Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Laptop Super Slow [Closed]

Started by BJ2011 , Nov 06 2021 01:27 PM
Freezing screen

  • This topic is locked This topic is locked
30 replies to this topic

#1 BJ2011

BJ2011

    Authentic Member

  • Authentic Member
  • PipPip
  • 151 posts

Posted 06 November 2021 - 01:27 PM

Hi,

 

This is the only access to a laptop that I have. I need it for my teaching program that I started a few months ago so that I can get my ABS Licensure. Please help me figure out why my HP 15 Notebook PC is freezing/slow loading. It has s a 64-bit OS,x64 based process/Windows 8.1/

 

Thank you


Edited by BJ2011, 11 November 2021 - 02:56 AM.

    Advertisements

Register to Remove

#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 13 November 2021 - 05:14 PM

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 BJ2011

BJ2011

    Authentic Member

  • Authentic Member
  • PipPip
  • 151 posts

Posted 13 November 2021 - 11:03 PM

Here is the Addition report.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by Annette (13-11-2021 22:52:21)
Running from C:\Users\Annette\Desktop
Windows 8.1 (Update) (X64) (2014-11-19 21:48:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1409944621-189731363-133459071-500 - Administrator - Disabled)
Annette (S-1-5-21-1409944621-189731363-133459071-1005 - Administrator - Enabled) => C:\Users\Annette
Guest (S-1-5-21-1409944621-189731363-133459071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1409944621-189731363-133459071-1004 - Limited - Enabled)
Jacquelyn (S-1-5-21-1409944621-189731363-133459071-1002 - Administrator - Enabled) => C:\Users\Jacquelyn
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (HKLM-x32\...\WTA-f594756d-cea3-422d-a8fc-ced5205c861a) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-67a03dfc-1d66-47d3-bc08-9a960e05c1bc) (Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{89D9FBD5-7D44-509B-D17D-71FF2B2E7BDD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-d289ec68-1f25-4f2b-ba18-86a20a21bc62) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-8c1524c4-154e-48c1-9d0e-de089ad24105) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-73552c2f-075c-4734-8305-d61cc64f6bff) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-51d1343d-3d81-4ede-9006-04b2be370e43) (Version: 2.2.0.98 - WildTangent) Hidden
CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-7a3200ac-a8c8-4a24-8f9d-1322c5984d44) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-41e95925-8de8-4966-8b6f-39104fca2c0d) (Version: 2.2.0.98 - WildTangent) Hidden
Crescendo Music Notation Editor (HKLM-x32\...\Crescendo) (Version: 1.86 - NCH Software)
Curse at Twilight (HKLM-x32\...\WTA-bb4b4313-02fb-4516-b909-11928a5a3ef3) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-410ced0d-8414-4126-a7e5-3a4c77c6d5e8) (Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Farkle 3.0.13.10 (HKLM-x32\...\Farkle_is1) (Version:  - )
Farm Frenzy (HKLM-x32\...\WTA-46580f9e-769c-43d3-9dea-256e9e1d09df) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-0d9b177b-6105-4263-8018-fbf6cbf55172) (Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 10.17.0.19796 (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\GoToMeeting) (Version: 10.17.0.19796 - LogMeIn, Inc.)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-68d441b2-c8f5-499f-96e1-6c93f7dab728) (Version: 2.2.0.110 - WildTangent) Hidden
Grammarly (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\GrammarlyForWindows) (Version: 1.5.29 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{32A50269-D356-4E0E-8726-2D4CE92E5308}) (Version: 6.6.116 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\{57565765-d384-47b2-bf69-37839b58e08e}) (Version: 6.6.116 - Grammarly)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 8.0.1.300 - )
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-7f58df73-a448-48ba-b304-fc490ae02a7f) (Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{2C0CCB21-5ED3-4417-93D2-CC6BEEB3C7CF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{57058272-92B0-4EFA-8FDD-ED3E5D689D37}) (Version: 1.4.32 - HP Inc.)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.54 - Softex Inc.) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-85145c7b-75a2-48d4-89bb-4168d89f47a0) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-537118ba-a615-4d10-8bd5-6a461f5e5fa4) (Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
King Oddball (HKLM-x32\...\WTA-23746366-401a-4c3e-8074-4cd5e7772844) (Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-c636fc44-f491-4f3b-9e82-fed402533998) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-f60926f8-4f6a-4a38-9df5-e2927ec1f7fc) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14527.20234 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\Teams) (Version: 1.3.00.13565 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monopoly® (HKLM-x32\...\WTA-a2f0ba12-04c0-4194-af8a-79ed3a597c9d) (Version: 3.0.2.51 - WildTangent) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-2b23e2e0-e38c-4d60-8e17-7ee68c32006b) (Version: 2.2.0.98 - WildTangent) Hidden
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.26 - NCH Software)
Norton Online Backup (HKLM-x32\...\{1969BD50-331D-4B7A-8116-29A7DC6D45B4}) (Version: 2.8.0.44 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-e36ab41b-84de-4891-b4ac-4c42415d828a) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-9b6dc59b-5d81-4c6f-8733-82ae9078a7f8) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.4.0.1 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-1624dfaa-74eb-4a04-b0d1-2816bc270b19) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-bb0a5787-6371-4fdd-ac8a-5702d596c923) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.41 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-24b516d7-0fa5-49af-b5f8-2b3dd95cd50d) (Version: 2.2.0.98 - WildTangent) Hidden
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.3.324435 - Linden Research, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-61166e11-25af-458a-bdb6-58e3bdab6835) (Version: 2.2.0.110 - WildTangent) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.3.0.13565 - Microsoft Corporation)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB4475564) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{14E2D22A-5164-4E35-8239-E2DB5D6B9A09}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{14E2D22A-5164-4E35-8239-E2DB5D6B9A09}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{14E2D22A-5164-4E35-8239-E2DB5D6B9A09}) (Version:  - Microsoft)
Vacation Quest™ - Australia (HKLM-x32\...\WTA-05973e5c-9595-40e3-910a-ba1b6178d68c) (Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.00 - NCH Software)
WhatsApp (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\WhatsApp) (Version: 0.2.1455 - WhatsApp)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-9173cba2-bfe3-462a-8bbc-6e837f324d64) (Version: 3.0.2.32 - WildTangent) Hidden
Zoom (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
Zulu DJ Software (HKLM-x32\...\Zulu) (Version: 3.70 - NCH Software)
Zuma's Revenge (HKLM-x32\...\WTA-11f72db7-03ee-4570-8cc1-e63492ed09eb) (Version: 2.2.0.98 - WildTangent) Hidden
 
