 (2).exe
2021-11-14 20:25 - 2021-11-14 20:26 - 008553680 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_8.3.0 (1).exe
2021-11-14 09:49 - 2021-11-14 09:50 - 000000114 _____ C:\Users\User\Desktop\Zoom (Personal).url
2021-11-13 14:50 - 2021-11-20 11:07 - 000000000 ____D C:\Users\User\Desktop\Tech Support Guy - Communication
2021-11-12 19:10 - 2021-11-12 19:21 - 000000000 ____D C:\AdwCleaner
2021-11-12 19:07 - 2021-11-12 19:09 - 008553680 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_8.3.0.exe
2021-11-11 19:47 - 2021-11-20 11:17 - 000000000 ____D C:\FRST
2021-11-10 19:37 - 2021-11-10 19:36 - 001447620 _____ C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg
2021-11-09 19:20 - 2021-11-09 19:20 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-11-09 19:19 - 2021-11-11 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-11-09 19:18 - 2021-11-11 19:04 - 000000000 ____D C:\Program Files\iTunes
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}
2021-11-07 19:42 - 2021-11-07 19:42 - 009163994 _____ C:\Users\User\Desktop\유하 - Lesson Four.pptx
2021-11-06 17:47 - 2021-10-14 00:26 - 000058112 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\MRVDP.sys
2021-11-06 12:43 - 2021-11-11 19:04 - 000000000 ____D C:\Program Files\Anki
2021-11-06 12:43 - 2021-11-06 12:43 - 000000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2021-11-06 12:43 - 2021-11-06 12:43 - 000000519 _____ C:\Users\Public\Desktop\Anki.lnk
2021-11-06 10:51 - 2021-11-06 11:18 - 000000000 ____D C:\IDriveLocal
2021-11-06 10:49 - 2021-11-13 18:51 - 000000000 ____D C:\ProgramData\IDrive
2021-11-06 10:49 - 2021-11-11 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2021-11-06 10:49 - 2021-11-11 19:04 - 000000000 ____D C:\Program Files (x86)\IDriveWindows
2021-11-06 10:49 - 2021-11-06 10:49 - 000001205 _____ C:\Users\Public\Desktop\IDrive.lnk
2021-11-06 10:49 - 2021-11-03 17:07 - 000533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2021-11-06 10:49 - 2021-11-03 17:07 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2021-11-06 09:37 - 2021-11-11 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2021-11-06 09:37 - 2021-11-06 09:37 - 000002023 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2021-11-06 09:06 - 2021-11-06 09:06 - 000000000 ___HD C:\$WinREAgent
2021-11-05 20:26 - 2021-11-05 20:26 - 000000000 ____D C:\WINDOWS\Panther
2021-11-04 12:48 - 2021-11-04 12:48 - 000032476 _____ C:\Users\User\Desktop\Nov Group Supervision Schedule.xlsx
2021-11-04 12:22 - 2021-11-04 12:22 - 000703063 _____ C:\Users\User\Desktop\Osan USO Picture.htm
2021-11-02 21:38 - 2021-11-02 21:38 - 000000000 ____D C:\Users\User\Desktop\Outlook Pin From Google
2021-11-02 19:51 - 2021-11-02 19:51 - 000000380 _____ C:\Users\User\Downloads\Backup-codes-referee007.txt
2021-11-02 19:03 - 2021-11-02 19:07 - 000000000 ____D C:\Users\TEMP
2021-11-01 22:36 - 2021-11-12 18:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-01 22:36 - 2021-11-12 18:36 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-10-30 12:24 - 2021-10-30 12:24 - 000000000 ____D C:\Users\User\AppData\Roaming\Wiseduplicatefinder
2021-10-30 11:43 - 2021-11-01 20:44 - 000000004 ___SH C:\WINDOWS\wisefs.dat
2021-10-30 11:05 - 2021-10-30 11:05 - 000047936 _____ (WiseCleaner.com) C:\WINDOWS\WiseRegNotify.sys
2021-10-24 22:22 - 2021-10-24 22:22 - 000000000 ____D C:\Users\User\AppData\Local\Anki
2021-10-24 22:21 - 2021-11-07 19:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Anki2