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2017-03-23] (WildTangent Games)
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2017-03-23] (Box, Inc.)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2017-03-23] (Hewlett-Packard Company)
HP All-in-One Printer Remote -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_55.1.43.0_x86__v10z8vjag6ke6 [2017-08-23] (Hewlett-Packard Company)
HP Connected Drive -> C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_4.4.32.190_x64__v10z8vjag6ke6 [2017-03-23] (HP Inc.)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2017-03-23] (Hewlett-Packard Company)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2017-03-23] (AMZN Mobile LLC)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2018-10-29] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2017-03-23] (Skype) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_5.5.0.8_x86__v10z8vjag6ke6 [2017-03-23] (HP Inc.)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2017-07-13] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-04-10] (Microsoft Corporation)
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2017-03-23] (CYBERLINKCOM CORP)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Annette\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Annette\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.116\07470D8E98\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\Annette\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.116\07470D8E98\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Annette\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-12-05] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-12-05] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Annette\Desktop\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Annette - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2015-03-19 13:48 - 2014-11-04 16:10 - 000180224 _____ () [File not signed] [File is in use] C:\Program Files (x86)\CenturyLink\Desktop\ICSharpCode.SharpZipLib.dll
2014-06-05 21:40 - 2014-06-05 21:40 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-26 12:28 - 2013-09-26 12:28 - 002540544 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 12:32 - 2013-09-26 12:32 - 000627200 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 12:25 - 2013-09-26 12:25 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 12:25 - 2013-09-26 12:25 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 12:25 - 2013-09-26 12:25 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-06-05 21:31 - 2014-06-05 21:31 - 000898048 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2014-06-05 21:31 - 2014-06-05 21:31 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2015-03-19 13:48 - 2014-11-04 16:11 - 000124416 _____ (CenturyLink Inc) [File not signed] [File is in use] C:\Program Files (x86)\CenturyLink\Desktop\CenturyLink.Desktop.Shared.dll
2013-09-26 12:38 - 2013-09-26 12:38 - 000764416 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2013-09-26 12:27 - 2013-09-26 12:27 - 000690176 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2013-09-26 12:28 - 2013-09-26 12:28 - 001097216 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-11-18 22:08 - 2010-11-18 22:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-09-09 20:32 - 2014-09-09 20:32 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2014-09-09 20:32 - 2014-09-09 20:32 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2015-03-19 13:48 - 2014-11-04 16:12 - 000200704 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\CenturyLink\Desktop\Qwest.Facilitator.Desktop.Agent.dll
2014-11-28 19:57 - 2013-04-01 23:19 - 000574464 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Windows\system32\Rtlihvs.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 001298832 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 000306064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 000599952 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 000208272 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ldapdrv.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 002050960 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1409944621-189731363-133459071-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKU\S-1-5-21-1409944621-189731363-133459071-1005 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\sharepoint.com -> hxxps://liveedurdale-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2019-08-11 16:38 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Hewlett-Packard\SimplePass\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1409944621-189731363-133459071-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg
HKU\S-1-5-21-1409944621-189731363-133459071-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Annette\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8D444952-FDB7-4FA5-901C-2462C1A37F99}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF3331A2-97B7-4313-AC3F-01DBA6B2C4FE}] => (Allow) LPort=2869
FirewallRules: [{150FBC6F-7AB5-4063-A0FB-EAC794994B93}] => (Allow) LPort=1900
FirewallRules: [{E39BD188-517F-4E06-97D0-5C42D5838F7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1948981-D69A-4ED2-8B17-9EFB0572B092}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1402E48A-D816-4233-BC99-5439A3F6EDF5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8F1DB3E0-F2A7-42ED-91C7-FB0C90AC0852}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{711CA439-540E-400F-96B4-03755DDF5D83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{ACBD9CE9-88F2-4D23-8571-2E3C7E52DE4E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [UDP Query User{02717F8A-ABC2-4205-9C6C-6DD19E9FB7DF}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [TCP Query User{07B278D4-21FF-4CD2-A965-9B4438E8948A}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F79BB37B-92F4-474B-AD1B-CF9F1568C6B7}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{DF2CC86E-9A5F-4831-B378-C0A56490E11E}C:\program files (x86)\tams11\games\farkle\farkle.exe] => (Allow) C:\program files (x86)\tams11\games\farkle\farkle.exe (Tams11 Software) [File not signed]
FirewallRules: [UDP Query User{BEB80554-9B9D-4AB0-90E7-0640D3A57881}C:\program files (x86)\tams11\games\farkle\farkle.exe] => (Allow) C:\program files (x86)\tams11\games\farkle\farkle.exe (Tams11 Software) [File not signed]
FirewallRules: [TCP Query User{136FA891-6E6C-483B-8803-A3420AA28CD3}C:\program files (x86)\tams11\games\farkle\farkle.exe] => (Allow) C:\program files (x86)\tams11\games\farkle\farkle.exe (Tams11 Software) [File not signed]
FirewallRules: [UDP Query User{11852EA3-54FD-4B1C-96D7-470540C49779}C:\program files (x86)\tams11\games\farkle\farkle.exe] => (Allow) C:\program files (x86)\tams11\games\farkle\farkle.exe (Tams11 Software) [File not signed]
FirewallRules: [{D1E14E70-55FD-433A-BA10-0FDA73C5FA47}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{702D7745-DB5D-4710-8D92-015A472B9C96}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CB1CDFB6-8E46-4267-A529-C2D1099F4180}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0CDC5D99-44C4-49B6-8130-528ED1F07E26}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{83F18E26-E83F-4F9C-A56D-8B5D7A93C367}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD161ADE-0A7C-44D3-8915-BB5980B4305B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6A9097C-7008-48A2-AD29-13120F59BAAF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F39D004-385E-48B2-9AC7-02CFC9CB9DF9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5E466D7-9CCD-4E00-B99F-B4B6D6F4D8D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6C701C59-B17B-486B-9D50-93844C0B482F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FD5590CC-017D-44AE-86A9-00E3FE28FB6D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C66BD5C9-1AB8-46C3-BC95-4795126CAECB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{071AC728-7D57-4B67-BAD1-F2BF4D1009DC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{75E91A46-1BBE-4E2D-A34A-3E22273BBB32}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{B4F8DCE1-4FF7-4C1F-BC65-B49B02A489B3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C3F65FC8-FCC0-4EDC-841B-E344B116F68B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{F92EFA33-3CBA-4D48-A37F-EAA5C3B85EAC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5BDC7800-C619-4DAF-9158-04EC99DFB02E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{1FA56378-6A82-4A35-99DE-8725DADA7EE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B5A22037-BC5A-4720-A169-8A51A0B6DD94}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{B628FD1B-686E-4D16-9BD7-3D9B41C5AF98}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe (Mercer Road Corp -> Vivox Inc.)
FirewallRules: [UDP Query User{FAB3A586-55FD-47A4-B4D2-14B68F8DBD70}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe (Mercer Road Corp -> Vivox Inc.)
FirewallRules: [TCP Query User{3C2FA513-AA5A-4427-AEAD-A957A609EA28}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{EE6ADDC5-C232-4D80-A82B-0308C9010AD3}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CC01A756-2EF1-4FA6-8107-F93433E465E4}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [UDP Query User{F9F90827-647B-4FB0-BDFE-3FE832F4190F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{3EE8CE53-9D76-483C-B3D4-8BD49EF39B7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2BC42FBB-D2D1-472E-A402-80DF6FF7CE8D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A3DAD136-5C10-40B2-82E9-9EABF0FDD43B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D515E2DC-CBE9-4AC9-AE7E-6A2C09A3F619}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23209AEE-0F20-4E7C-BB6C-F146D767C1B4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/13/2021 10:39:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15985
 
Error: (11/13/2021 10:39:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15985
 
Error: (11/13/2021 10:39:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/13/2021 10:39:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7907
 
Error: (11/13/2021 10:39:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7907
 
Error: (11/13/2021 10:39:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/13/2021 10:16:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2644
 
Start Time: 01d7d909bc1bb244
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 9284a4b5-4501-11ec-834d-3863bb8eae0e
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (11/13/2021 09:46:54 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (11/13/2021 11:01:28 PM) (Source: DCOM) (EventID: 10010) (User: MRSJOHNSON)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (11/13/2021 10:59:28 PM) (Source: DCOM) (EventID: 10010) (User: MRSJOHNSON)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.
 
Error: (11/12/2021 09:47:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AdobeARMservice service.
 
Error: (11/12/2021 09:42:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/12/2021 09:42:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect.
 
Error: (11/12/2021 09:41:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/12/2021 09:41:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect.
 
Error: (11/11/2021 12:52:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
 
Windows Defender:
================
Date: 2021-11-07 07:45:24.149
Description: 
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-11-07 06:57:34.879
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Annette\Desktop\FRST-OlderVersion\FRST64.exe;file:_C:\Users\Annette\Desktop\New folder\FRST64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\sdiagnhost.exe
Signature Version: AV: 1.325.1359.0, AS: 1.325.1359.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.17500.4, NIS: 2.1.14600.4
 
Date: 2021-11-07 06:50:39.859
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Annette\Desktop\FRST-OlderVersion\FRST64.exe;file:_C:\Users\Annette\Desktop\New folder\FRST64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\sdiagnhost.exe
Signature Version: AV: 1.325.1359.0, AS: 1.325.1359.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.17500.4, NIS: 2.1.14600.4
 
Date: 2021-11-07 06:50:26.468
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Annette\Desktop\FRST-OlderVersion\FRST64.exe;file:_C:\Users\Annette\Desktop\New folder\FRST64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\sdiagnhost.exe
Signature Version: AV: 1.325.1359.0, AS: 1.325.1359.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.17500.4, NIS: 2.1.14600.4
 
Date: 2021-11-07 06:50:24.439
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Annette\Desktop\New folder\FRST64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\sdiagnhost.exe
Signature Version: AV: 1.325.1359.0, AS: 1.325.1359.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.17500.4, NIS: 2.1.14600.4
Event[0]:
 
Date: 2021-11-12 09:40:22.626
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.353.596.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18700.4
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2021-11-12 09:40:22.625
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.353.596.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18700.4
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2021-11-11 13:30:16.052
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2021-11-11 13:16:45.079
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.353.596.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18700.4
Error code: 0x800705b4
Error description: This operation returned because the timeout period expired. 
 