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-20 11:31 - 2020-10-06 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-20 11:30 - 2020-10-11 00:34 - 000000000 ____D C:\Users\User\Documents\Outlook Files
2021-11-20 11:20 - 2020-10-06 01:55 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-20 11:06 - 2020-10-06 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-20 11:02 - 2020-10-06 22:32 - 000000000 ____D C:\Users\User\AppData\Local\StrongVPN
2021-11-20 11:02 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-20 10:56 - 2021-10-02 11:49 - 000000000 ____D C:\Users\User\AppData\Roaming\Wise Disk Cleaner
2021-11-20 10:55 - 2020-10-06 22:51 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-11-20 10:55 - 2020-10-06 01:22 - 000000000 ____D C:\WINDOWS\INF
2021-11-20 10:38 - 2021-04-27 19:38 - 000000000 ____D C:\Users\User\AppData\LocalLow\IGDump
2021-11-20 10:16 - 2020-10-03 07:27 - 000000000 ___RD C:\Users\User\OneDrive
2021-11-20 10:14 - 2020-12-26 02:59 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{CE20A205-25EB-46E1-80F9-D7D13D4129F5}
2021-11-19 22:36 - 2020-10-11 22:51 - 000271360 _____ C:\Users\User\Documents\[email protected] - Carl's profile.pst
2021-11-19 21:40 - 2020-10-09 04:03 - 000000000 ____D C:\Program Files (x86)\Quicken
2021-11-18 21:19 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-18 21:16 - 2020-10-06 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-18 20:33 - 2020-10-06 01:56 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-18 19:38 - 2020-12-01 00:06 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6bc3ff8c0ff0b
2021-11-18 19:38 - 2020-10-09 22:20 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-17 23:13 - 2021-04-25 19:15 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2021-11-17 23:13 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-17 23:13 - 2020-10-06 00:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-17 23:13 - 2020-10-03 06:41 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-17 21:58 - 2020-10-28 21:51 - 000000000 ____D C:\ProgramData\HitmanPro
2021-11-17 21:58 - 2020-10-06 01:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-17 21:58 - 2017-07-05 03:10 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2021-11-16 22:26 - 2020-10-06 01:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-14 22:00 - 2021-10-02 11:49 - 000000000 ____D C:\Program Files (x86)\Wise
2021-11-14 21:34 - 2020-11-02 14:46 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-14 21:24 - 2020-10-06 01:24 - 000000000 ____D C:\WINDOWS\registration
2021-11-14 20:19 - 2020-10-09 22:22 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-13 21:12 - 2020-10-05 22:56 - 000000000 ____D C:\Users\User\Desktop\Misc
2021-11-13 13:37 - 2020-10-09 07:43 - 000000660 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001.job
2021-11-13 13:37 - 2020-10-09 07:43 - 000000564 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001.job
2021-11-13 08:51 - 2020-10-09 07:43 - 000003826 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-1023104244-2545508458-507804784-1001
2021-11-13 08:51 - 2020-10-09 07:43 - 000003730 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-1023104244-2545508458-507804784-1001
2021-11-13 08:51 - 2020-10-09 07:43 - 000000000 ____D C:\Users\User\AppData\Local\GoToMeeting
2021-11-12 19:22 - 2021-03-16 18:28 - 000000000 ____D C:\Program Files\EPSON
2021-11-12 19:22 - 2017-07-05 03:15 - 000000000 ____D C:\ProgramData\Dell
2021-11-12 19:21 - 2020-11-25 04:27 - 000000000 ____D C:\Users\User\AppData\Roaming\IObit
2021-11-12 19:21 - 2017-07-05 03:04 - 000000000 ____D C:\Program Files\Dell
2021-11-11 20:06 - 2020-10-06 01:05 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-11-11 19:04 - 2021-03-17 22:31 - 000000000 ___HD C:\ProgramData\CanonIJScan
2021-11-11 19:04 - 2020-12-23 12:16 - 000000000 ____D C:\Users\User\AppData\Local\RoboForm
2021-11-11 19:04 - 2020-10-05 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2021-11-11 19:04 - 2017-07-05 03:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-11-10 19:37 - 2020-10-05 22:45 - 000000000 ____D C:\Users\User\Documents\Scanned Documents
2021-11-10 19:33 - 2021-03-17 22:09 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-11-08 22:37 - 2020-10-10 10:24 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-11-06 09:37 - 2021-02-13 02:40 - 000101032 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrcbt.sys
2021-11-06 09:37 - 2021-02-13 02:40 - 000073136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrigflt.sys
2021-11-06 09:37 - 2021-02-13 02:40 - 000000000 ____D C:\Program Files\Macrium
2021-11-06 09:08 - 2020-12-23 12:19 - 000004498 _____ C:\WINDOWS\system32\Tasks\Open URL by RoboForm
2021-11-06 09:08 - 2020-12-23 12:19 - 000003798 _____ C:\WINDOWS\system32\Tasks\Run RoboForm TaskBar Icon
2021-11-05 22:06 - 2020-10-06 01:14 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1023104244-2545508458-507804784-1001
2021-11-05 22:06 - 2020-10-06 00:49 - 000002376 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-03 09:02 - 2020-10-06 02:13 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-11-02 19:05 - 2020-10-06 01:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-01 22:19 - 2020-10-07 09:47 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2021-11-01 22:19 - 2020-10-05 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-10-30 10:35 - 2021-10-02 11:49 - 000001289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner.lnk
2021-10-30 10:35 - 2021-10-02 11:49 - 000001277 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk

==================== Files in the root of some directories ========

2021-01-15 06:54 - 2021-01-15 06:54 - 000000339 _____ () C:\Users\User\AppData\Local\LMIR0E694001.tmp_r.bat
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ () C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by User (20-11-2021 11:32:07)
Running from C:\Users\User\Desktop\Tech Support Guy - Communication
Microsoft Windows 10 Home Version 21H1 19043.1165 (X64) (2020-10-05 16:05:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1023104244-2545508458-507804784-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1023104244-2545508458-507804784-503 - Limited - Disabled)
Guest (S-1-5-21-1023104244-2545508458-507804784-501 - Limited - Disabled)
User (S-1-5-21-1023104244-2545508458-507804784-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1023104244-2545508458-507804784-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: 2.1.49 - )
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Business Plan Pro 2004 (HKLM-x32\...\{C7BA228D-D0E9-44E5-B0B6-7AD4B0D6EBB0}) (Version: 7.16.0008 - Palo Alto Software)
Byki (HKLM-x32\...\{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}) (Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Deluxe (HKLM-x32\...\Byki Deluxe) (Version: - Transparent Language, Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 3.20.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
Epson WF-3720_4720_4730 Guide (HKLM-x32\...\UsersGuideEpson WF-3720_4720_4730 Guide_is1) (Version: 1.0 - Epson America, Inc.)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM\...\{566A834D-2DDD-3376-B265-20E45991EB23}) (Version: 96.0.4664.45 - Google LLC)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.18.0.19932 (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.14.907 - SurfRight B.V.)
IDrive version 6.7.4.8 (HKLM-x32\...\IDrive_is1) (Version: 6.7.4.8 - Pro Softnet Corp)
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
Macrium Reflect Home Edition (HKLM\...\{4DFF51B0-3FA5-4F24-819A-1839E3994BA1}) (Version: 8.0.6350 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 8.0 - Paramount Software (UK) Ltd.)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MyDataBase (HKLM-x32\...\{AB856C83-7CA0-4EB5-8D86-792B29EB4A10}) (Version: - )
MySoftware Fonts (HKLM-x32\...\{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}) (Version: - )
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20292 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10426 - Qualcomm)
Quicken 2004 (HKLM-x32\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8911.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.5.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.5.0 - VS Revo Group, Ltd.)
RoboForm 9-2-1-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 9-2-1-1 - Siber Systems)
Skype version 8.78 (HKLM-x32\...\Skype_is1) (Version: 8.78 - Skype Technologies S.A.)
StrongVPN (HKLM\...\{1F0FB659-502A-4BF3-AB40-D25BB14FE36C}) (Version: 2.6.2.0 - Strong Technology, LLC) Hidden
StrongVPN (HKLM-x32\...\{9d65bde1-0048-4fe8-bf48-02b946435252}) (Version: 2.6.2.0 - Strong Technology, LLC)
StrongVPN Client (HKLM-x32\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.6.5 - Strong Technology, LLC)
TalkHelper Call Recorder for Skype version 5.50 (HKLM-x32\...\{D290FF60-4288-4A56-9361-F215D78E84D3}_is1) (Version: 5.50 - TalkHelper Team)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wise Disk Cleaner 10.7.2 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.7.2 - WiseCleaner.com, Inc.)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Zoom (HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\ZoomUMX) (Version: 5.6.4 (799) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.5.381.0_x64__ynb6jyjzte8ga [2021-11-14] (Adobe Inc.)
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2021-11-14] (Audible Inc)
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.29.0_x64__dxp88312j1fgj [2021-11-14] (ICEpower)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.2.261.0_x64__v10z8vjag6ke6 [2021-11-16] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-11-14] (INTEL CORP) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-14] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-14] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-11-14] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-16] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-1023104244-2545508458-507804784-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\User\AppData\Local\GoToMeeting\19598\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-11-03] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-11-03] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-11-03] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2021-07-13] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-11-03] () [File not signed]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2021-11-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-11-03] () [File not signed]
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2021-11-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-11-03] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.x264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-11-06 10:49 - 2021-11-03 17:07 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000278528 _____ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\AEEngine.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000303104 _____ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\KeyMapper.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000409600 _____ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\svg-cairo.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 002535424 _____ () [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\TLVideo.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 000168089 _____ () [File not signed] C:\Program Files\StrongVPN\OpenVPN\liblzo2-2.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 000106309 _____ () [File not signed] C:\Program Files\StrongVPN\OpenVPN\libpkcs11-helper-1.dll
2019-08-16 08:13 - 2019-08-16 08:13 - 000989184 _____ () [File not signed] C:\Program Files\StrongVPN\runtimes\win-x86\native\e_sqlite3.dll
2021-02-12 01:10 - 2021-02-12 01:10 - 040403968 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.dll