Date: 2021-11-11 13:16:45.079
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.353.596.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18700.4
Error code: 0x800705b4
Error description: This operation returned because the timeout period expired. 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.33 08/04/2015
Motherboard: Hewlett-Packard 2330
Processor: AMD A6-5200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 69%
Total physical RAM: 3554.01 MB
Available physical RAM: 1098.92 MB
Total Virtual: 5986.01 MB
Available Virtual: 2645.45 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:677.63 GB) (Free:340.29 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.99 GB) (Free:1.96 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{f0d011a2-f7dc-43a9-8b7c-0875843c6a46}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.36 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A9A16C4F)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by Annette (administrator) on MRSJOHNSON (Hewlett-Packard HP 15 Notebook PC) (13-11-2021 22:41:45)
Running from C:\Users\Annette\Desktop
Loaded Profiles: Annette
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CenturyLink -> CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\ProgramData\Malwarebytes\MBAMService\ctlrupdate\mbupdatr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.14527.20234\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\msoia.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19496_none_fa14af899b481981\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-02-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [48904 2014-11-04] (CenturyLink -> CenturyLink Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [707624 2018-08-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [92688136 2020-05-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\Run: [B0CA40A7B020DFFA8668D20001A42ED77693A62A._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8
HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\MountPoints2: {e1d9e33d-70cc-11e4-825e-3863bb8eae0e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1409944621-189731363-133459071-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Annette\AppData\Local\Microsoft\Teams\Update.exe [2350752 2021-11-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Annette\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Annette\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\RunOnce: [Uninstall 20.201.1005.0009\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Annette\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64"
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\RunOnce: [Uninstall 20.201.1005.0009] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Annette\AppData\Local\Microsoft\OneDrive\20.201.1005.0009"
HKLM\...\Print\Monitors\HP AF11 Status Monitor: C:\Windows\system32\hpinkstsAF11LM.dll [329576 2012-04-02] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\Windows\system32\hpbprtmon.dll [404992 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-06] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-10-05] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-10-28] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-26] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-26] (Softex Inc..) [File not signed]
Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-08-03]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Annette\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook) [File not signed]
Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-01-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Jacquelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10A0396E-4397-432D-A61A-B29936C98279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-27] (Google Inc -> Google Inc.)
Task: {1FB5D956-4419-4C2D-8299-5482DC27B5D9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {203275BA-3EF9-4D06-961D-6E42BA0B4329} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1162160 2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {2FE82A44-7615-47C1-88DD-E0D568E5D0F2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (No File)
Task: {3165798A-F44B-4387-8B96-BD947DFDF94F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E898CDD-32F4-47D1-A2F4-BCF33E88AEBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {4000EE85-0EF1-46E5-9CEE-899C6DE264D1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108928 2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {422808BD-6F70-41BF-945D-E13AA06AE45A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1459056 2018-05-04] (HP Inc. -> HP Inc.)
Task: {4E7D6D7F-33AA-4053-8489-722E0FAC6999} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {55DCE214-7F3F-463F-BECE-5A67E73B6324} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1459056 2018-05-04] (HP Inc. -> HP Inc.)
Task: {5B7B1C4A-9A07-4CAC-869E-5279651131BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {67683D77-6FA8-421D-9D27-2916D4140124} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108928 2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {69D3BA23-D578-4DE2-AFDE-D9EF27762CEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-27] (Google Inc -> Google Inc.)
Task: {B2899F8C-8C39-47C3-82D8-3DD3813BCCD1} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336 2017-05-02] (Tweaking LLC -> Tweaking.com)
Task: {B73A7C7B-CF7F-4A7E-A613-BFBB8A73789D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {B95640C8-286C-4ADA-AF7B-A685867BC4F3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C45E956E-E070-4332-B57C-DF9D8B626B72} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {C4C18D46-C77E-4DD0-ADDD-49DDCA6AABF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {CD39A3B5-0980-4947-BD6C-3D87425A7FCE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {D04BBF70-03A8-413B-9CA3-5AC3314706E2} - System32\Tasks\G2MUpdateTask-S-1-5-21-1409944621-189731363-133459071-1005 => C:\Users\Annette\AppData\Local\GoToMeeting\19796\g2mupdate.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {D0F920D8-40AD-4B42-9F6C-ADA01607FCCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [217976 2018-11-08] (HP Inc. -> HP Inc.)
Task: {D2C9E4BF-9D5A-4305-A4E6-9192504C049E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6241704 2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB7BEDB6-1A21-49A3-9B60-F9A910CBDD94} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6241704 2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCEFA36E-E149-4C02-99DB-E3F29CC3066E} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-10-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {E6B7EE15-0DF8-473B-AA30-3C92EDE7356E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1459056 2018-05-04] (HP Inc. -> HP Inc.)
Task: {EC860F0E-1C8E-4761-BA2C-9ACF03169D98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [124280 2018-08-17] (HP Inc. -> HP Inc.)
Task: {EFE6E304-849C-4527-A6F6-903B564B9663} - System32\Tasks\G2MUploadTask-S-1-5-21-1409944621-189731363-133459071-1005 => C:\Users\Annette\AppData\Local\GoToMeeting\19796\g2mupload.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1409944621-189731363-133459071-1005.job => C:\Users\Annette\AppData\Local\GoToMeeting\19796\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1409944621-189731363-133459071-1005.job => C:\Users\Annette\AppData\Local\GoToMeeting\19796\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{2BE7FA48-E3A9-4398-8011-4CBB02E6ACC5}: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{8E02059E-EC13-441B-AFD6-CD70C258610A}: [DhcpNameServer] 192.168.0.1 205.171.3.25
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1409944621-189731363-133459071-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jacquelyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-1409944621-189731363-133459071-1005: @zoom.us/ZoomVideoPlugin -> C:\Users\Annette\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-11-05] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default [2019-04-04]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_cnewtab&type=default_v2
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Slides) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-29]
CHR Extension: (Docs) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-29]
CHR Extension: (Google Drive) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-29]
CHR Extension: (YouTube) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-29]
CHR Extension: (Honey) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-07-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-26]
CHR Extension: (Sheets) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-29]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2018-07-18]
CHR Extension: (HP Network Check Launcher) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-03-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-27]
CHR Profile: C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-11-13]
CHR Extension: (Slides) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-29]
CHR Extension: (Docs) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-29]
CHR Extension: (Google Drive) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-10]
CHR Extension: (DuckDuckGo) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-11-06]
CHR Extension: (YouTube) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-06]
CHR Extension: (Sheets) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-06]
CHR Extension: (ShopRunner) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ianmjeonbapghpedipabfmiffojmolma [2020-08-09]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-29]
CHR Extension: (HP Network Check Launcher) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2021-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-06]
CHR Extension: (Gmail) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-10]
CHR Profile: C:\Users\Annette\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-05] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-04-20] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (Kaspersky Lab -> AO Kaspersky Lab)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-13] (Malwarebytes Inc -> Malwarebytes)
S2 MBAMUpdatrService; C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\ctlrupdate\mbupdatr.exe [3975864 2021-11-13] (Malwarebytes Inc -> Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation -> Symantec Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18944 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-11-28] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (Hewlett-Packard Company -> HP Inc.)
R1 MpKslDrv; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E394554-44DB-4B5B-9653-E439FE0657B2}\MpKslDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-13 22:46 - 2021-11-13 22:46 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-11-13 22:41 - 2021-11-13 22:47 - 000031444 _____ C:\Users\Annette\Desktop\FRST.txt
2021-11-13 22:11 - 2021-11-13 22:11 - 002312192 _____ (Farbar) C:\Users\Annette\Desktop\FRST64.exe
2021-11-11 13:06 - 2021-11-11 13:06 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-11 13:06 - 2021-11-11 13:06 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-11 12:50 - 2021-11-11 12:58 - 000002352 _____ C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2021-11-07 07:22 - 2021-11-07 07:22 - 000002671 _____ C:\Users\Annette\Desktop\Google Drive.lnk
2021-11-07 06:59 - 2021-11-07 07:09 - 000000000 ____D C:\Users\Annette\AppData\Local\ElevatedDiagnostics
2021-11-06 13:01 - 2021-11-06 13:01 - 000002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2021-11-06 13:01 - 2021-11-06 13:01 - 000002151 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2021-11-06 13:00 - 2021-11-06 13:00 - 000000000 ____D C:\Program Files\Google
2021-11-06 12:07 - 2021-11-07 12:48 - 000000000 ____D C:\Users\Annette\Documents\LDA
2021-11-06 11:38 - 2021-11-06 11:38 - 000000000 ____D C:\Users\Annette\AppData\Roaming\Microsoft Teams
2021-10-29 15:34 - 2021-10-29 15:34 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-13 22:48 - 2014-11-19 17:47 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-13 22:46 - 2019-08-19 07:31 - 000000668 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1409944621-189731363-133459071-1005.job
2021-11-13 22:44 - 2019-04-02 18:50 - 000000000 ____D C:\FRST
2021-11-13 22:39 - 2014-09-09 20:21 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-11-13 21:46 - 2015-11-17 16:45 - 000003942 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{3464BE36-788D-4EB3-890E-849F1DD7BE9F}
2021-11-12 12:58 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf
2021-11-11 13:04 - 2015-09-14 15:50 - 000003594 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1409944621-189731363-133459071-1005
2021-11-11 12:58 - 2018-12-22 11:09 - 000003182 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1409944621-189731363-133459071-1005
2021-11-11 12:57 - 2014-04-22 11:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-11-11 12:57 - 2013-08-22 09:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-11 09:48 - 2015-01-14 16:12 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-11-11 09:45 - 2015-12-12 13:20 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-11-11 02:52 - 2019-08-19 07:31 - 000000572 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1409944621-189731363-133459071-1005.job
2021-11-11 02:52 - 2018-04-13 23:12 - 000003676 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-1409944621-189731363-133459071-1005
2021-11-11 02:52 - 2018-04-13 23:12 - 000003580 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-1409944621-189731363-133459071-1005
2021-11-11 02:52 - 2018-04-13 23:11 - 000000000 ____D C:\Users\Annette\AppData\Local\GoToMeeting
2021-11-07 07:22 - 2015-10-07 17:34 - 000000000 ____D C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-11-07 06:57 - 2019-09-01 10:51 - 000000000 ____D C:\Users\Annette\Desktop\New folder
2021-11-07 06:57 - 2019-08-11 03:47 - 000000000 ____D C:\Users\Annette\Desktop\FRST-OlderVersion
2021-11-06 15:39 - 2016-03-24 08:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-11-06 15:23 - 2014-11-23 18:05 - 000000000 ____D C:\Windows\system32\MRT
2021-11-06 15:03 - 2014-11-23 18:05 - 139806512 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-11-06 15:02 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\NDF
2021-11-06 14:59 - 2013-08-22 09:20 - 000000000 ____D C:\Windows\CbsTemp
2021-11-06 14:11 - 2013-08-22 07:25 - 000000298 _____ C:\Windows\win.ini
2021-11-06 13:27 - 2014-11-19 17:48 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-06 13:08 - 2015-09-14 15:43 - 000000000 ____D C:\Users\Annette\AppData\Local\Packages
2021-11-06 12:38 - 2015-09-14 15:49 - 000000000 ____D C:\Users\Annette\Documents\Youcam
2021-11-06 12:31 - 2014-11-19 17:47 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-11-06 12:31 - 2014-11-19 17:47 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-11-06 12:24 - 2018-08-10 21:13 - 000000000 ____D C:\Users\Annette\AppData\Local\CrashDumps
2021-11-06 11:51 - 2015-09-14 15:49 - 000000000 ___DO C:\Users\Annette\OneDrive
2021-11-06 11:49 - 2015-03-19 14:56 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-11-06 11:40 - 2017-03-08 19:56 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-11-06 11:38 - 2016-09-01 12:37 - 000000000 ____D C:\Users\Annette\AppData\Local\SquirrelTemp
2021-11-06 11:36 - 2020-10-13 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-11-06 11:29 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-29 15:34 - 2020-10-13 11:59 - 000001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-10-29 15:34 - 2019-08-07 20:52 - 000001931 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-10-29 15:28 - 2019-08-07 20:52 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-10-29 15:24 - 2019-04-07 21:41 - 000000000 ____D C:\Program Files\Malwarebytes
2021-10-29 15:24 - 2016-02-13 22:07 - 000000000 ____D C:\ProgramData\Malwarebytes
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2021-11-06 13:44
==================== End of FRST.txt ========================
 

#4 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 14 November 2021 - 10:08 AM

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

 
Quote

Start::
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
Task: {2FE82A44-7615-47C1-88DD-E0D568E5D0F2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (No File)
R1 MpKslDrv; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E394554-44DB-4B5B-9653-E439FE0657B2}\MpKslDrv.sys [X]
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

  • run the program
  • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
  • click on the ‘Scan’ tab, (directly below the Dashboard tab)
  • select the Threat Scan option
  • slick the Scan Now button
  • Threat Scan will begin
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================
 
Please post these 3 logs when finished.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#5 BJ2011

BJ2011

    Authentic Member

  • Authentic Member
  • PipPip
  • 151 posts

Posted 15 November 2021 - 08:25 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by Annette (14-11-2021 18:18:24) Run:10
Running from C:\Users\Annette\Desktop
Loaded Profiles: Jacquelyn & Annette
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
Task: {2FE82A44-7615-47C1-88DD-E0D568E5D0F2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (No File)
R1 MpKslDrv; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E394554-44DB-4B5B-9653-E439FE0657B2}\MpKslDrv.sys [X]
EmptyTemp:
C:\Windows\Temp\*.*
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDefender" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FE82A44-7615-47C1-88DD-E0D568E5D0F2} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FE82A44-7615-47C1-88DD-E0D568E5D0F2} => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat => removed successfully
MpKslDrv => Unable to stop service.
HKLM\System\CurrentControlSet\Services\MpKslDrv => not found
MpKslDrv => service removed successfully
 