2021-02-12 01:10 - 2021-02-12 01:10 - 000052224 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleSystemFileWrapperRT.dll
2020-11-28 12:17 - 2020-11-28 12:17 - 001123840 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\e_sqlite3.dll
2009-08-20 05:37 - 2009-08-20 05:37 - 001585152 _____ (Envion) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\TLSound.dll
2009-05-21 10:00 - 2009-05-21 10:00 - 000614400 _____ (hxxp://cairographics.org) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\libcairo.dll
2021-07-21 22:19 - 2021-07-21 22:20 - 042803200 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.dll
2001-04-14 21:32 - 2001-04-14 21:32 - 000431376 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\riched20.dll
2004-08-04 13:56 - 2004-08-04 13:56 - 000406528 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Transparent\Byki 4\Deluxe\USP10.dll
2020-11-02 14:47 - 2020-11-02 14:47 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-11-02 14:47 - 2020-11-02 14:47 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-11-06 10:49 - 2021-11-03 17:07 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2021-11-06 10:49 - 2021-11-03 17:07 - 001663488 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\IDriveWindows\SQLite.Interop.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 003140848 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\StrongVPN\OpenVPN\libcrypto-1_1.dll
2021-01-14 19:40 - 2021-01-14 19:40 - 000956349 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\StrongVPN\OpenVPN\libssl-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://npr.com/
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM-x32 -> DefaultScope {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {CE0A30BD-C6F2-4758-9F20-2CDB3FFAF1BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
SearchScopes: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1023104244-2545508458-507804784-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-11-06] (Siber Systems -> Siber Systems Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-19 06:03 - 2017-03-19 06:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1023104244-2545508458-507804784-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\burn the ships.jpg
DNS Servers: 198.18.0.1 - 198.18.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "IDrive Tray"
HKLM\...\StartupApproved\Run32: => "IDrive Background process"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "HDSoft"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "TalkHelper"
HKU\S-1-5-21-1023104244-2545508458-507804784-1001\...\StartupApproved\Run: => "EPSDNMON"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{18197EB2-B548-4FA5-B54E-8FB87C5F2C16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0B7DBA8-8C6B-4A37-B679-C910315054D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C1B37A72-E7DB-4166-A247-FBC5FB686E98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C7CE68E-60AF-4133-A00C-36579CF2BED9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C7EC2A50-ABE8-476B-84DC-14ED10CDFA9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9A4776B-1C09-43A1-BAA6-5EDF77EAD794}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{1AE07879-AB1D-41C8-B542-59689D6CB7D6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{65F3B639-EC8F-45FB-9E48-DD9445E1B8B2}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{17698B5E-6EFF-492F-8693-5FD65AD09B9F}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{E2CD141A-F244-42B2-9729-C8F939EA737E}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{ECDEE32B-DFE0-4DD4-A37F-971EDDA22B05}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C125D32C-5112-42EA-91B7-F20643C37397}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E8B7FDF-AD86-475E-9DFC-D46318A8A6C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{454175CF-7B74-4B39-B0DF-DE6A4886B1BD}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9072D7A7-7CF9-49AA-818C-3B47B817250A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8FA6AD45-64EC-44A8-84DE-66F0E3275DB2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{313BF587-9B3E-4D95-885D-C3C79C0C9CD3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2BDD8A23-CBE3-44DC-AA85-A87679B9E3F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{91E14767-4947-40ED-AB9E-2619610828C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{45A99FF9-3B8C-4BB1-AA1C-65FCA0F8F980}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10789008-2FF6-4B73-AB6B-54F1171E1718}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6B105560-D7F4-4385-ACBC-C2519488B175}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22E2B45B-AC9F-451D-9EA5-74A166C8CFFA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C29C95F-0D71-4A36-89A7-0646B9FEAB52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00BAB6CD-18B8-4619-ADAA-020F2B26DF68}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CCDFCA8B-1735-4613-BAD4-7703B6F22649}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A5FA2A5-7F86-49E0-9015-96ED98900553}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1CBFEEC-9310-47EF-981B-8D16A5DAAA62}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{88C7D57A-BD8E-40C1-A0A8-760B94DB8915}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D592ED52-2E7F-40F8-A3CE-CE34E0DB6E7A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CF10B797-DCC6-4CEA-AD47-4B778F3B640B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0780049A-1A07-4428-B493-E2F80F510899}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AD022A7B-B8FA-47D6-8D0A-A3D1934934F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68948A76-CCEC-4CFB-BDD5-EE80DFD9C9FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C058E468-C885-4B9E-8072-157EF47C58B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3D24A986-8350-4F87-B922-4C368F770648}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC366C2A-EA56-4A1D-97D2-48EAB241DF28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B0FF13EF-C01E-4593-A1DE-F65AE12F3CC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00FC6683-E28C-40D2-AF52-568B92C163B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7B7660F9-264B-4592-AFA1-FFBE91811AAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{38A02C3D-0A66-45FE-8E46-1DC753F6855D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7DEDFC24-BB9E-43D2-95D9-1D1A4317309F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

11-11-2021 20:04:13 Revo Uninstaller Pro's restore point - HitmanPro 3.8
11-11-2021 20:08:28 Revo Uninstaller Pro's restore point - OpenAL
12-11-2021 19:20:53 AdwCleaner_BeforeCleaning_12/11/2021_19:20:51
14-11-2021 21:16:15 Restore Operation

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (11/20/2021 11:27:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StrongVPN.exe version 2.6.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4168

Start Time: 01d7ddab83d206d0

Termination Time: 18272

Application Path: C:\Program Files\StrongVPN\StrongVPN.exe

Report Id: c6cb1f05-5c54-42ce-86ab-15b4ec072058

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 640, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\csrss.exe, PID: 6316, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 10436, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 10436, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 8784, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\SecurityHealthService.exe, PID: 8568, ProfSvc PID: 1628.

Error: (11/20/2021 10:10:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 10436, ProfSvc PID: 1628.

System errors:
=============
Error: (11/18/2021 10:18:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {776DBC8D-7347-478C-8D71-791E12EF49D8} did not register with DCOM within the required timeout.

Error: (11/18/2021 09:17:06 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Qualcomm Atheros QCA9377 Wireless Network Adapter, {1964c4a0-6f65-42f1-8089-c633a3b81d6a}, had event 71

Error: (11/18/2021 09:17:06 PM) (Source: Qcamain10x64) (EventID: 5002) (User: )
Description: Qualcomm Atheros QCA9377 Wireless Network Adapter : Has determined that the network adapter is not functioning properly.

Error: (11/18/2021 09:07:37 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (11/18/2021 08:43:33 PM) (Source: mrcbt) (EventID: 2008) (User: NT AUTHORITY)
Description: Event-ID 2008

Error: (11/18/2021 08:43:31 PM) (Source: mrcbt) (EventID: 2008) (User: NT AUTHORITY)
Description: Event-ID 2008

Error: (11/17/2021 11:38:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7RCNB9G)
Description: The server {BE19F061-C08B-426E-811F-2A1CEB1E80AD} did not register with DCOM within the required timeout.

Error: (11/17/2021 11:14:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EpsonCustomerResearchParticipation service failed to start due to the following error:
The system cannot find the file specified.

CodeIntegrity:
===============
Date: 2021-11-20 11:40:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-11-20 11:39:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.22 04/30/2019
Motherboard: SR Squirtle_SR
Processor: AMD A9-9420e RADEON R5, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 53%
Total physical RAM: 11733.37 MB
Available physical RAM: 5505.64 MB
Total Virtual: 13525.37 MB
Available Virtual: 6727.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.9 GB) (Free:574.2 GB) NTFS

\\?\Volume{24caf064-650a-4a79-afc8-6449631a3336}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{a0f69297-3a9d-4b11-9a7c-f9a831e7a696}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

· Trusted Advisor & Malware Specialist
Joined
·
4,092 Posts
Hi.

1. Use Eset and McAfee uninstallers

See here how to remove McAfee (Method 2): McAfee KB - How to remove McAfee products from a PC that runs Windows (TS101331)

See here how to remove Eset: [KB2289] Manually uninstall your ESET product using the ESET uninstaller tool

2. Change a setting in Malwarebytes
  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, ALL the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items ALL options are set to Always.
  • Close Malwarebytes.

3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]
2021-11-02 19:03 - 2021-11-02 19:07 - 000000000 ____D C:\Users\TEMP
2021-01-15 06:54 - 2021-01-15 06:54 - 000000339 _____ () C:\Users\User\AppData\Local\LMIR0E694001.tmp_r.bat
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ () C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

4. Manage start up items

This can reduce the start up time.

1. Right click anywhere on your task bar and choose Task Manager.
2. If you see a window with a More details button, choose More details. Otherwise move on to the step 3 directly.
3. Click on Start up tab and check the columns Status and Start-up impact. See if you don't need any of the enabled items to start with Windows. Especially check items with the indication High. Click on the items you don't need to start with Windows and select Disable.
4. Restart the computer and check if it is still slow at start-up.
5. Report your comments in your next reply.