=========== "C:\Windows\Temp\*.*" ==========
 
C:\Windows\Temp\.session => moved successfully
C:\Windows\Temp\.session64 => moved successfully
C:\Windows\Temp\AdobeARM.log => moved successfully
C:\Windows\Temp\AdobeARM_Helper.log => moved successfully
C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db => moved successfully
C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db.ses => moved successfully
C:\Windows\Temp\aria-debug-10092.log => moved successfully
C:\Windows\Temp\aria-debug-1032.log => moved successfully
C:\Windows\Temp\aria-debug-1068.log => moved successfully
C:\Windows\Temp\aria-debug-10820.log => moved successfully
C:\Windows\Temp\aria-debug-1160.log => moved successfully
C:\Windows\Temp\aria-debug-1340.log => moved successfully
C:\Windows\Temp\aria-debug-1352.log => moved successfully
C:\Windows\Temp\aria-debug-1452.log => moved successfully
C:\Windows\Temp\aria-debug-1632.log => moved successfully
C:\Windows\Temp\aria-debug-1636.log => moved successfully
C:\Windows\Temp\aria-debug-1720.log => moved successfully
C:\Windows\Temp\aria-debug-1760.log => moved successfully
C:\Windows\Temp\aria-debug-1784.log => moved successfully
C:\Windows\Temp\aria-debug-1808.log => moved successfully
C:\Windows\Temp\aria-debug-1820.log => moved successfully
C:\Windows\Temp\aria-debug-1824.log => moved successfully
C:\Windows\Temp\aria-debug-1828.log => moved successfully
C:\Windows\Temp\aria-debug-1860.log => moved successfully
C:\Windows\Temp\aria-debug-1884.log => moved successfully
C:\Windows\Temp\aria-debug-1888.log => moved successfully
C:\Windows\Temp\aria-debug-1964.log => moved successfully
C:\Windows\Temp\aria-debug-2184.log => moved successfully
C:\Windows\Temp\aria-debug-2444.log => moved successfully
C:\Windows\Temp\aria-debug-2520.log => moved successfully
C:\Windows\Temp\aria-debug-2544.log => moved successfully
C:\Windows\Temp\aria-debug-2560.log => moved successfully
C:\Windows\Temp\aria-debug-2724.log => moved successfully
C:\Windows\Temp\aria-debug-3000.log => moved successfully
C:\Windows\Temp\aria-debug-3048.log => moved successfully
C:\Windows\Temp\aria-debug-3104.log => moved successfully
C:\Windows\Temp\aria-debug-3200.log => moved successfully
C:\Windows\Temp\aria-debug-3232.log => moved successfully
C:\Windows\Temp\aria-debug-3372.log => moved successfully
C:\Windows\Temp\aria-debug-3480.log => moved successfully
C:\Windows\Temp\aria-debug-3528.log => moved successfully
C:\Windows\Temp\aria-debug-3544.log => moved successfully
C:\Windows\Temp\aria-debug-3616.log => moved successfully
C:\Windows\Temp\aria-debug-3692.log => moved successfully
C:\Windows\Temp\aria-debug-3700.log => moved successfully
C:\Windows\Temp\aria-debug-3784.log => moved successfully
C:\Windows\Temp\aria-debug-3900.log => moved successfully
C:\Windows\Temp\aria-debug-4020.log => moved successfully
C:\Windows\Temp\aria-debug-4088.log => moved successfully
C:\Windows\Temp\aria-debug-4120.log => moved successfully
C:\Windows\Temp\aria-debug-4164.log => moved successfully
C:\Windows\Temp\aria-debug-4204.log => moved successfully
C:\Windows\Temp\aria-debug-4228.log => moved successfully
C:\Windows\Temp\aria-debug-4232.log => moved successfully
C:\Windows\Temp\aria-debug-4240.log => moved successfully
C:\Windows\Temp\aria-debug-4340.log => moved successfully
C:\Windows\Temp\aria-debug-4392.log => moved successfully
C:\Windows\Temp\aria-debug-4412.log => moved successfully
C:\Windows\Temp\aria-debug-4420.log => moved successfully
C:\Windows\Temp\aria-debug-4536.log => moved successfully
C:\Windows\Temp\aria-debug-4560.log => moved successfully
C:\Windows\Temp\aria-debug-4660.log => moved successfully
C:\Windows\Temp\aria-debug-4720.log => moved successfully
C:\Windows\Temp\aria-debug-4776.log => moved successfully
C:\Windows\Temp\aria-debug-4816.log => moved successfully
C:\Windows\Temp\aria-debug-4828.log => moved successfully
C:\Windows\Temp\aria-debug-4996.log => moved successfully
C:\Windows\Temp\aria-debug-5076.log => moved successfully
C:\Windows\Temp\aria-debug-5140.log => moved successfully
C:\Windows\Temp\aria-debug-5220.log => moved successfully
C:\Windows\Temp\aria-debug-5340.log => moved successfully
C:\Windows\Temp\aria-debug-5364.log => moved successfully
C:\Windows\Temp\aria-debug-5376.log => moved successfully
C:\Windows\Temp\aria-debug-5396.log => moved successfully
C:\Windows\Temp\aria-debug-5420.log => moved successfully
C:\Windows\Temp\aria-debug-5464.log => moved successfully
C:\Windows\Temp\aria-debug-5532.log => moved successfully
C:\Windows\Temp\aria-debug-5540.log => moved successfully
C:\Windows\Temp\aria-debug-5572.log => moved successfully
C:\Windows\Temp\aria-debug-5620.log => moved successfully
C:\Windows\Temp\aria-debug-5648.log => moved successfully
C:\Windows\Temp\aria-debug-5652.log => moved successfully
C:\Windows\Temp\aria-debug-5892.log => moved successfully
C:\Windows\Temp\aria-debug-5896.log => moved successfully
C:\Windows\Temp\aria-debug-5900.log => moved successfully
C:\Windows\Temp\aria-debug-5916.log => moved successfully
C:\Windows\Temp\aria-debug-5932.log => moved successfully
C:\Windows\Temp\aria-debug-5936.log => moved successfully
C:\Windows\Temp\aria-debug-5972.log => moved successfully
C:\Windows\Temp\aria-debug-6008.log => moved successfully
C:\Windows\Temp\aria-debug-6060.log => moved successfully
C:\Windows\Temp\aria-debug-6092.log => moved successfully
C:\Windows\Temp\aria-debug-6132.log => moved successfully
C:\Windows\Temp\aria-debug-6216.log => moved successfully
C:\Windows\Temp\aria-debug-6228.log => moved successfully
C:\Windows\Temp\aria-debug-6264.log => moved successfully
C:\Windows\Temp\aria-debug-6280.log => moved successfully
C:\Windows\Temp\aria-debug-6284.log => moved successfully
C:\Windows\Temp\aria-debug-6348.log => moved successfully
C:\Windows\Temp\aria-debug-6352.log => moved successfully
C:\Windows\Temp\aria-debug-6456.log => moved successfully
C:\Windows\Temp\aria-debug-6556.log => moved successfully
C:\Windows\Temp\aria-debug-6664.log => moved successfully
C:\Windows\Temp\aria-debug-6684.log => moved successfully
C:\Windows\Temp\aria-debug-6708.log => moved successfully
C:\Windows\Temp\aria-debug-6724.log => moved successfully
C:\Windows\Temp\aria-debug-6784.log => moved successfully
C:\Windows\Temp\aria-debug-6832.log => moved successfully
C:\Windows\Temp\aria-debug-6844.log => moved successfully
C:\Windows\Temp\aria-debug-6908.log => moved successfully
C:\Windows\Temp\aria-debug-6932.log => moved successfully
C:\Windows\Temp\aria-debug-6976.log => moved successfully
C:\Windows\Temp\aria-debug-7032.log => moved successfully
C:\Windows\Temp\aria-debug-7040.log => moved successfully
C:\Windows\Temp\aria-debug-7044.log => moved successfully
C:\Windows\Temp\aria-debug-7064.log => moved successfully
C:\Windows\Temp\aria-debug-7104.log => moved successfully
C:\Windows\Temp\aria-debug-7128.log => moved successfully
C:\Windows\Temp\aria-debug-7148.log => moved successfully
C:\Windows\Temp\aria-debug-7156.log => moved successfully
C:\Windows\Temp\aria-debug-7200.log => moved successfully
C:\Windows\Temp\aria-debug-7216.log => moved successfully
C:\Windows\Temp\aria-debug-7324.log => moved successfully
C:\Windows\Temp\aria-debug-7368.log => moved successfully
C:\Windows\Temp\aria-debug-7408.log => moved successfully
C:\Windows\Temp\aria-debug-7524.log => moved successfully
C:\Windows\Temp\aria-debug-7536.log => moved successfully
C:\Windows\Temp\aria-debug-7636.log => moved successfully
C:\Windows\Temp\aria-debug-7720.log => moved successfully
C:\Windows\Temp\aria-debug-7724.log => moved successfully
C:\Windows\Temp\aria-debug-7760.log => moved successfully
C:\Windows\Temp\aria-debug-7800.log => moved successfully
C:\Windows\Temp\aria-debug-7856.log => moved successfully
C:\Windows\Temp\aria-debug-7932.log => moved successfully
C:\Windows\Temp\aria-debug-7976.log => moved successfully
C:\Windows\Temp\aria-debug-7996.log => moved successfully
C:\Windows\Temp\aria-debug-8016.log => moved successfully
C:\Windows\Temp\aria-debug-8028.log => moved successfully
C:\Windows\Temp\aria-debug-8036.log => moved successfully
C:\Windows\Temp\aria-debug-8056.log => moved successfully
C:\Windows\Temp\aria-debug-8064.log => moved successfully
C:\Windows\Temp\aria-debug-8164.log => moved successfully
C:\Windows\Temp\aria-debug-8184.log => moved successfully
C:\Windows\Temp\aria-debug-8188.log => moved successfully
C:\Windows\Temp\aria-debug-8296.log => moved successfully
C:\Windows\Temp\aria-debug-8308.log => moved successfully
C:\Windows\Temp\aria-debug-8332.log => moved successfully
C:\Windows\Temp\aria-debug-8500.log => moved successfully
C:\Windows\Temp\aria-debug-8596.log => moved successfully
C:\Windows\Temp\aria-debug-8604.log => moved successfully
C:\Windows\Temp\aria-debug-8724.log => moved successfully
C:\Windows\Temp\aria-debug-8756.log => moved successfully
C:\Windows\Temp\aria-debug-8768.log => moved successfully
C:\Windows\Temp\aria-debug-8824.log => moved successfully
C:\Windows\Temp\aria-debug-8940.log => moved successfully
C:\Windows\Temp\aria-debug-9160.log => moved successfully
C:\Windows\Temp\aria-debug-9188.log => moved successfully
C:\Windows\Temp\aria-debug-9228.log => moved successfully
C:\Windows\Temp\aria-debug-9272.log => moved successfully
C:\Windows\Temp\aria-debug-9360.log => moved successfully
C:\Windows\Temp\aria-debug-9444.log => moved successfully
C:\Windows\Temp\aria-debug-9536.log => moved successfully
C:\Windows\Temp\aria-debug-9540.log => moved successfully
C:\Windows\Temp\aria-debug-9548.log => moved successfully
C:\Windows\Temp\aria-debug-9596.log => moved successfully
C:\Windows\Temp\aria-debug-9652.log => moved successfully
C:\Windows\Temp\aria-debug-9680.log => moved successfully
C:\Windows\Temp\aria-debug-9784.log => moved successfully
C:\Windows\Temp\aria-debug-9892.log => moved successfully
C:\Windows\Temp\aria-debug-9932.log => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\fwtsqmfile00.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile01.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile02.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile03.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile04.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile05.sqm => moved successfully
C:\Windows\Temp\mbamiservice.log => moved successfully
C:\Windows\Temp\mb_errors5796.log => moved successfully
C:\Windows\Temp\MicrosoftEdgeUpdate.exe41ed9bf => moved successfully
C:\Windows\Temp\MicrosoftEdgeWebview2Setup.exe.bak => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190903-1921.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190903-1926.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190904-1629.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190904-1629a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190904-1638.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190904-2112.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190904-2140.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190904-2222.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190904-2224.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-1837.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-1837a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-1918.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2004.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2026.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2049.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2212.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2227.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2316.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2322.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2344.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2350.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190905-2354.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-0006.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-0011.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-0016.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1004.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1144.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1148.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1153.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1201.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1246.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1346.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1417.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1729.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-1909.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-2110.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-2127.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-2130.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-2133.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190906-2323.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-0656.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-0706.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-0709.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1056.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1103.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1444.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1447.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1503.