In your next reply, please post:
  1. What happened when you used the antivirus uninstallers
  2. If Malwarebytes setting changed successfully
  3. The fixlog.txt
  4. If start-up time takes less after step 4
 

· Registered
Joined
·
1,494 Posts
Discussion Starter · #25 ·
Dr. M, thanks again for your help. Please see below for the results of the FRXT Fix scan.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by User (21-11-2021 11:38:39) Run:2
Running from C:\Users\User\Desktop\Tech Support Guy - Communication
Loaded Profiles: User
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]
2021-11-02 19:03 - 2021-11-02 19:07 - 000000000 ____D C:\Users\TEMP
2021-01-15 06:54 - 2021-01-15 06:54 - 000000339 _____ () C:\Users\User\AppData\Local\LMIR0E694001.tmp_r.bat
2021-11-08 21:42 - 2021-11-08 21:42 - 000000000 _____ () C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\User\Desktop\MFLC Directory - Cp. Humphreys - October 1, 2021.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Acronis Scheduler2 Service" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Acronis Scheduler2 Service" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AcronisTibMounterMonitor" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AcronisTibMounterMonitor" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\TrueImageMonitor.exe" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrueImageMonitor.exe" => not found
HKLM\System\CurrentControlSet\Services\EpsonCustomerResearchParticipation => removed successfully
EpsonCustomerResearchParticipation => service removed successfully
C:\Users\TEMP => moved successfully
C:\Users\User\AppData\Local\LMIR0E694001.tmp_r.bat => moved successfully
C:\Users\User\AppData\Local\{62F2F1B8-69CE-4372-9A99-04A7086D8ED8} => moved successfully
"AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}" => removed successfully
"AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12733526 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1009520 B
Edge => 0 B
Chrome => 2266192 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8466 B
NetworkService => 11242 B
User => 197704606 B

RecycleBin => 20996335 B
EmptyTemp: => 225.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:40:32 ====

Also, I don't really have a anti-virus program per se on my computer. I was advised by a computer technician in a computer repair shop where I was previously living that if I use Malwarebytes I really don't need to have an anti-virus program on my computer, because Malwarebytes is also an excellent anti-virus program. (Please let me know what you think of this.)

The changes that you suggested for Malwarebytes seems to have taken effect with the exception of your suggestion of turning off Windows Security Center the option was checked, but when I turned it off, I got a warning dialogue pop-up indicating that both Windows Defender and Malwarebytes were both turned off. And so, I turned the Security Center on again. (What do you think?)

Most of the items under "Start-Up" in "Task Manager" were disabled and all of the enabled items were either "Not Measured" with one showing "Low" for "Startup Impact."

And, lastly, my computer seems to be faster at start-up, and if you could, please advise as to what I need to do if the system seems to be slowing down again.

Thanks again for your help.
 

· Trusted Advisor & Malware Specialist
Joined
·
4,092 Posts
Hi, referee007.

You didn't reply to my question about using Eset and McAfee uninstallers. Did they work?

Regarding your questions/concerns:

my computer seems to be faster at start-up, and if you could, please advise as to what I need to do if the system seems to be slowing down again.
Computers as we use them, saving new things, downloading new programs, browsing in the web etc., become slower. From time to time, we need to make a tidiness, delete old/unusable files, clean browser history, empty temporary files... If you can't do that by yourself, you can come here and ask us to do that for you. Have also in mind, that like people, computers get older. A ten years old computer doesn't run with the same way it ran ten years ago.

Most of the items under "Start-Up" in "Task Manager" were disabled and all of the enabled items were either "Not Measured" with one showing "Low" for "Startup Impact."
You can only leave enabled whatever has to do with your security.

Also, I don't really have a anti-virus program per se on my computer. I was advised by a computer technician in a computer repair shop where I was previously living that if I use Malwarebytes I really don't need to have an anti-virus program on my computer, because Malwarebytes is also an excellent anti-virus program. (Please let me know what you think of this.)
Actually you do have an antivirus: Windows Defender is the Windows 10 built-in antivirus and it is good enough to keep you safe. Together with Malwarebytes, they provide a good security, if, of course you follow the safe computing rules. Having them both work for you, Defender acts as an antivirus and Malwarebytes as an antimalware solution.

The changes that you suggested for Malwarebytes seems to have taken effect with the exception of your suggestion of turning off Windows Security Center the option was checked, but when I turned it off, I got a warning dialogue pop-up indicating that both Windows Defender and Malwarebytes were both turned off. And so, I turned the Security Center on again. (What do you think?)
Yes, I want you to make that change in Malwarebytes, otherwise Defender is disabled.

After that,

Check Windows Defender
  • Go to Settings (Windows icon on the keyboard + i)
  • Select Privacy & Security
  • From the left pane, Windows Security
  • Open Windows Security
  • Please take a screenshot of what you see at the Security at a glance screen (Microsoft's instructions of how to take screenshots using snipping tool are here)
 

· Registered
Joined
·
1,494 Posts
Discussion Starter · #28 ·
Dr.M, yes, I am still here. I went out-of-town for Thanksgiving, and the hotel in which I was staying seemed not to allow my computer to connect to the Internet via WiFi; (there was no ethernet cable option) or to allow my VPN to work. The hotel was on a U.S. military instillation, and the technician who came to my room to check-out my WiFi connection said that he has found that many times, WiFi won't work because of VPNs. I turned off my computer, restarted it and didn't allow the VPN to try to connect and I was able to access the Internet, but the VPN wouldn't open. I thought that something was shady about this and tried to turn-off my computer. The computer wouldn't turn off, and I just held the power button down until the computer shut-down. I didn't turn my computer back on until I returned to my home last night, and then the computer was very slow in opening, and for it to access the internet, and for programs to open. This morning I started my computer again and everything seems to be working well.

Dr.M, I checked and I believe that my computer has neither EST nor McAfee installed anywhere on the computer. Please see the attachment for a screen of my computer's Defender settings. And, thanks again for your help and I hope that you had a good Thanksgiving.
 

Attachments

· Registered
Joined
·
1,494 Posts
Discussion Starter · #29 ·
Dr.M, I have two questions: Can you suggest a good computer back-up/restore program. I have used Acronis before and I recently purchased IDrive. I didn't like Acronis and I can't figure-out how to back-up my entire computer to the Cloud as well as an external hard-drive. Also, I would like to back my entire computer up so that in case something catastrophic to it, I can restore my computer in its entirety to another computer. Should it clone my computer or image it? Thanks again for your help.
 

· Trusted Advisor & Malware Specialist
Joined
·
4,092 Posts
Hi.

I hope you had a nice Thanksgiving Day.

You posted the Firewalls screenshot. I want the Windows Security window, to check if everything is fine with Defender.

Dr.M, I checked and I believe that my computer has neither EST nor McAfee installed anywhere on the computer.
You don't. That's why we need to make Defender work properly.

Dr.M, I have two questions: Can you suggest a good computer back-up/restore program.
I used Macrium Free: Macrium Software | Reflect Free Edition

But then I decided to backup only my personal files. In case the computer breaks, I would want a fresh start regarding programs etc.
 

· Registered
Joined
·
1,494 Posts
Discussion Starter · #31 ·
Dr.M, please see the two attachments to see if one of these is what you requested regarding Windows Defender. I also have Macrium Reflect as a back-up program on my computer. Do you know if I can back-my computer to the Cloud musing Macrium Reflect? Also, I recently read that SSD drives can also fail but not due to mechanical failure. This is why I would like to have a fairly current back-up of my computer in case the drive in my computer fails. Thanks again for your help and please let me know if I need to send anything else to assist you in helping me get my computer in top-notch shape.
 

Attachments

· Trusted Advisor & Malware Specialist
Joined
·
4,092 Posts
Defender looks good.

But please change the Malwarebytes option as I asked you before.
  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code:
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
Your computer is clean. Is there any other issue? If not, let me know to give you instructions for removing the tools we used and creating a restore point.

===================================

Do you know if I can back-my computer to the Cloud musing Macrium Reflect?
I'm not sure. Here you can see some useful tutorials about Macrium and its usage.
 

· Registered
Joined
·
1,494 Posts
Discussion Starter · #33 ·
Dr.M, thanks again for your reply. Something has happened to my computer. I followed your advice above. I unchecked the "Windows Security Center" in Malwarebytes, but then a pop-up appeared indicating that I didn't have any virus protection and asked me if I wanted to start Windows Defender, to click on the pop-up. I clicked on the pop-up and tried to start Windows Defender, but it wouldn't start. I then restarted "Windows Security Center" in Malwarebytes because I didn't want to be without virus protection. I don't know if that caused the troubles, but then my VPN would not start, I received a lot of "not responding" when I tried to open programs, I could not open my browser (Edge), etc. What do you think happened?
 

· Trusted Advisor & Malware Specialist
Joined
·
4,092 Posts
Please change the Malwarebytes setting as I told you repeatedly. If there is a problem with Defender, we can't solve it if you don't follow my instructions. Also please, if it's possible, be here more often, especially if you are concerned about your security. Doing something simple I ask you every 2 days, means that this issue will take forever.

I clicked on the pop-up and tried to start Windows Defender, but it wouldn't start.
What exactly is happening? Any error you get? Can you attach a screenshot?
 

· Registered
Joined
·
1,494 Posts
Discussion Starter · #35 ·
Dr.M, thanks again for your help. Please see the attachments. Windows Defender was working tonight and it is turned on; Malwarebytes Windows Security Center is turned-off. I sincerely appreciate your help and I try to reply as soon as possible but I am working some long hours, and it may take me a day or two to reply with the information that you requested. And, yes, I am very concerned with my computer's security knowing that there are people who would like to hack my computer for whatever purposes that they might have. Thanks again for your help.
 