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1848.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1859.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1904.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1914.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1931.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1936.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1947.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-1953.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-2026.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-2036.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-2104.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-2148.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190907-2222.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-0657.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-0709.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-0709a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-0812.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-0925.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-0936.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-0948.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1017.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1104.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1112.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1117.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1122.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1146.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1150.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1156.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1203.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1235.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1429.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1700.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1749.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-1805.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190908-2007.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190915-1350.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190915-1414.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190915-1414a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190915-1523.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190916-0819.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190920-1557.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190921-0713.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190924-0107.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20190924-0108.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191016-2030.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191016-2032.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191016-2044.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191016-2045.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191016-2047.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191016-2052.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191016-2052a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191018-0852.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191018-0902.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191018-0904.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191018-2143.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1031.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1032.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1042.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1314.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1348.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1353.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1458.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1503.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1552.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1605.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1644.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1657.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1843.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1858.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1946.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1955.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-1958.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-2109.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191019-2357.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-0027.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1128.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1128a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1209.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1258.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1313.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1341.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1352.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1403.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1436.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1441.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1659.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1705.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1710.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1715.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1723.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1733.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1742.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1753.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1808.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1851.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1856.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-1901.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191020-2306.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191022-1704.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191022-1704a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20191022-1710.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200810-0956.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200823-1259.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200826-2035.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200827-1412.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200830-0850.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200831-1403.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200901-1017.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200901-1017a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200901-2322.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200901-2359.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200902-0000.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200902-2200.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200905-0836.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200907-0904.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200907-2134.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200910-1431.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200913-1813.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200914-1004.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200915-1231.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200915-1231a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200921-0931.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200921-0931a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20200921-1026.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201011-1425.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201011-1425a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201013-1249.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201013-1250.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201013-1934.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201013-1936.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201013-1939.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201021-2129.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201024-1430.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201024-1431.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201024-1431a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201024-1510.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201024-1511.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201024-1512.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201114-1549.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201114-1558.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201114-1559.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201219-1659.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201219-1701.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201219-1701a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201219-1701b.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201219-1702.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201219-1703.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20201219-1704.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20210110-2006.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20210110-2006a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20210110-2007.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20210305-1650.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20210305-1650a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20210305-1651.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211029-1931.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211029-1935.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211029-1936.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211029-2000.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211029-2000a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211029-2002.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211102-1619.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211102-1620.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1229.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1230.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1233.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1237.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1239.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1322.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1322a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1326.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1332.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1450.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1858.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-1911.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-2333.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211106-2346.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211107-0642.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211107-0658.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211107-0658a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211107-1241.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211107-1242.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211109-1634.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211109-1635.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211109-1635a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211109-1636.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211111-0306.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211111-1245.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211111-1245a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211111-1245b.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211111-1250.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211111-1253.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211112-0950.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211112-0950a.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211113-2213.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211113-2220.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211113-2222.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211113-2302.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211114-0824.log => moved successfully
C:\Windows\Temp\MRSJOHNSON-20211114-0824a.log => moved successfully
Could not move "C:\Windows\Temp\MRSJOHNSON-20211114-1818.log" => Scheduled to move on reboot.
C:\Windows\Temp\msedgeupdate.dll41ed9cf => moved successfully
C:\Windows\Temp\msedgeupdateres_en.dll41ed9fe => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20190903192108724).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20190906134629710).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201910162044421A44).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191022171020720).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2020090123223171C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202009211026181150).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202110291931291E04).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20211109163404270C).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(2021111418183821B0).log" => Scheduled to move on reboot.
C:\Windows\Temp\{BBCEDC62-49A0-4043-82C6-74A26CA6A396} - OProcSessId.dat => moved successfully
 