Attachments

· Registered
Joined
·
1,494 Posts
Discussion Starter · #36 ·
Dr.M, today I was cleaning the Temp files in my computer and under %temp%, there were two files that would not delete. These two files required the Administrator's permission to delete and after giving the permission, they still would not delete. I Googled one of the file names and discovered something that I would like you to take a look at. (Please see the attachment for a screenshot of what I discovered when I Googled one of the file names.) Could this be malware? Thanks. And, did you have a chance to look at my previous post with the information that you requested?
 

Attachments

· Trusted Advisor & Malware Specialist
Joined
·
4,092 Posts
Hi, referee007.

Apologies for the late reply.

Windows Defender was working tonight and it is turned on; Malwarebytes Windows Security Center is turned-off.
You posted again the Firewall setting instead of the Windows Security screenshot. Can I see the Windows Security screenshot, please, so to confirm that everything works fine?

Dr.M, today I was cleaning the Temp files in my computer and under %temp%, there were two files that would not delete.
How did you try to clean the Temp files? Did you use the Wise Cleaner or the Disk Cleanup utility?

These files are being used by any software on the computer as temporary files for the software to work properly when launched or being used. It is sometimes created invincibly on the computer and is usually removed or deleted once the program is closed.

In any case, there is nothing to worry about them.
 

· Registered
Joined
·
1,494 Posts
Discussion Starter · #38 ·
Dr.M, thanks again for your help. Please see the attachments for screenshots of the Windows Security page and the Firewall & Network Protection Page. I deleted the temp files by holding-down the Windows logo key and they typing "temp," "%temp%" and "prefetch" and then deleting all of the entries in these three (3) areas. Since you indicated that some software needs the temp files to work properly, I don't be deleting these files in the future. Also, I still use the Wise Disc Cleaner but I deleted the Wise Cleaner 365 because I believe that it messes around with the Registry and I don't want anything messing around with the Registry. Thanks again for your help, and if you need anything further, please let me know.
 

Attachments

· Trusted Advisor & Malware Specialist
Joined
·
4,092 Posts
No need to do the above to clean your disk from temporary files or any other file. Disk cleanup can do the job for you. Just to have in mind in the future:

Disc cleanup
  • Press the Windows icon on your keyboard, together with the letter R.
  • Type in the blank area cleanmgr and then press OK.
  • Select Drive C and press OK.
  • Select everything you don't need in the list that will appear. Actually, you can select everything there, but be careful if you need some files in the Downloads folder.
  • Press the button Clean up system files and wait a bit.
  • Again, select everything you don't need, including old Windows installations, if any.
  • Select the tab More options.
  • Under the title System Restore and Shadow Copies, press Clean up.
  • Press Delete and OK if you are asked to.
  • Wait some time (depending of the items that are deleted).
  • Make a restart when the process is finished.

As for using Wise cleaner or any cleaner, yes, we do not recommend in any way their use in cleaning the registry.

Since the computer is now clean, and Windows Defender works fine, let's finish the job.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
 

· Registered
Joined
·
1,494 Posts
Discussion Starter · #40 ·
Dr.M, thanks again for your much appreciated assistance for letting me know about "cleanmgr." And, I do not intend to tamper with the Registry in any shape or form. Please see below for the results of running KpRm.
__________________________________________________________________________________________________________________

# Run at 12/5/2021 8:48:50 PM
# KpRm (Kernel-panik) version 2.9.2
# Website https://kernel-panik.me/tool/kprm/
# Run by User from C:\Users\User\Desktop
# Computer Name: DESKTOP-7RCNB9G
# OS: Windows 10 X64 (19043)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\User\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2021-12-05-20-48-49

- Delete Tools -

## AdwCleaner
[OK] C:\Users\User\Downloads\adwcleaner_8.3.0 (1).exe deleted
[OK] C:\Users\User\Downloads\adwcleaner_8.3.0 (2).exe deleted
[OK] C:\Users\User\Downloads\adwcleaner_8.3.0.exe deleted
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\Addition.txt deleted
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\Fixlog.txt deleted
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\FRST-OlderVersion deleted
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\FRST.txt deleted
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\FRST64 (1).exe deleted
[OK] C:\FRST deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Scheduled Checkpoint created at 11/25/2021 13:51:02 deleted
~ [OK] RP named Restore Operation created at 12/01/2021 12:22:09 deleted
~ [OK] RP named Revo Uninstaller Pro's restore point - x264vfw - H.264/MPEG-4 AVC codec (remove only) created at 12/04/2021 02:05:48 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 12/05/2021 11:50:01

-- KPRM finished in 153.70s --

Dr.M, thanks again for your help. It is greatly appreciated. And, if you can make any further suggestions, they will be greated appreciated also.
 
21 - 40 of 55 Posts
Status
Not open for further replies.
Top