========= End -> "C:\Windows\Temp\*.*" ========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25354627 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 105069131 B
Edge => 0 B
Chrome => 994249845 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 128 B
NetworkService => 18774646 B
Jacquelyn => 18774646 B
Annette => 563348683 B
 
RecycleBin => 102693174 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-11-2021 08:07:44)
 
C:\Windows\Temp\MRSJOHNSON-20211114-1818.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2021111418183821B0).log => Is moved successfully
 
==== End of Fixlog 08:07:44 ====

#6 BJ2011

BJ2011

    Authentic Member

  • Authentic Member
  • PipPip
  • 151 posts

Posted 15 November 2021 - 09:11 AM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/15/21
Scan Time: 8:32 AM
Log File: d037a198-4620-11ec-8a3d-00ff4f781b5c.json
 
-Software Information-
Version: 4.4.10.144
Components Version: 1.0.1499
Update Package Version: 1.0.47194
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: mrsjohnson\Annette
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 296082
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 24 min, 2 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 2
PUP.Optional.DownloadAssistant, C:\USERS\JACQUELYN\ONEDRIVE\DOCUMENTS\UTORRENT_SETUP (1).ZIP, Quarantined, 10178, 104822, 1.0.47194, , ame, , 41575D4FF650BBDF45297734693FB92F, 4C0D12D3FBF7D82C92B92AC0945F6132C2B5C99B515536C16CBE493699033F96
PUP.Optional.DownloadAssistant, C:\USERS\JACQUELYN\ONEDRIVE\DOCUMENTS\UTORRENT_SETUP.ZIP, Quarantined, 10178, 104822, 1.0.47194, , ame, , D2748EAB84ED6195D61F7CC4227A7EC0, 2FC1C56B8549FEC1DA6159E0DB5DFC99EF2C07A3A70AB1323A0F121A94B87C80
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

#7 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 15 November 2021 - 11:36 AM

Were you able to run AdwCleaner ?


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#8 BJ2011

BJ2011

    Authentic Member

  • Authentic Member
  • PipPip
  • 151 posts

Posted 17 November 2021 - 09:17 PM

My apologies. I forgot to run that one. However, my laptop and iPad will is only getting limited access to my home internet. Xfinity was no help. Im communicating with you in my cellular phone. I will take my laptop to work tomorrow to complete it.

#9 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 17 November 2021 - 09:58 PM

That's unfortunate.  It sounds like things are worse instead of better.

 

Here's hoping Adwcleaner turns up something.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#10 BJ2011

BJ2011

    Authentic Member

  • Authentic Member
  • PipPip
  • 151 posts

Posted 18 November 2021 - 09:47 PM

Hi Tomk,

 

I have attached a Word doc with screenshots of the Scan Results from the AdwCleaner.  Basically, there were 38 Preinstalled Software elements listed. I am being prompted to put the items in Quarantine but none of them had a check in the boxes.


Edited by BJ2011, 18 November 2021 - 09:50 PM.

    Advertisements

Register to Remove

#11 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 18 November 2021 - 10:31 PM

Sorry, I don't see any attachment.

 

You should be able to just highlight the report and paste it in your reply.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#12 BJ2011

BJ2011

    Authentic Member

  • Authentic Member
  • PipPip
  • 151 posts

Posted 19 November 2021 - 06:23 AM

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-05.4 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-07-2019
# Duration: 00:00:09
# OS:       Windows 8.1
# Cleaned:  9
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\ProgramData\UAB
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\ActiveOptimization
Deleted       HKLM\Software\Wow6432Node\ActiveOptimization
Deleted       HKU\.DEFAULT\Software\ActiveOptimization
Deleted       HKU\S-1-5-18\Software\ActiveOptimization
Deleted       HKU\S-1-5-19\Software\ActiveOptimization
Deleted       HKU\S-1-5-20\Software\ActiveOptimization
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       AVG Web TuneUp
Deleted       Search Encrypt
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1729 octets] - [07/04/2019 00:33:09]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#13 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 November 2021 - 09:42 AM

I'm confused.

 

That is a 3 year old version of the program.  Perhaps that is reasonable when the log says it was ran 3 years ago.

 

Did you just run a AdwCleaner yesterday?


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#14 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 November 2021 - 09:52 AM

I guess it was only two years ago... but still, not yesterday.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#15 BJ2011

BJ2011

    Authentic Member

  • Authentic Member
  • PipPip
  • 151 posts

Posted 20 November 2021 - 12:18 PM

Yes, I ran this yesterday but I think it was from the old version.


Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·